This is Tgo01/Dreaven.

I was logged off from the PC earlier and when I tried to log back in it kept telling me my password was incorrect. I know I was typing it correctly and tried another 3 or 4 times just to be sure. I then tried logging in from my phone and I was having the same problem.

Thinking it just might be a temporary bug or something and maybe everyone was having the same problem I didn't think much about it. However I noticed some people were still posting so apparently it wasn't effecting everyone. Then I noticed my avatar (the dog reading a newspaper) was no longer showing up, then I noticed other people's avatars were no longer showing up either (Tisket, ParkBandit, Fortybox, just to name a few, not to mention their sigs are gone as well.) Yet other people's avatars and sigs are still showing up.

So. Yeah. Hi. What the fuck is happening?

A few minutes ago I noticed Tgo01 was logged on so I can only imagine someone has hacked into some people's PC accounts.

Everyone might want to change their password.

WTF.

How do we know this isn't some phising attempt and that you aren't some impostor?

Isn't there a password reset link?

My account, Chalion is also doing the same thing. Password reset says there is no account with the email address I used.
changing the throw away password I use for stuff now.

I don't believe there is an e-mail server attached to PC anymore. That's why there's no e-mail for initial authentication, and password resets haven't been available for a while. As moderator, I cannot adjust anything account/password related. I will reach out to Kranar.

Dear beepboop,

Thanks for registering at The Gemstone IV Players' Corner! We are glad you have chosen to be a part of our community and we hope you enjoy your stay.

All the best,
The Gemstone IV Players' Corner


got this when I signed up.
Password reset told me that the email address I used is no long associated with an account. Something else is going on.

I don't believe there is an e-mail server attached to PC anymore. That's why there's no e-mail for initial authentication, and password resets haven't been available for a while. As moderator, I cannot adjust anything account/password related. I will reach out to Kranar.

You can track IP's though, strongly suggest you verify/match the two above posters to the usual IPs tgo and chalion post from before you do anything.

It's them. And, even so, their story wouldn't surprise me. I know many things unseen.

I haven't had any issues. Good luck getting this straightened out, guys.

You get a Shadowban, and YOU get a Shadowban!

Wrathbringer here. My account is also affected. Someone hit all the conservatives I guess?

My account (Jhynnifer) was hit as well.

Looks like it was a hit on the active merchants that do big sales.

Jokes on them, I converted all my silvers into muffins.

You get a Shadowban, and YOU get a Shadowban!
Verified none of them are banned.

Verified none of them are banned.

Requesting a "NO" cat meme on the new thread hello just started.

Big merchants? Nope, I am unaffected.

All jokes aside fellas, you people that got hacked should probably see if your Gemstone accounts are safe (nothings missing).

I am shamed into being revealed as having a "weak" password!

I am shamed into being revealed as having a "weak" password!

What was your password? (since obviously it's meaningless now)

What was your password? (since obviously it's meaningless now)

Password. But with a capital P, for extra security.

I am shamed into being revealed as having a "weak" password!

I have several accounts, all with the same password. Only my main account was affected.

I have several accounts, all with the same password. Only my main account was affected.

Probably because the person doing it only knew your main account.

Probably because the person doing it only knew your main account.

You think this is personal?

Most likely the person uses these boards.. Whirlin should know who it is by cross checking the IPs unless the person used a proxy. Hmm...

So... you REALLY over estimate my access... I can really only see IP address information associated with posting, not all activity.

This reconciliation was performed RECENTLY... AFTER I made the announcements, so there are a variety of FALSE POSITIVES.

The following users have had their passwords changed in the last 12ish hours

Parkbandit
Back
Ardwen
Tisket
Raelee

yesicj
thefarmer
Gelston
BriarFox
Wrathbringer

User Name
Whirlin
~Rocktar~
Geijon Khyree
Gompers

Fortybox
Tgo01
Jhynnifer
dott
Zaigh

Thondalar
cwolff
Viekn
chalion
Wyrom

ktig
FartFire

My password was/is PodestaDidNothingWrong

So... you REALLY over estimate my access... I can really only see IP address information associated with posting, not all activity.

This reconciliation was performed RECENTLY... AFTER I made the announcements, so there are a variety of FALSE POSITIVES.

The following users have had their passwords changed in the last 12ish hours

Parkbandit
Back
Ardwen
Tisket
Raelee

yesicj
thefarmer
Gelston
BriarFox
Wrathbringer

User Name
Whirlin
~Rocktar~
Geijon Khyree
Gompers

Fortybox
Tgo01
Jhynnifer
dott
Zaigh

Thondalar
cwolff
Viekn
chalion
Wyrom

ktig
FartFire

Wow, that's a long list of suspects...

Check out that Wyrom guy, I don't think anyone really knows him..sketchy.

Wow, that's a long list of suspects...

Check out that Wyrom guy, I don't think anyone really knows him..sketchy.

I reached out to him far in advance of posting here. Don't worry, he is safe.

For what it's worth... I'm still me. When I saw this thread, I just changed my own to something stronger than it was previously as a precaution.

For what it's worth... I'm still me. When I saw this thread, I just changed my own to something stronger than it was previously as a precaution.

Same here.

https://media2.giphy.com/media/gA23H966WOuhq/giphy.gif

Yes, Whirlin reached out to me about it.

Yes, Whirlin reached out to me about it.

DOOO IT WYROM #EG2017

https://68.media.tumblr.com/4b9198fed23a748c67587e4c3942dd8d/tumblr_nr00xd61EM1sm3vxwo1_500.gif

Yes, Whirlin reached out to me about it.

That's just what imposter Wyrom would say...

That's just what imposter Wyrom would say...

http://vignette1.wikia.nocookie.net/epicrapbattlesofhistory/images/c/c2/Peanut-butter-jelly-time.gif/revision/latest?cb=20141129150614

Russians...........

Strong passwords that are only used on one site = win. (Made easy when using a password manager like KeePass or LastPass or 1Password, etc!)

Someone's got too much time on their hands.

LOL, got Little Miss Tisket as well.

Maybe it's connected to that mal/ransomware attack from Ukraine.

Apparently someone here is a thin-skinned cunt.

Maybe it's connected to that mal/ransomware attack from Ukraine.

I'm thinking that as well. More likely than not, no human actually accessed those hacked accounts but a bot thinking it was important then asking for bitcoins in exchange for the password to unlock the account. lol, in a round-a-bout way it may have inadvertently cleaned up the PC.

I bet it's Candor again.

Where has time4fun been anyhow muahahahahah?


Kidding of course no idea who is doing it.

Where has time4fun been anyhow muahahahahah?

Who cares? It's been nice not having her idiocy posted daily.

The actions taken don't seem like someone trying to actively scam anyone. They gave themselves away for no real reason other than what appears to be account destruction. If someone wanted credit cards They would try to be sneaky about it, same with theft off of characters if passwords were tied in.

my theory goes with my original gif. Erase the rep and everybody goes back to zero. It would be total chaos.

Changed my password when I saw the announcement post.

@Whirlin, should we assume that the encrypted L/P stuff has been grabbed? And is it possible that it's linkable to our associated email address via whatever the hackers might have downloaded?

If so, let us know in case any of us have used that same password with other stuff (or god forbid our email account).

Thanks!

mark

Who cares? It's been nice not having her idiocy posted daily.

Uh oh Wrathbroughter lost his itty bitty name awwwww..

https://media.giphy.com/media/Hw4gDQ984w1eo/giphy.gif

So I think it's time that Whirlin was given Super Admin status so that we don't have to wait around for Kranar to fix shit.

So I think it's time that Whirlin was given Super Admin status so that we don't have to wait around for Kranar to fix shit.

+1

I think hello/macguyver feels sad that he was left out...again. Always being on the fringe of things must suck.

The password thing happens occasionally. It won't accept your password, even when correct. I don't think it's necessarily someone hacking, but I never knew how it was corrected.

For what it's worth... I'm still me. When I saw this thread, I just changed my own to something stronger than it was previously as a precaution.

Same here. My password was weak as fuck.

The password thing happens occasionally. It won't accept your password, even when correct. I don't think it's necessarily someone hacking, but I never knew how it was corrected.

Yeah, but the disappearing avatars?

I think hello/macguyver feels sad that he was left out...again. Always being on the fringe of things must suck.

Fuck you cunt!

https://68.media.tumblr.com/58874f660466b9800e61a8de8427a6a8/tumblr_oorstay7Dr1uwkpr8o1_500.gif

The password thing happens occasionally. It won't accept your password, even when correct. I don't think it's necessarily someone hacking, but I never knew how it was corrected.

Yeah, it seems to me that, if it was someone here, they would have done something more destructive.

Yeah, but the disappearing avatars?

Oh fuck, avatars are gone!?

Oh wait, I have mine saved on my computer. Whew.

I am launching an investigation into this matter.

I keep waiting for all my albums to disappear.

Then I will know it's personal.

I changed my password when I posted originally in the thread. Odds are that as soon as people read it they updated passwords. Unless they are idiots.

Yeah, but the disappearing avatars?
Probably a forum settings thing. Maybe stuff got reset. I dunno. I just know I have thus login difficulty once or twice every year.

I changed my password when I posted originally in the thread. Odds are that as soon as people read it they updated passwords. Unless they are idiots.

I'm kinda afraid to update my passwords, I'll wait until DungeonMaster Whirlin gives the OK.

I'm kinda afraid to update my passwords, I'll wait until DungeonMaster Whirlin gives the OK.

Whirlin can't do anything about any of this.

Probably a forum settings thing. Maybe stuff got reset. I dunno. I just know I have thus login difficulty once or twice every year.

It's not a login issue obviously, since the people who got hacked don't have sigs or avatars anymore.

This sort of hack goes deeper than having or not having super admin rights. Somebody needs to look at the environment this forum is operating in, and ensure that the forum software is kept up to date.

Whirlin mentioned the attacker may have utilized a vulnerability related to the PHP version itself, which is an indication to me that it's probably 10+ years old, and that the OS itself could also be outdated.

Does any of this really matter though, if we're using a strong password and not sharing anything sensitive through the forum at all?

This sort of hack goes deeper than having or not having super admin rights. Somebody needs to look at the environment this forum is operating in, and ensure that the forum software is kept up to date.

Whirlin mentioned the attacker may have utilized a vulnerability related to the PHP version itself, which is an indication to me that it's probably 10+ years old, and that the OS itself could also be outdated.

Does any of this really matter though, if we're using a strong password and not sharing anything sensitive through the forum at all?

In your pussy, cash, weaponry avatar, we are interested in that weapon. Is it legal?

Does any of this really matter though, if we're using a strong password and not sharing anything sensitive through the forum at all?

It's vBulletin moreso than PHP, from what I've heard. It's fairly technical, I couldn't execute the exploits myself, but am able to follow how and what was done.

I'll provide a little more... it was possible to lift the Hash and the Salt from the user password tables. Without the encryption key, it's a sizable brute force effort to determine an individual PW from that. Mine was able to be brute forced using a dictionary table after about 45 minutes. It would be possible to corrupt the hash to simply destroy a user's ability to login.

I've been exchanging messages with Kranar regarding the issue, so, we're on top of this.

And, I cannot change people's passwords as a moderator, for all of those asking.

It's vBulletin moreso than PHP, from what I've heard. It's fairly technical, I couldn't execute the exploits myself, but am able to follow how and what was done.

I'll provide a little more... it was possible to lift the Hash and the Salt from the user password tables. Without the encryption key, it's a sizable brute force effort to determine an individual PW from that. Mine was able to be brute forced using a dictionary table after about 45 minutes. It would be possible to corrupt the hash to simply destroy a user's ability to login.

I've been exchanging messages with Kranar regarding the issue, so, we're on top of this.

And, I cannot change people's passwords as a moderator, for all of those asking.

Tell Kranar to give you super admin powers while he is at it.

If anyone uses the same password on play.net as they do here...change that...like now...

I don't think this world can handle two Tiskets.

Which is strange because it rhymes with brisket.

https://vignette2.wikia.nocookie.net/bigbangtheory/images/6/6a/Howardwolowitz.jpg/revision/latest/top-crop/width/240/height/240?cb=20100425200930

If anyone uses the same password on play.net as they do here...change that...like now...
Yes, good to be safe, but they'd still have to find out your account name. So while you're at it, never use the officials.

Yes, good to be safe, but they'd still have to find out your account name. So while you're at it, never use the officials.

Good advice no matter the circumstances.

I have like 200 accounts, I couldn't possibly go through all of them and reset my passwords for each...

A virus seems unlikely. Of all websites of mine they have access to why the PC of all places?

Also brute force sounds kind of hard to believe as well. This forum locks you out of attempting to enter passwords for 15 minutes after 5 tries. Unless this person has been at this for months or even years. I mean my password couldn't have been that weak, it certainly wasn't just a single word or something like that.

Also I find it strange how no Democrats have spoke up about their accounts being hacked yet...coincidence?! I think not!

I have like 200 accounts, I couldn't possibly go through all of them and reset my passwords for each...

That is the funniest thing you've ever said.

Same issue


Sent from my iPhone using Tapatalk Pro

It would be possible to corrupt the hash to simply destroy a user's ability to login.

So, if this was what happened, the person who is responsible never had our passwords at all?

What an impotent fuckwad he must be irl to enjoy this nonsense.

So, if this was what happened, the person who is responsible never had our passwords at all?

I saw Tgo01 logged on a few minutes after I started this thread so something weird is going on.

I saw Tgo01 logged on a few minutes after I started this thread so something weird is going on.

I doubt they are able to do shit other than what was done. If they could, they would have.

So, if this was what happened, the person who is responsible never had our passwords at all?

What an impotent fuckwad he must be irl to enjoy this nonsense.

It doesn't matter, Kranar can blanket fix everything if he so chooses.

And NO Whirlin should NOT get Super Mod powers, for both our protection and his. Whirlin needs to realize if any funny shit happens like this again people will immediately get suspicious of him because he has said powers, but Kranar really doesn't give a fuck about the game or the forums any more thus like an ambivalent God he's perfect for being an impartial forum Super Mod.

So yeah, hey you, you impotent fuck, do something on my main account, I dare you.

I doubt they are able to do shit other than what was done. If they could, they would have.

Also your account was logged in 1 minute after I started this thread.

I'm not sure how they got the passwords but it seems like the person logged into the accounts, changed the passwords, changed the emails, disabled avatars and sigs for some reason, and apparently left. Their damage wrought.

It doesn't matter, Kranar can blanket fix everything if he so chooses.

And NO Whirlin should NOT get Super Mod powers, for both our protection and his. Whirlin needs to realize if any funny shit happens like this again people will immediately get suspicious of him because he has said powers, but Kranar really doesn't give a fuck about the game or the forums any more thus like an ambivalent God he's perfect for being an impartial forum Super Mod.

Any time you are opposed to an idea, more people are swayed in favor of the idea.

