My RC5 Hacked (how the hell?)

Started by FaintRush, July 31, 2011, 02:01:25 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

FaintRush

July 31, 2011, 02:01:25 PM
Some bad guy hacked my rc5 forum and made a video from it:
youtube.com/watch?v=xQkuuVMKSe8&hd=1
(sorry about the russian)
Somehow he edits our posts and later its written like its edited by the author of the posts (he did not change 1 password)
Also there was no admin or moderation center
IT EVEN SEEMED LIKE HE WAS LOGGED OUT.

Question is: HOW THE HELL IT COULD HAPPEND???
WHAT THE F*@#CKING BUG IS IT??

Version was rc5 when he hacked it, now its 2.0 final (i used the backup and updated)

Illori

#1
July 31, 2011, 02:22:29 PM
please file a security report if you think this was the fault of smf, also you should contact your host to make sure this was not a server side issue.

http://www.simplemachines.org/about/smf/security.php

mashby

#2
August 01, 2011, 02:19:56 PM
One thing I noted. The top right of the screen is blacked out. That is where the user info would be. Wonder why that's blacked out? The functions the video showed are not really something a guest could do. I imagine your hacker was logged in using an admin account (yours or one he made up).
Always be a little kinder than necessary.
- James M. Barrie

mikser

#3
August 03, 2011, 05:21:24 AM
I had some time and did a little research.

He said, that "it was barely a cracking, since the doors were left totally open". Which makes me believe, that you didn't do something simple and vital (or did something stupid with mods or settings). Or maybe the whole problem isn't even SMF related. Maybe you had some kind of faulty script/software there, which compromised the whole system.

The interesting thing is that edited posts have "edited by" string with the name of the original poster. Maybe this is a titbit, which makes somebody realize what kind of vulnerability we are talking about.


You should check your logs. And you should contact your host and ask for help locating the problem, fixing it and pursuing the cracker.

And you should definitely contact police. Don't let this ****** slide!

If you need help, contact me.

I have his full name, his location (city), his full date of birth, the name of the company he works for, photos of his current car (with exact model, color, plate number, specific list of car improvements), model of his previous car, all of his e-mail accounts, the name of the domains he registered, list of his interests and professional skills, the ICQ/Skype information, his phone number, social networking lists, links to his forum/game registrations, information about at least one of his real-life friends, the account numbers for several of the online payment systems he uses, etc...


Like I said, I did a little research...  8)

Crackers should be punished! Contact me if you need help.

Never forget, never forgive! :)

AD/vh

#4
August 04, 2011, 01:17:20 AM
Quote from: mikser on August 03, 2011, 05:21:24 AM

Like I said, I did a little research...  8)



...I believe I have a new hero.   ;D

butchs

#5
August 04, 2011, 08:14:42 PM
Looked at the video a little.  Waiting for new specs but it seems like a simple admin cookie hack.  Pretty eazy and well documented thing to do...  Almost beginner level...  Something I predicted a year ago and created FF bypass protection to stop.   8)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

rawlogic

#6
August 24, 2011, 06:25:12 PM
I've recreated the cookie hack, but still, they need your cookie. Did you login from a wireless network recently? Anywhere?

With this hack, all they can do is moderation functions and post as you. They can't do any admin functions.
Print
Go Up Pages1
User actions
Advertisement: