News:

Vote for WorldScape Classic here! If you vote once every hour, we'll gain more players!

Main Menu

Forum & Game Rollback

Started by Ry60003333, May 05, 2012, 02:45:00 PM

Previous topic - Next topic

Jake

Quote from: D E A T H on May 07, 2012, 05:01:44 PM
It's sad to see good people go bad.
I never went bad. It was a misunderstanding. Everything is clear now though.



nate

how do you know program and mute did it?

This is / isn't a serious post



Kyle

Pretty sure they looked at their IP.

nate

wouldnt that be the first thing to change if you were going to hack this website?

This is / isn't a serious post



Kyle

Well with Ryan being a genious that's probably no much of a problem with him, I'm sure they found out one way it was them.

Chaoslancex

I was on when this happen.. and i'm sure recoil saw this but, Batman was admin lmfao for the time all this happen.






s3v

Quote from: nate on May 07, 2012, 09:21:51 PM
wouldnt that be the first thing to change if you were going to hack this website?

You would think, right? We can't go too in-depth with the details at this current point in time, but in the near future we will have a full report of the breach. I will say though, the evidence is plentiful.
Those who believe in telekinetics, raise my hand. â€"Kurt Vonnegut

Jake

Yeah, To be honest, I think we should stop talking about what has happened. Just look towards the future  ;D

When they can tell us something, they will.



Kevin

#38
Quote from: Jake on May 07, 2012, 10:55:17 PM
Yeah, To be honest, I think we should stop talking about what has happened. Just look towards the future  ;D

When they can tell us something, they will.

Well, I can say this. Luke doesn't really "Hack" he was more of a cheer leader for the whole thing. Aaron was the hacker in all of this. He found a way to gain access to the database and just dropped everything. Dropping something in MySQL just deletes it. So he kept doing that. We asked him about it because we knew he had done it. I had already banned him and while we were sitting there, he decided to hack us again, they tried demoting me on the forums and in-game which they didn't do correctly so nothing happened, we snagged their IP's and called both of their ISP's. We spoke with Aarons ISP for quite some time, and they sent in a report. So we decided to do some investigating ourselves. We managed to find Aarons last name, with that we found both his parents names. With that, we found their home address, along with their home phone number. So we gave them a ring, and they wont be a problem anymore.

EDIT: And for the people who said we had backdoor things inside the client (Key logger, Ddoser, RAT, ect.) if we did have all of those things, wouldn't you think we would have used it to our advantage against Aaron and Luke. I know some of you talk to them still.

They said it was in tools.jar. That file is currently empty.

Mia

Quote from: Kevin on May 07, 2012, 11:49:25 PM
Quote from: Jake on May 07, 2012, 10:55:17 PM
Yeah, To be honest, I think we should stop talking about what has happened. Just look towards the future  ;D

When they can tell us something, they will.

Well, I can say this. Luke doesn't really "Hack" he was more of a cheer leader for the whole thing. Aaron was the hacker in all of this. He found a way to gain access to the database and just dropped everything. Dropping something in MySQL just deletes it. So he kept doing that. We asked him about it because we knew he had done it. I had already banned him and while we were sitting there, he decided to hack us again, they tried demoting me on the forums and in-game which they didn't do correctly so nothing happened, we snagged their IP's and called both of their ISP's. We spoke with Aarons ISP for quite some time, and they sent in a report. So we decided to do some investigating ourselves. We managed to find Aarons last name, with that we found both his parents names. With that, we found their home address, along with their home phone number. So we gave them a ring, and they wont be a problem anymore.

EDIT: And for the people who said we had backdoor things inside the client (Key logger, Ddoser, RAT, ect.) if we did have all of those things, wouldn't you think we would have used it to our advantage against Aaron and Luke. I know some of you talk to them still.

They said it was in tools.jar. That file is currently empty.

Geez, Jeremy did that to poor Coleshot1 just out of bullying.  (called his parents etc)
20 year old vs a 14 y/o unfair advantage lol but ANNNYYWAY

AAAAAAAAAAAAARRRRRRRRRRRRRRROOOOOOOOOOOOOOON
GOT

OWNED

Jake

Let's not bring that up anymore Mia  8)

That's all in the past.



s3v

#41
To add on to what Kevin said... We believe he went on through a proxy Ryan was running (proxy.allgofree.org) and proceeded to use an SQL Injection to gain administrative access to the site and database. Being that he was on Ryan's proxy, the server recognized him as 127.0.0.1 (basically thought he was Ryan), and that's why his attacks went relatively unnoticed. Alternatively, he could also have exploited the actual Linux computer used to host the proxy and forum. That would explain why he maintained privileges for an extended period of time. After using DROP to delete the tables and effectively delete player stats, he proceeded to create more Admin accounts for himself to use. At this point the AllGoFree staff caught on to what he was doing, and began to secure the forums. This was the end of the road for Aaron. For his last stunt, he messed around with Kevin's profile and tried to demote legitimate Admins. The AllGoFree team was quick to respond, with Ryan revoking MYSQL privileges that weren't needed and restoring from a backup. I only jumped on the team about a day after the initial attack, so I defiantly have to give a lot of credit to the Admins, Mods, and Players that helped to get WorldScape up and running again. The server and IP logs AllGoFree had were an essential part to figuring out who was behind the attack. Matching the server logs with the IP's of players who logged in lead us to believe it was Aaron (Program) and Luke (Mute).

Quoteay  5 15:04:46 debiang5 afpd[21872]: done
May  5 15:05:15 debiang5 suhosin[22004]: ALERT - configured GET variable value length limit exceeded - dropped variable 'sql_tbl_insert_q' (attacker '75.152.105.45', file '/mnt/zsites/allgofree/blitz/smf/Themes/The_Killing_SMF2/scripts/theme.php')
May  5 15:06:01 debiang5 /USR/SBIN/CRON[22070]: (ry60003333) CMD (java -jar /home/ry60003333/ServerStatus/ServerStatusJob.jar)
May  5 15:06:46 debiang5 suhosin[22104]: ALERT - configured GET variable value length limit exceeded - dropped variable 'sql_query' (attacker '75.152.105.45', file '/mnt/zsites/allgofree/blitz/smf/Themes/The_Killing_SMF2/scripts/theme.php')
May  5 15:06:50 debiang5 suhosin[22104]: ALERT - configured GET variable value length limit exceeded - dropped variable 'sql_tbl_insert_q' (attacker '75.152.105.45', file '/mnt/zsites/allgofree/blitz/smf/Themes/The_Killing_SMF2/scripts/theme.php')
May  5 15:08:08 debiang5 suhosin[22100]: ALERT - configured request variable name length limit exceeded - dropped variable 'COOKIE%3Bpma_collation_connection%3B%2F%3Bphpmyadmin_allgofree_org' (attacker '75.152.105.45', file '/mnt/zsites/Sites/proxy/index.php')



After directly asking the two through Skype, they admitted to hacking WorldScape!
Quote[5/5/12 3:55:39 PM] Aaron: It wasn't me, so you should double check whatever proof you think you have.
[5/5/12 3:55:44 PM] Ryan : http://www.allgofree.org/pics/evidence/
[5/5/12 3:55:48 PM] Ryan : http://www.allgofree.org/pics/evidence/evidence_1.png
[5/5/12 3:55:50 PM] Ryan : Hacker account.
[5/5/12 3:55:59 PM] Kevin added Seva to this chat
[5/5/12 3:56:01 PM] Ryan : Hid the IP
[5/5/12 3:56:05 PM] Ryan : logged into game
[5/5/12 3:56:05 PM] Ryan : http://www.allgofree.org/pics/evidence/evidence_2.png
[5/5/12 3:56:07 PM] Ryan : Real IP
[5/5/12 3:56:12 PM] Ryan : IP Lookup
[5/5/12 3:56:12 PM] Ryan : http://www.allgofree.org/pics/evidence/evidence_3.png
[5/5/12 3:56:13 PM] Ryan : ding ding ding
[5/5/12 3:56:17 PM] Ryan : so thats magic right?
[5/5/12 3:56:24 PM] Aaron: Hey!
[5/5/12 3:56:29 PM] Aaron: You're smarter than I thought!
[5/5/12 3:56:36 PM] Kevin: You're dumber then I thought
[5/5/12 3:57:14 PM] Luke: Sooooooo....
[5/5/12 3:57:31 PM] Aaron: It's not like I broke anything anyway. Backups ftw xD
[5/5/12 3:57:43 PM] Aaron: You're just mad that someone got through your security.
[5/5/12 3:57:53 PM] Luke: http://t3.gstatic.com/images?q=tbn:ANd9GcRYWv309EKaK_s-Jk8VVVYquZrG5OXz3ZtpNXtnYDT41cwfh8Wgpg
[5/5/12 3:58:15 PM] Ryan : No
[5/5/12 3:58:18 PM] Ryan : I'm mad
[5/5/12 3:58:19 PM] Ryan : because
[5/5/12 3:58:20 PM] Ryan : you messed
[5/5/12 3:58:22 PM] Ryan : with my
[5/5/12 3:58:24 PM] Ryan : website
[5/5/12 3:58:25 PM] Ryan : :)

So that should wrap up the whole ordeal. Hopefully we can just leave this in the past and move on with our lives. The proper actions have been taken against both Aaron and Luke. They have both been banned, Aaron's parents were contacted to make sure they knew what he had done, and a formal investigation was started by his ISP (Telus). Understanding that Luke acted as nothing more than a "cheerleader", his account was permanently banned from WorldScape.

No passwords or user information was compromised as a result of this attack. I hope that answers some questions you might have had.

- Seva
Those who believe in telekinetics, raise my hand. â€"Kurt Vonnegut

Kryptonite

Quote from: s3v on May 08, 2012, 08:25:57 PM
So that should wrap up the whole ordeal. Hopefully we can just leave this in the past and move on with our lives. The proper actions have been taken against both Aaron and Luke. As Kevin said, Aaron's parents were contacted to make sure they knew what their son had done, and a formal investigation was started by his ISP (Telus). Understanding that Luke is 14, and acted as nothing more than a "cheerleader", we felt that giving Luke a stern warning was as far as we needed to go with him.

No passwords or user information was compromised as a result of this attack. I hope the answers some questions you might have had.

- Seva

But I thought you guys banned Luke?

Quote from: Recoil on April 18, 2012, 06:21:22 PM
Quote from: X on April 18, 2012, 06:20:22 PM
Quote from: Recoil on April 18, 2012, 05:59:45 PM
Da fuq are you doing in a graffiti painted hobo dungeon for?

weed
Just lost all the respect I once had for you.



s3v

Those who believe in telekinetics, raise my hand. â€"Kurt Vonnegut

Genuine

S3v, I honestly think you shouldn't post their Ips up on here.