Also your account was logged in 1 minute after I started this thread.

I'm not sure how they got the passwords but it seems like the person logged into the accounts, changed the passwords, changed the emails, disabled avatars and sigs for some reason, and apparently left. Their damage wrought.

If he's got control of my password, I want him to do something like delete an album of mine. I even give him permission to do so.

Just a head's up, if the dude is really really fucked up he can fuck with you guys through the PMs (if you got a bunch saved and/or never delete them). So, changing your Play.net account passwords is probably a good idea as well.

Why do you assume the hacker has a penis?

If he's got control of my password, I want him to do something like delete an album of mine. I even give him permission to do so.

Oh you're just assuming it's a male?! Sexist.

We live in an equal and free society where women can do anything men can do!

Oh you're just assuming it's a male?! Sexist.

We live in an equal and free society where women can do anything men can do!

This happened because the US Government is tired of Dreavenings.

Why do you assume the hacker has a penis?

I seriously doubt a woman hacker would take this game so seriously as to go through all this trouble. A loser guy (99% of you on here) would find some desire to do something like this. Honestly, I'm really betting on a bot or some technical glitch... uh oh! they went in and deleted my avatars! Watch out!

This happened because the US Government is tired of Dreavenings.

You shut your fucking face!

Oh you're just assuming it's a male?! Sexist.

We live in an equal and free society where women can do anything men can do!

Maybe it's a personal bias but, I just assume most women have better things to do.

Someone ban all these new accounts. Obviously fakes.

Someone ban all these new accounts. Obviously fakes.

:(

Agreed. Any account that was created after December of 2013 should be banned.

Someone ban all these new accounts. Obviously fakes.

Rapist.

Most of you are using weak passwords and don't know it. Go check Kapersky's password checker and you will see what's considered weak vs strong now. I use a password manager that handles all mine, and I highly suggest it. LastPass is $12/yr. Many of the others are free. Password managers are your friend. Don't use the same passwords on other websites. Ideally, you want to use a UNIQUE password for EVERY different site and account. Use the maximum characters allowed, even if they will take 100 chars. Uppercase, Lowercase and symbols if allowed. These new botnets and high end computers can break very complex or long passwords. I didn't have time to read the whole thread, so my apologies if someone discussed this earlier. Someone messaged me saying the PC was being hacked and I deal with this kind of stuff regularly so that's why I'm offering some simple advice that can save you all from a lot of headaches (or worse). Also, don't get caught by Petya.

Most of you are using weak passwords and don't know it. Go check Kapersky's password checker and you will see what's considered weak vs strong now. I use a password manager that handles all mine, and I highly suggest it. LastPass is $12/yr. Many of the others are free. Password managers are your friend. Don't use the same passwords on other websites. Ideally, you want to use a UNIQUE password for EVERY different site and account. Use the maximum characters allowed, even if they will take 100 chars. Uppercase, Lowercase and symbols if allowed. These new botnets and high end computers can break very complex or long passwords. I didn't have time to read the whole thread, so my apologies if someone discussed this earlier. Someone messaged me saying the PC was being hacked and I deal with this kind of stuff regularly so that's why I'm offering some simple advice that can save you all from a lot of headaches (or worse). Also, don't get caught by Petya.

To be fair, I don't care enough about my PC forum account security to do all that.

Most of you are using weak passwords and don't know it. Go check Kapersky's password checker and you will see what's considered weak vs strong now. I use a password manager that handles all mine, and I highly suggest it. LastPass is $12/yr. Many of the others are free. Password managers are your friend. Don't use the same passwords on other websites. Ideally, you want to use a UNIQUE password for EVERY different site and account. Use the maximum characters allowed, even if they will take 100 chars. Uppercase, Lowercase and symbols if allowed. These new botnets and high end computers can break very complex or long passwords. I didn't have time to read the whole thread, so my apologies if someone discussed this earlier. Someone messaged me saying the PC was being hacked and I deal with this kind of stuff regularly so that's why I'm offering some simple advice that can save you all from a lot of headaches (or worse). Also, don't get caught by Petya.

My banking account password:

Your password will be bruteforced with an average home computer in approximately
3261CENTURIES

The PC password said it could be brute forced in 15 days though.

I don't have any personal info saved in my settings so I never worried enough to make it stronger.

I can only hope time4dung was affected as well.

It's vBulletin moreso than PHP, from what I've heard. It's fairly technical, I couldn't execute the exploits myself, but am able to follow how and what was done.

I'll provide a little more... it was possible to lift the Hash and the Salt from the user password tables. Without the encryption key, it's a sizable brute force effort to determine an individual PW from that. Mine was able to be brute forced using a dictionary table after about 45 minutes. It would be possible to corrupt the hash to simply destroy a user's ability to login..

THIS. 45 mins isn't long enough. All mine are 10,000 centuries. All my data are belong to ME.

All you people who had your shit changed need to do better with your passwords. Security is important. I have to yell at people for this shit at work everyday. When someone wires your money to Zimbabwe you will wish you had taken it seriously. its not just this site, lax security means you can probably be compromised in other ways or set you up for a directed attack. You guys should see the shit we do to people for testing, and we're the good guys. The only way they should be able to get your account is a site vulnerability that affects the platform, not you personally.

I just got neg repped from tisket's account.


Thread: So...what the hell is happening with the PC?

I disapprove - [Tisket]

She's logged in now, apparently.

THIS. 45 mins isn't long enough. All mine are 10,000 centuries. All my data are belong to ME.

All you people who had your shit changed need to do better with your passwords. Security is important. I have to yell at people for this shit at work everyday. When someone wires your money to Zimbabwe you will wish you had taken it seriously. its not just this site, lax security means you can probably be compromised in other ways or set you up for a directed attack. You guys should see the shit we do to people for testing, and we're the good guys. The only way they should be able to get your account is a site vulnerability that affects the platform, not you personally.

Again, my PC password hasn't been changed since I made the account. Anything that is important, I change all the time and have a way stronger password. I'm pretty sure that is the same for just about anyone.

Most of you are using weak passwords and don't know it. Go check Kapersky's password checker and you will see what's considered weak vs strong now. I use a password manager that handles all mine, and I highly suggest it. LastPass is $12/yr. Many of the others are free. Password managers are your friend. Don't use the same passwords on other websites. Ideally, you want to use a UNIQUE password for EVERY different site and account. Use the maximum characters allowed, even if they will take 100 chars. Uppercase, Lowercase and symbols if allowed. These new botnets and high end computers can break very complex or long passwords. I didn't have time to read the whole thread, so my apologies if someone discussed this earlier. Someone messaged me saying the PC was being hacked and I deal with this kind of stuff regularly so that's why I'm offering some simple advice that can save you all from a lot of headaches (or worse). Also, don't get caught by Petya.

I mean, I guess it's possible. But like I said before this forum locks you out for 15 minutes after attempting 5 wrong passwords. So this person has either been at it for a long time now, or is much more dedicated than your casual troll to change his IP address after every 5 wrong tries. Especially with how many people he targeted.

With all of the shit this site has been subjected to over the years (remember that one time Kranar himself was locked out) I find it hard to believe such a low level effort as brute forcing people's passwords happened this time.

I mean, I guess it's possible. But like I said before this forum locks you out for 15 minutes after attempting 5 wrong passwords. So this person has either been at it for a long time now, or is much more dedicated than your casual troll to change his IP address after every 5 wrong tries. Especially with how many people he targeted.

With all of the shit this site has been subjected to over the years (remember that one time Kranar himself was locked out) I find it hard to believe such a low level effort as brute forcing people's passwords happened this time.

