-
Howdy! Welcome to our community of more than 130.000 members devoted to web hosting. This is a great place to get special offers from web hosts and post your own requests or ads. To start posting sign up here. Cheers! /Peo, FreeWebSpace.net
XMB Forum has been hacked!!!!
- Thread starter Visage
- Start date
Hehe...XMB obviously sucks. How could anyone hack into their forum? Their security must be horrible...
wm2k1
New Member
Originally posted by alien
I'm too late... 404...
no...its still there http://forums.xmbforum.com/
it also posted here: http://www.freewebspace.net/forums/showthread.php?threadid=17900
> I mean, come on... how stupid do you think we are
It's not at all hard for me to imagine that they put a little extra code in the php files so that whenever an admin does something (logs in, visits board, whatever...), their actions are logged in a file/database somewhere. Infact, I do the same thing in some of my scripts.
BTW, They probably don't mean on EVERY xmb forum out there, but their support forum.
It's not at all hard for me to imagine that they put a little extra code in the php files so that whenever an admin does something (logs in, visits board, whatever...), their actions are logged in a file/database somewhere. Infact, I do the same thing in some of my scripts.
BTW, They probably don't mean on EVERY xmb forum out there, but their support forum.
When I want there I got this...
This message board is closed because:
If this hacking continues, and somebody changes my password ONE MORE TIME, and uses my account ONE MORE TIME to screw up the settings, I WILL take down this support site PERMANENTLY until we can gather who is doing this, and let the feds deal with it. Damnit guys, this support forum IS FOR YOU to get help, not abuse. We know who you are, since you foolishly decided to use my account to do your evil work, all admin accounts are secretly logged with IP and time and any other details we can receive from the browser at the current time. You will be receiving an email as soon as I have time to match you up with a regular user account... Oh yeah, doesnt matter if you change your emial in your account either, we have backups... Or if you dont have an account here, im sure the feds can find one. Thanks for your time, and consider all of you warned.
This message board is closed because:
If this hacking continues, and somebody changes my password ONE MORE TIME, and uses my account ONE MORE TIME to screw up the settings, I WILL take down this support site PERMANENTLY until we can gather who is doing this, and let the feds deal with it. Damnit guys, this support forum IS FOR YOU to get help, not abuse. We know who you are, since you foolishly decided to use my account to do your evil work, all admin accounts are secretly logged with IP and time and any other details we can receive from the browser at the current time. You will be receiving an email as soon as I have time to match you up with a regular user account... Oh yeah, doesnt matter if you change your emial in your account either, we have backups... Or if you dont have an account here, im sure the feds can find one. Thanks for your time, and consider all of you warned.
Exactly. That's what you're supposed to get. I guess they haven't gotten the boards back up and running again.
I don’t even think it’ll be up for the time being. It’s not that easy to find the culprit.
Its back up. You should see a post about it at http://forums.xmbforum.com/xmb/viewthread.php?tid=5430
surfichris
New Member
XMB wasnt the only board that had this bug, some others did as well, they have all fixed the bug with the fix we provided
The hacking done was done with a special way of registering with a certain username and certain characters after it. Then the lost password function was used and the password for the administrators account got changed.
AlieXai is correct, we do log all actions in the administration control panel, we log users ip's, actions, times, useragent and any other information we can gather. Its all stored in a file on the server so it cannot be wipped without having file access to the system.
The boards were down for so long because we were looking at ways to fix the bug and to change over the language system style.
We have tracked down this person, one of the staff also received U2U's (like PM's) from him explaining how he executed the bug. The ISP of the user has been informed and from what i hear, they are dealing with you
Thank you for your support
- Chris Boulton
http://www.xmbforum.com
The hacking done was done with a special way of registering with a certain username and certain characters after it. Then the lost password function was used and the password for the administrators account got changed.
AlieXai is correct, we do log all actions in the administration control panel, we log users ip's, actions, times, useragent and any other information we can gather. Its all stored in a file on the server so it cannot be wipped without having file access to the system.
The boards were down for so long because we were looking at ways to fix the bug and to change over the language system style.
We have tracked down this person, one of the staff also received U2U's (like PM's) from him explaining how he executed the bug. The ISP of the user has been informed and from what i hear, they are dealing with you
Thank you for your support
- Chris Boulton
http://www.xmbforum.com
Last edited:
I suggest you use PHPBB2 (http://area51.phpbb.com/). It looks sleek and cool!
surfichris
New Member