It locks out your IP, not the PC account. If you know what you're doing, that is easy to sidestep.

Just got neg repped by tgo's account.

Just got neg repped by tgo's account.

Same.

THIS. 45 mins isn't long enough. All mine are 10,000 centuries. All my data are belong to ME.

All you people who had your shit changed need to do better with your passwords. Security is important. I have to yell at people for this shit at work everyday. When someone wires your money to Zimbabwe you will wish you had taken it seriously. its not just this site, lax security means you can probably be compromised in other ways or set you up for a directed attack. You guys should see the shit we do to people for testing, and we're the good guys. The only way they should be able to get your account is a site vulnerability that affects the platform, not you personally.

I think it's safe to say you are wrong about your brute force method theory, no offense.

Our hacker is logging onto people's accounts and leaving rep as we speak. tyrant-201 left me neg rep, which is possible is from him, but he usually doesn't leave me neg rep.

I also received rep from Tisket and Tgo01 letting me know what my passwords were for Tgo01 and this account. This account was created 12 hours ago, Kaspersky estimated it would take someone 10,000+ centuries to brute force it. I guess it's possible they just got extremely lucky, but something tells me it's a bit more than this.

Hahahaha

I mean, I guess it's possible. But like I said before this forum locks you out for 15 minutes after attempting 5 wrong passwords. So this person has either been at it for a long time now, or is much more dedicated than your casual troll to change his IP address after every 5 wrong tries. Especially with how many people he targeted.

With all of the shit this site has been subjected to over the years (remember that one time Kranar himself was locked out) I find it hard to believe such a low level effort as brute forcing people's passwords happened this time.

This can be automated. If they got the PW lists and salt tables they can brute force them remotely with a botnet or locally on their computer if they have some top shelf equipment. It doesn't have to be a thing where they attempt logins on the site. Or they could have compromised the site another way, check the site software for vulnerabilities.

I think it's safe to say you are wrong about your brute force method theory, no offense.

Our hacker is logging onto people's accounts and leaving rep as we speak. tyrant-201 left me neg rep, which is possible is from him, but he usually doesn't leave me neg rep.

I also received rep from Tisket and Tgo01 letting me know what my passwords were for Tgo01 and this account. This account was created 12 hours ago, Kaspersky estimated it would take someone 10,000+ centuries to brute force it. I guess it's possible they just got extremely lucky, but something tells me it's a bit more than this.

I thought you were wrathbringer. I'd have left rape rep instead

I thought you were wrathbringer. I'd have left rape rep instead

Rapist.

just got hit from gelston's account

just got hit from gelston's account

Hot.

Great. I just got neg repped by Tgo's real account, Daiyon, and Gelston saying the same thing, all within 30 seconds of each other: "I disapprove".

Great. I just got neg repped by Tgo's real account, Daiyon, and Gelston saying the same thing, all within 30 seconds of each other: "I disapprove".

It's happening to several of us.

I think it's safe to say you are wrong about your brute force method theory, no offense.

Our hacker is logging onto people's accounts and leaving rep as we speak. tyrant-201 left me neg rep, which is possible is from him, but he usually doesn't leave me neg rep.

I also received rep from Tisket and Tgo01 letting me know what my passwords were for Tgo01 and this account. This account was created 12 hours ago, Kaspersky estimated it would take someone 10,000+ centuries to brute force it. I guess it's possible they just got extremely lucky, but something tells me it's a bit more than this.

That's something different then, maybe a software vulnerability that gives them the ability to log in to some accounts without passwords. How's the database security? input validation? It could be anything or something simple that gives them total control. Why only those accounts though? I cant really help other than to speculate, and no I'm not wrong about my brute force suggestions. What I said still applies, just maybe not directly to this case.

LOL just got hammered by like 50 people I lol'd.

LOL just got hammered by like 50 people I lol'd.

So the hacker is not all bad

Great. I just got neg repped by Tgo's real account, Daiyon, and Gelston saying the same thing, all within 30 seconds of each other: "I disapprove".

I didn't neg rep anyone, so its definitely some sort of server issue. I'm still logged into my account so maybe they exploited some kind of vulnerability to control different features without account access? could be 1000 different things

LOL just got hammered by like 50 people I lol'd.

I approve.

Well we know now that the hacker is ..

A.) Human
B.) Someone who cares enough about these boards.
C.) Someone who's not dumb, as this actually would take someone pretty smart.

I didn't neg rep anyone, so its definitely some sort of server issue. I'm still logged into my account so maybe they exploited some kind of vulnerability to control different features without account access? could be 1000 different things

Yeah but the person knows my passwords so they have them. Not that it matters much at this point how they did it, it's quite apparent they have access to anyone's account they want.

Oh God. I'd lose all those vulva pics. Pls haxer spare me.

https://www.cvedetails.com/cve/CVE-2016-6195/

SQL injection with a 7.5 CVSS score. This version of vBulletin is vulnerable to it. 4.2.3. You guys need to update the forum ASAP. Thats why they can make changes without account data. They can inject commands into the database using that vulnerability.

A security issue has been reported to us that affects vBulletin 4. We have released security patches for vBulletin 4.2.2 & 4.2.3 to account for this vulnerability. The issue could potentially allow attackers to perform SQL Injection attacks via the included Forumrunner add-on. It is recommended that all users update as soon as possible. If you're using a version of vBulletin 4 older than 4.2.2, it is recommended that you upgrade to the latest version as soon as possible. Please note that you need to update regardless of whether you have Forumrunner enabled.

You can download the patch for your version here: http://members.vbulletin.com/patches.php

To install the patch, download the appropriate files for your version of vBulletin 4 then upload all files found within the zip file. Make sure to overwrite the existing files on your server.

If you're using a version prior to 4.2.2, then you should follow standard upgrade procedures.

Patches available:

vBulletin 4.2.2 Patch Level 5
vBulletin 4.2.3 Patch Level 1

vBulletin 4.2.4 Beta 2 has been released and includes the fix.

Well we know now that the hacker is ..

A.) Human
B.) Someone who cares enough about these boards.
C.) Someone who's not dumb, as this actually would take someone pretty smart.

We also know that:

A.) You're retarded

https://www.cvedetails.com/cve/CVE-2016-6195/

SQL injection with a 7.5 CVSS score. This version of vBulletin is vulnerable to it. 4.2.3. You guys need to update the forum ASAP. Thats why they can make changes without account data. They can inject commands into the database using that vulnerability.

A security issue has been reported to us that affects vBulletin 4. We have released security patches for vBulletin 4.2.2 & 4.2.3 to account for this vulnerability. The issue could potentially allow attackers to perform SQL Injection attacks via the included Forumrunner add-on. It is recommended that all users update as soon as possible. If you're using a version of vBulletin 4 older than 4.2.2, it is recommended that you upgrade to the latest version as soon as possible. Please note that you need to update regardless of whether you have Forumrunner enabled.

You can download the patch for your version here: http://members.vbulletin.com/patches.php

To install the patch, download the appropriate files for your version of vBulletin 4 then upload all files found within the zip file. Make sure to overwrite the existing files on your server.

If you're using a version prior to 4.2.2, then you should follow standard upgrade procedures.

Patches available:

vBulletin 4.2.2 Patch Level 5
vBulletin 4.2.3 Patch Level 1

vBulletin 4.2.4 Beta 2 has been released and includes the fix.

Not to seem too dumb, but this is something Kranar needs to do, right?

Not to seem too dumb, but this is something Kranar needs to do, right?

Yes. Whirlin can't do shit.

Is it twisted that I'm finding this whole thing funny?

Is it twisted that I'm finding this whole thing funny?

No, I definitely am too.

Is it twisted that I'm finding this whole thing funny?

Nah. Also, probably a pointless bit but did you try tracing the rep back? If the 'hacker' is retarded enough to use their own account, lolz.

Whoever is doing it has some skills because there are no metasploit modules available for it. (if that's the exploit they used)

I'm assuming the passwords were stored encrypted so they're probably brute forcing the ones they could do and ignoring the tougher ones

Forum hacker, I salute thee HAHA

Nah. Also, probably a pointless bit but did you try tracing the rep back? If the 'hacker' is retarded enough to use their own account, lolz.

That would be pointless, they are using the hacked account to rep with.

Nah. Also, probably a pointless bit but did you try tracing the rep back? If the 'hacker' is retarded enough to use their own account, lolz.

It probably just came from another account.

Nah. Also, probably a pointless bit but did you try tracing the rep back? If the 'hacker' is retarded enough to use their own account, lolz.

I don't have that script. I'm sure it's rep from my main handle though.

Nah. Also, probably a pointless bit but did you try tracing the rep back? If the 'hacker' is retarded enough to use their own account, lolz.

Astray! The red rep is coming from your own house! GET OUT NOW!

Oh well! Guess we'll sit and wait for a bit.

Maybe it's Stump licker, since everyone's always accusing him of being butthurt that no one gives a shit about his forum.

A virus seems unlikely. Of all websites of mine they have access to why the PC of all places?

Also brute force sounds kind of hard to believe as well. This forum locks you out of attempting to enter passwords for 15 minutes after 5 tries. Unless this person has been at this for months or even years. I mean my password couldn't have been that weak, it certainly wasn't just a single word or something like that.

Also I find it strange how no Democrats have spoke up about their accounts being hacked yet...coincidence?! I think not!

Word on the street is it's WarriorBird and Time4Fun

Astray! The red rep is coming from your own house! GET OUT NOW!

I have a gun though. If I get out now I can't murder the intruder.

Maybe it's Stump licker, since everyone's always accusing him of being butthurt that no one gives a shit about his forum.

He's not smart enough to hack his own account let alone anyone else's.

Maybe it's Stump licker, since everyone's always accusing him of being butthurt that no one gives a shit about his forum.

That would be hilarious.

Word on the street is it's WarriorBird and Time4Fun

No one thought to ask Time4Fun if one of her doctorates was in vbulletin hax.

There is another one with a 4.5 score. This 7.5 score one: allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016.

Both are low complexity so anyone with some knowledge of SQL and SSRF could do it.

Word on the street is it's WarriorBird and Time4Fun

I can see WarriorBird being butthurt enough to do it. And since you apparently are the hacker it's apparent you're saying this to throw us off the trail.

Warriorbird!

To whoever is doing this...

https://media.tenor.com/images/00cec448b487873b51ad2e7ec3933beb/tenor.gif

There is another one with a 4.5 score. This 7.5 score one: allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016.

Both are low complexity so anyone with some knowledge of SQL and SSRF could do it.

Shhh, now we'll all be 1337 haxxors and run the internet.

Seriously who is this butthurt from PC shenanigans?

The PC has been subjected to DDoS attacks for what, years now according to Kranar?

That one time everyone was hacked, including Kranar.

Now this?

What did the PC do to you, guy? You can open up here. This is a safe space.

Probably Alastir. Seriously. Think about it.

Seriously who is this butthurt from PC shenanigans?

The PC has been subjected to DDoS attacks for what, years now according to Kranar?

That one time everyone was hacked, including Kranar.

Now this?

What did the PC do to you, guy? You can open up here. This is a safe space.

Well that's hilariously sad. How much a little cockbite of a pansy you gotta be to continue this shit for years?

Well that's hilariously sad. How much a little cockbite of a pansy you gotta be to continue this shit for years?

Right? It's not like anyone accused him of being a rapist.

OR DID THEY?!??!

Dun dun dun dunnnnnnnnnnnnn!!

http://i.imgur.com/ybnHuwt.gif

Right? It's not like anyone accused him of being a rapist.

OR DID THEY?!??!

Dun dun dun dunnnnnnnnnnnnn!!

I'm calling the 'hacker' a pedophile and a rapist. Just to be on the record. Because they can't do shit but pull the same thing little kids can. The kids they desire. Because they are a pedophile.

https://68.media.tumblr.com/1bcc0d7fcaa43968c622e2da2a155089/tumblr_nf481uDPA11s593keo8_r1_250.gif

My password was sent to this account. So the user is active, either reading this thread or just using the IPs to connect. Its a weak throw away password for non important stuff. Shame I can't use it anymore. All other important passwords changed. It was fun being part of the PC for a bit. Best of luck to you guys, probably done with GS at this point too. The officials are hot trash and now the PC is. So much for fun.

They have limited scope in what they can do. get PWs from the database, make forged requests. It's enough to do what they're doing but not much more.

Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None

My password was sent to this account. So the user is active, either reading this thread or just using the IPs to connect. Its a weak throw away password for non important stuff. Shame I can't use it anymore. All other important passwords changed. It was fun being part of the PC for a bit. Best of luck to you guys, probably done with GS at this point too. The officials are hot trash and now the PC is. So much for fun.

You can't let the terrorists win!

Most of you are using weak passwords and don't know it. Go check Kapersky's password checker and you will see what's considered weak vs strong now. I use a password manager that handles all mine, and I highly suggest it. LastPass is $12/yr. Many of the others are free. Password managers are your friend. Don't use the same passwords on other websites. Ideally, you want to use a UNIQUE password for EVERY different site and account. Use the maximum characters allowed, even if they will take 100 chars. Uppercase, Lowercase and symbols if allowed. These new botnets and high end computers can break very complex or long passwords.

I am bumping this post from Daiyon as it is very good advice.

I'm assuming the passwords were not stored in plain text so they could only decrypt the weaker passwords.

If anyone is worried about safety or if their account is in jeopardy, risk is only applied if you shared the password with the e-mail account associated with the boards. If you did, change it. Same goes for Gemstone. Change your password if it's the same. If not.

Fuckboi 'hacker' can't do shit else. You're safe.

I am bumping this post from Daiyon as it is very good advice.

Everyone knows this, Candork.

https://68.media.tumblr.com/1bcc0d7fcaa43968c622e2da2a155089/tumblr_nf481uDPA11s593keo8_r1_250.gif


https://www.youtube.com/watch?v=bLlj_GeKniA

That Neuromancer reference was on point, though.

If anyone is worried about safety or if their account is in jeopardy, risk is only applied if you shared the password with the e-mail account associated with the boards. If you did, change it. Same goes for Gemstone. Change your password if it's the same. If not.

Fuckboi 'hacker' can't do shit else. You're safe.

People who don't use a throwaway email address to register are silly.

so if its a random dude just trolling for weak BBs, no problem shit happens thats what you get for using a weak password.
If its a targeted attack because someone got all upset that their cheerios got pissed in, thats a step too far.
We didn't even have this shit during the most meta of meta times in Eve with people trying to hack each others boards and shit.

People who don't use a throwaway email address to register are silly.

YOU'RE SILLY TISKET NUMBER 2!

The person left me shart rep with wrathbringer's account, and also included my password. The person is someone from the community, it seems.

The person left me shart rep with wrathbringer's account, and also included my password. The person is someone from the community, it seems.

That possibly is actually wrathbringer.

I'm assuming the passwords were not stored in plain text so they could only decrypt the weaker passwords.

I don't think so. Only the most prominent people here were affected.

That possibly is actually wrathbringer.

I'm wrathbringer...

I'm not a prominent person, im not a Republican, I'm just a fucking Ordim. Who had a weak password.

I'm wrathbringer...

No, you're sexualpredator.

So glad my password was a random scramble of shit. Or not. I can't remember.

SashaFierce is mysteriously, suspiciously absent in this thread. Just saying.

/tinfoilhat

I'm wrathbringer...

Thought so. Added to my ignore list.

Thought so. Added to my ignore list.

Good thing, you delicate snowflake. Everyone knows that you click on my posts to view them anyway because you can't stand it.

so if its a random dude just trolling for weak BBs, no problem shit happens thats what you get for using a weak password.
If its a targeted attack because someone got all upset that their cheerios got pissed in, thats a step too far.
We didn't even have this shit during the most meta of meta times in Eve with people trying to hack each others boards and shit.

Either there are a lot of butthurt people from the PC or it's the same person who has been doing it for years. But yeah, something like this happens about once or twice a year now. Usually it's just DDoS attacks that brings the forums down for a day or two. This has been the most blatant attack yet.

Part of the problem is our administrator wants to take a hands off approach to this forum. Which I can understand, he doesn't want to be perceived as biased. But I think he takes a bit too much of a hands off philosophy seeing as the forums don't seem to get updated too often. In fact to my knowledge the last time these forums were updated were a few years ago shortly after the forums were attacked.

But he does all of this for free and hasn't played GS in many years now so we can't complain too much.

Part of the problem is also the community, we typically don't want someone else to have too much control over the forums because we like Kranar's hands off approach. The community seems worried about a mod that is too heavy handed also having admin status that can do a lot more than just lock a thread or delete a post.

Somewhere somehow that is analogy for life and times.

I don't think so. Only the most prominent people here were affected.

Not exactly. They sent the actual passwords to people in rep. It seems like someone who is familiar with the community. They can only get plain text passwords if they setup scripts to monitor the database for people attempting to login with those passwords (unlikely), or if they dumped the passwords from the database and cracked the ones they could (IE the weak ones, highly likely). I'm using a lot of speculation based on the limited info I have, but this is what it seems like to me. low complexity to exploit and HIGH effect

CVSS Severity (version 3.0):

CVSS v3 Base Score:
9.8 Critical

Edit: there could be other ways to get the passwords. I'm not a sql injection expert, and there is always new stuff. Consider that they haven't sent me rep with my password, and after all my public analysis, if i was the hacker, that's what I would have done. Gamesmanship etc.

Either there are a lot of butthurt people from the PC or it's the same person who has been doing it for years. But yeah, something like this happens about once or twice a year now. Usually it's just DDoS attacks that brings the forums down for a day or two. This has been the most blatant attack yet.

Part of the problem is our administrator wants to take a hands off approach to this forum. Which I can understand, he doesn't want to be perceived as biased. But I think he takes a bit too much of a hands off philosophy seeing as the forums don't seem to get updated too often. In fact to my knowledge the last time these forums were updated were a few years ago shortly after the forums were attacked.

But he does all of this for free and hasn't played GS in many years now so we can't complain too much.

Part of the problem is also the community, we typically don't want someone else to have too much control over the forums because we like Kranar's hands off approach. The community seems worried about a mod that is too heavy handed also having admin status that can do a lot more than just lock a thread or delete a post.

Someone needs to at least be responsible for updating the forum software. This shouldn't be happening and it exposes people's personal information, especially with paypal and private emails flying around in private messages. The suspected vuln has been around for a year. Nobody is looking at the patches and updates for critical vulns? If you guys want me to setup alerts to let you know when there is something you need to look out for let me know. I get intel feeds from all over but I only pay attention to what affects me or my clients.

The fix for this vulnerability was made available 19 days ago and our hosting provider has scheduled an update for this issue within the next 48 hours. I will let everyone know when the update has been made and then restore the compromised accounts.

The fix for this vulnerability was made available 19 days ago and our hosting provider has scheduled an update for this issue within the next 48 hours. I will let everyone know when the update has been made and then restore the compromised accounts.

Is there a way to find out who's doing it

Thanks Kranar.

Is there a way to find out who's doing it

It could be Russia, but it could also be China. It could also be lots of other people. It also could be somebody sitting on their bed that weighs 400 pounds, OK? You don’t know who broke in to the player's corner.

It is North Korea.

Thanks Kranar

Good stuff. I wasn't affected, but I have a crazy as hell password (which I just changed again for good measure).

It could be Russia, but it could also be China. It could also be lots of other people. It also could be somebody sitting on their bed that weighs 400 pounds, OK? You don’t know who broke in to the player's corner.

I loled

It also could be somebody sitting on their bed that weighs 400 pounds, OK? You don’t know who broke in to the player's corner.


400 pounds fat or like 10 feet tall and just really long?

400 pounds fat or like 10 feet tall and just really long?

Holy shit. Someone get the sketch artist back in here.

I'm still logged into my account so maybe they exploited some kind of vulnerability to control different features without account access?

Also to my knowledge you can be logged into the PC from multiple places and it won't kick off any of the accounts. I log onto the PC from my phone all the time while I'm still logged in from my computer.

Although they didn't change your password, so maybe they just hate me more than you :(

But who could ever hate me? I'm so sweet and lovable.

Also to my knowledge you can be logged into the PC from multiple places and it won't kick off any of the accounts. I log onto the PC from my phone all the time while I'm still logged in from my computer.

Although they didn't change your password, so maybe they just hate me more than you :(

But who could ever hate me? I'm so sweet and lovable.

Yeah, I'm always on from my phone and my computer

We're always on at one of several hundred computers around the United States.

https://s-media-cache-ak0.pinimg.com/originals/7b/ba/ce/7bbaceec417d7b933715ae24c931894e.jpg
Is it safe?

Also something I just realized. For a few weeks now most of the time I logged on from my phone (since on my phone I can never stay connected) I noticed a warning saying something about this site isn't secure so any login credentials aren't safe or something to that effect. I mostly just ignored it because it's the PC, it's not like it's my bank account or anything.

But since the "keep me logged on" feature on my PC actually does keep me on all of the time I haven't had to input my password on the PC in months. But when I was booted last night (cause the person changed my password) I went to enter my password and I noticed the same warning.

Think this might have had something to do with it?

Also are we back? Forum all updated? Hacks all gone? Everything back to normal? As normal as the PC gets that is.

e̢͜͠҉̠̦̰̜̻̲̳͉͔͔̘̯̤ͅv̸͍̘̖̮̠͎̺͖̥͎̹͎͓͉̬̞̹̲͠͝͠e̜̻̲̬͜͠͞ ̩̦̟̹͙̫̖̲r̛̗̘̻̥̗̗̱̜̻͜͡y̧̢̺̭͕͇͠͝t͏̢̲̝̖̹̱͔̗̩͉̬̦͇͍̖͈͠ͅ ͉̱h҉̡͞҉̣̖̘̼̹͓̤̻̱͇̯̻̺ͅi̷̧̞̞̩̯̯̝͔̗̼̠̗̟̹̝̘̖̼̠̟͜͞͞ń̺͢ ̪̙̦̳ͅǵ̡̞͙̥̫̜̘͉̖̟͇ ̙͚̻̖̤̙̭͘͟í̹͉̙̼̯͔̪̞̮̣̼̠̟̰̥͙̞̪̲̕s҉̷̡̹̬̠̣̤͎̗̖̗̻̪̳̲̰̝ ͕̲͓͎ ̵̨͠͏̞͙̹̠̩̫̭̮͎f̢̙͈͔̞̝̙̺̯̩͙̮̥̥͍͈̮̙̳͞͡į̸̴̧̥̘̝̝̙̝̳̱̣̩ ͈͔̩̲n̶͉̪͙̝͎͖͎͍͘ͅe̸҉͏̫͇͓͓͙

.
.

So either the problem hasn't been fixed or Kranar himself has decided to start spamming the PC.

The Article section works now though!

My banking account password:

Your password will be bruteforced with an average home computer in approximately
3261CENTURIES

Now scroll down and see what the time is with the botnet and super computer.

Mine was 2 months for my PC password but like 4s with botnet.

I blame Haldrik.

Now scroll down and see what the time is with the botnet and super computer.

Mine was 2 months for my PC password but like 4s with botnet.

Maybe someone more in the know can explain how this works to me.

So just entering a random bunch of numbers of 817234982 gave me 1 second for a super computer to crack, yet doing the same number of random characters of @&!*@&$(@ gave me 4 months.

How does this work? Assuming someone is running a program that just tries all possible characters why would 9 random characters take 1,036,800 times as long as 9 random numbers?

Only possibility I can think of is most brute force programs go through all letter combinations first since those are probably most common in passwords, then they go through all character + number combinations and then finally they start adding in characters.

The other possibility is they are referring to what a website allows a password to be. Most sites used to (and some still do I've noticed) not allow you to do certain things like capital letters, or use digits, or limit how long your password can be to some low number like 8 characters. But this would have more to do with the site's password protocol as opposed to what your password actually is.

Maybe someone more in the know can explain how this works to me.

So just entering a random bunch of numbers of 817234982 gave me 1 second for a super computer to crack, yet doing the same number of random characters of @&!*@&$(@ gave me 4 months.

How does this work? Assuming someone is running a program that just tries all possible characters why would 9 random characters take 1,036,800 times as long as 9 random numbers?

Only possibility I can think of is most brute force programs go through all letter combinations first since those are probably most common in passwords, then they go through all character + number combinations and then finally they start adding in characters.

The other possibility is they are referring to what a website allows a password to be. Most sites used to (and some still do I've noticed) not allow you to do certain things like capital letters, or use digits, or limit how long your password can be to some low number like 8 characters. But this would have more to do with the site's password protocol as opposed to what your password actually is.

My bad, that's 13 days for a normal home computer to do the numbers, and 4 months for a normal home computer to do the characters. Still, that's almost 10 times as long.

Only possibility I can think of is most brute force programs go through all letter combinations first since those are probably most common in passwords, then they go through all character + number combinations and then finally they start adding in characters.


Pretty much. It's the same reason if you replace a single number in 817234982 with a letter, like 817a34982, it goes up. You're no longer just searching for a "number", you're now searching for a "number+letter combination". That's why mixed passwords with capitals, symbols, and numbers are recommended.

Thank you, Kranar

It's the same reason if you replace a single number in 817234982 with a letter, like 817a34982, it goes up. You're no longer just searching for a "number", you're now searching for a "number+letter combination".

That still seems odd to me. So does the program do all letters first, then all numbers, then all characters, then it finally starts mixing them all together?

Because otherwise why would it matter if the a is a letter or a number?

Like, okay, let's say all websites got together and force you to use at least one capital letter, one symbol, one lower case, and one number. Wouldn't these programs know to skip the all letters phase and the all numbers phase and jump straight to using every character possible?

I understand since you're increasing the number of possible characters your password can include that a program would take longer to crack it, but since they can skip the all letters/all numbers/etc phase wouldn't this cut down a bit on the time required too?

There are also tools such as rainbow tables that someone can use. From my limited understanding all the hacker needs is the correct hash number to be able to login.
https://www.lifewire.com/rainbow-tables-your-passwords-worst-nightmare-2487288

The PC is not encrypted when you log in. Firefox/Opera/Edge all alert at this. Whoever has done this could have possibly grabbed tons of login information. Nearly every site you visit these days is encrypted.

Maybe it's a personal bias but, I just assume most women have better things to do.

I was shopping for makeup. Much better!

I was shopping for makeup. Much better!

Gotta look good while you hack the planet.

There are also tools such as rainbow tables that someone can use. From my limited understanding all the hacker needs is the correct hash number to be able to login.
https://www.lifewire.com/rainbow-tables-your-passwords-worst-nightmare-2487288

The PC is not encrypted when you log in. Firefox/Opera/Edge all alert at this. Whoever has done this could have possibly grabbed tons of login information. Nearly every site you visit these days is encrypted.

That makes more sense, and also explains the warnings I have been seeing when logging onto the PC.

I just find it hard to believe that this person was cracking all of these passwords for the past however long it takes. Unless he's renting out some botnet to do all of these calculations for him. Which I suppose is possible, but damn this guy must have cash coming out of his ass if he can afford to rent a botnot just to be able to log onto a few accounts to change their passwords and disable their avatars.

Don't people rent botnets to do so for shit like bringing down major websites and scamming people and shit? I can't imagine that shit is cheap.

Unless he's renting out some botnet to do all of these calculations for him.

He is/was DDoSing the site for a few months straight, IIRC.

He is/was DDoSing the site for a few months straight, IIRC.

Yeah, this guy for sure has more money to piss away than I do.

Yeah, this guy for sure has more money to piss away than I do.

I haven't read through most of this so I'm just doing some guessing.

It doesn't seem that logical that someone with the amount of money it would take to do this, as you're suggesting, would actually pay $ do something like this. My guess would be this is a person with connections to a network of people who do this stuff and have a host of zombie computers they have hijacked.

I just find it difficult to believe that someone who is financially successful would take the risk or piss away their time to fuck around with the PC. :shrug:

The computing discussion it has lead to though is a bit interesting. From what I understand the real fear or "race" is quantum computers, some are suggesting it will make data security impossible. I'm not sure how much truth there is to any of that though.

Whatever it may be, there's no question they don't like racists.

It doesn't seem that logical that someone with the amount of money it would take to do this, as you're suggesting, would actually pay $ do something like this. My guess would be this is a person with connections to a network of people who do this stuff and have a host of zombie computers they have hijacked.

Rapist.

Also that's just as bad really.

So these guys are all sitting around, scheming ways to put their hijacked computers to "good" use to make them some money and one of their friends comes along and says "Hey, gais! Some people hurt my fee fees on this obscure forum no one outside of maybe 1000 people have ever even heard of. Mind routing all of your efforts into DDoSing this website for a few months? Oh and then brute force all of their passwords too. thx."

Unless this guy just so happens to give the best blowjobs ever and his friends can't resist. I mean it's possible I suppose!

Rapist.

Also that's just as bad really.

So these guys are all sitting around, scheming ways to put their hijacked computers to "good" use to make them some money and one of their friends comes along and says "Hey, gais! Some people hurt my fee fees on this obscure forum no one outside of maybe 1000 people have ever even heard of. Mind routing all of your efforts into DDoSing this website for a few months? Oh and then brute force all of their passwords too. thx."

Unless this guy just so happens to give the best blowjobs ever and his friends can't resist. I mean it's possible I suppose!

I don't know, guess I'm just unable to put myself in a place where I could give this many fucks.

I don't know, guess I'm just unable to put myself in a place where I could give this many fucks.

You mean put yourself in the position of this hacker? I don't think any of us can. It's simply unfathomable the amount of resources being used here (keep in mind at one point he even brought down LNet and I think attempted or succeeded in bringing down the Simu servers for a while.) And all for what? I mean the amount of butt hurt required to do all of this, all over some fucking words on a message board?

Someone must have called him a rapist. Only explanation.

You mean put yourself in the position of this hacker? I don't think any of us can. It's simply unfathomable the amount of resources being used here (keep in mind at one point he even brought down LNet and I think attempted or succeeded in bringing down the Simu servers for a while.) And all for what? I mean the amount of butt hurt required to do all of this, all over some fucking words on a message board?

Someone must have called him a rapist. Only explanation.

Someone <cough>you</cough> called him a child rapist.

I called the 'hacker' a child rapist as well.

Still nothing.

That still seems odd to me. So does the program do all letters first, then all numbers, then all characters, then it finally starts mixing them all together?

Because otherwise why would it matter if the a is a letter or a number?

Like, okay, let's say all websites got together and force you to use at least one capital letter, one symbol, one lower case, and one number. Wouldn't these programs know to skip the all letters phase and the all numbers phase and jump straight to using every character possible?

You can do it however you want. They're usually called rules. You can put numbers at the beginning, the end, or do things like run alphabet substitutions such as Methais is a loser to M3th@!2 !2 @ 10s3r.


There are also tools such as rainbow tables that someone can use. From my limited understanding all the hacker needs is the correct hash number to be able to login.
https://www.lifewire.com/rainbow-tables-your-passwords-worst-nightmare-2487288

The PC is not encrypted when you log in. Firefox/Opera/Edge all alert at this. Whoever has done this could have possibly grabbed tons of login information. Nearly every site you visit these days is encrypted.

Your understanding is way less than limited. You should have just said you googled a couple articles and are reporting back.

I'm sure they got the whole list and only cracked what they felt like doing. People also do it for hire but with nothing really worth taking linked to the profiles here they probably did it on their own.

Although I always thought Simu using your account name as the board name was really not the best idea. For people who play and post in both places they might try to see if you used the same password. I think Simu would eventually correct it if people started getting rerolled and such but it would be a headache for a little while.

So is the problem fixed?

https://hashcat.net/hashcat/

Why does my bump to this thread show in "Today's Posts" but not in "New Posts?" Weird.

Why does my bump to this thread show in "Today's Posts" but not in "New Posts?" Weird.

Just imagine what the hacker could be doing with your collection of Henry pics at this very moment, or is that a treasure trove you keep locked up off sight?


https://www.youtube.com/watch?v=9wSOyyKHQU0

Why does my bump to this thread show in "Today's Posts" but not in "New Posts?" Weird.
Because you've already viewed the thread, so there's nothing new in the the thread that you haven't seen.

As an FYI, I do not have access to change passwords or fix accounts for you. Moderators are not granted access to access controls, only administrators.

https://www.vbulletin.com/forum/forum/vbulletin-4/vbulletin-4-questions-problems-and-troubleshooting/396828-how-can-super-moderators-change-user-s-user-group-etc

Because you've already viewed the thread, so there's nothing new in the the thread that you haven't seen.

As an FYI, I do not have access to change passwords or fix accounts for you. Moderators are not granted access to access controls, only administrators.

https://www.vbulletin.com/forum/forum/vbulletin-4/vbulletin-4-questions-problems-and-troubleshooting/396828-how-can-super-moderators-change-user-s-user-group-etc


You should probably mention that to Kranar since he specifically said to contact him OR you to get our accounts returned.

You should probably mention that to Kranar since he specifically said to contact him OR you to get our accounts returned.
I have

I contacted him for my account, so it'll probably be restored in 4.5 weeks.

I contacted him for my account, so it'll probably be restored in 4.5 weeks.

I pm'd him to fix mine, too.

You mean put yourself in the position of this hacker? I don't think any of us can. It's simply unfathomable the amount of resources being used here (keep in mind at one point he even brought down LNet and I think attempted or succeeded in bringing down the Simu servers for a while.) And all for what? I mean the amount of butt hurt required to do all of this, all over some fucking words on a message board?

This is why I blame Haldrik. Intelligent person who is way too easily triggered. He seems the type to walk around with an axe to grind. A child who runs home with the football when others don't play the way he wants.

This is why I blame Haldrik. Intelligent person who is way too easily triggered. He seems the type to walk around with an axe to grind. A child who runs home with the football when others don't play the way he wants.

It looks like it had more to do with politics folder

This is why I blame Haldrik. Intelligent person who is way too easily triggered. He seems the type to walk around with an axe to grind. A child who runs home with the football when others don't play the way he wants.
I agree with your assessment of him, but what would've triggered him this time?

This is why I blame Haldrik. Intelligent person who is way too easily triggered. He seems the type to walk around with an axe to grind. A child who runs home with the football when others don't play the way he wants.

If Haldrik is actually Inspire then these boards have been far kinder to him in recent years than back then. I'd be extremely surprised if it was him.

As far as someone suggesting it's a politics thing, there's a number of us who got hacked who rarely venture down there, and when we do it's definitely not with the kind of vitrol people like TG0, PB and Time4fun toss around.

At this point, it's all basically conspiracy theories and unless Kranar finds a way/gives a shit to find out, we'll probably never know. PW updated, lesson learned.

If Haldrik is actually Inspire then these boards have been far kinder to him in recent years than back then. I'd be extremely surprised if it was him.


They do not appear to be the same person based on what I can see.

They do not appear to be the same person based on what I can see.

FINALLY A DEFINITIVE ANSWER.
Whirlin, you're my hero.

Wait, when did people suspect Inspire is Haldrik? We all know who Inspire is here.

Wait, when did people suspect Inspire is Haldrik? We all know who Inspire is here.

It's been said a few times.

And I have no clue who Inspire is on the forums!

Weird. Haldrik is the one who recently outed a current poster as Inspire. I don't think one person has the time to be both of them.

Is anyone else having trouble connecting to the PC via Tapatalk app on iPhone?

Weird. Haldrik is the one who recently outed a current poster as Inspire. I don't think one person has the time to be both of them.

You'd be surprised.

If you knew who Inspire is posting as, you wouldn't think it possible either.

If you knew who Inspire is posting as, you wouldn't think it possible either.

Who is Inspire?

Ok so does anyone else have issues with not receiving the email to reset a password when you request it?

Ok so does anyone else have issues with not receiving the email to reset a password when you request it?

Yes, but it was because I had used a fake email to register.

Yes, but it was because I had used a fake email to register.

I'm talking about my original account. Kranar PM'd me that the email had been reset and I could do a pw reset. Welp, for the past two days I haven't gotten password reset requests to the email address it claims to have sent it too. (It could be longer but I haven't tried to do it in ages.)

I got the PM too, still says email not recognized.

I got the PM too, still says email not recognized.

So you're not getting as far as I am. THERE ARE LEVELS TO THIS FAILURE.

I'll give it another 12 hours, if I don't see an email to reset my password on my original account I'll bug Kranar... and then wait longer. And be sad.

So you're not getting as far as I am. THERE ARE LEVELS TO THIS FAILURE.

I'll give it another 12 hours, if I don't see an email to reset my password on my original account I'll bug Kranar... and then wait longer. And be sad.

There is always just the possibilty of starting over...

Ok so does anyone else have issues with not receiving the email to reset a password when you request it?
Whomever compromised the list of accounts I posted early on, also changed the e-mail address associated with it.

Whomever compromised the list of accounts I posted early on, also changed the e-mail address associated with it.

Wow. I mean this dude really has an ax to grind with the people on that list...