***** 2nd CTW Forum Hack *****

[Claire DC]

Mr_Happy said:

Maria said:

The board WASN'T neccasarily hacked, was it ?

 

Some vindictive little twat logged into an admins account and deleted a few forums.

 

If it was a hack, im sure they would have started "playing about" to begin with. But they / it, didn't.

 

 

didnt the newbes forum and 1 of teh techie forums disapear a couple of days back?

 

Yeah i saw the newbies post had gone about 2 days ago wasnt it?

[Mr_Happy]

James said:

sorry , my bad - it WASNT a 'hack' - someone got hold of one of the Admin passwords.

 

whats jargon @ the end of the day. just be greatful it was soo easily fixed. im sure sum1 more evil could have killed it completely

[Capn Jack]

Good thing no-one could have got access to the server, now that would have been bad.

[CreamyC]

Hasn't solved any issues though has it.

[Lisa]

definately a fooking RAT among us!!!!

[Scream]

the ironic thing gaining access to the srever would probably be a lot easier than to get into the config files for the board.

 

the thing is i find it strange, someone that can do this sort of thing don't usually tell anyone, they do it and let it be done. UNLESS it's a personal grudge. However if this person has been making threats it doesn't mean it's them. It a little food for thought on this.

[Capn Jack]

So whats the plan?

 

How is this going to be resolved?

 

Could the community help out?

 

What happens when the person is caught?

[Crill]

Capn_Jack said:

So whats the plan?

 

How is this going to be resolved?

 

Could the community help out?

 

What happens when the person is caught?

Simple, we [censored] them up

[Lisa]

Scream said:

the ironic thing gaining access to the srever would probably be a lot easier than to get into the config files for the board.

 

the thing is i find it strange, someone that can do this sort of thing don't usually tell anyone, they do it and let it be done. UNLESS it's a personal grudge. However if this person has been making threats it doesn't mean it's them. It a little food for thought on this.

 

well there you go then!!!!

[Scream]

well if they are caught they can be prosectuded as it's breaking the law. however it would be a waste of time. I think we should learn from this lesson, make the password for admin over 8 alphanumeric characters long. I mean the more characters use the better and harder the password to crack.

 

but at present, there is no physical evidence. James get the activity logs if you log the transactions to the site. As you'll know roughly when this happened. Find the IP, then tracert it. this will help as then you can contact the ISP and let the deal with it. they will have more clout behind them than what you can do. I see that as the best approach.

[Capn Jack]

Scream said:

well if they are caught they can be prosectuded as it's breaking the law. however it would be a waste of time. I think we should learn from this lesson, make the password for admin over 8 alphanumeric characters long. I mean the more characters use the better and harder the password to crack.

 

Good suggestion on the longer passwords. The whole prosecution thing would indeed be pointless and may also backfire as it comes to bringing the laws attention to this site.

 

Scream said:

but at present, there is no physical evidence. James get the activity logs if you log the transactions to the site. As you'll know roughly when this happened. Find the IP, then tracert it. this will help as then you can contact the ISP and let the deal with it. they will have more clout behind them than what you can do. I see that as the best approach.

 

Good plan.

[FredTheBaddie]

Scream said:

well if they are caught they can be prosectuded as it's breaking the law. however it would be a waste of time. I think we should learn from this lesson, make the password for admin over 8 alphanumeric characters long. I mean the more characters use the better and harder the password to crack.

 

Assuming the password was cracked. Which it almost certainly wasn't.

[Scream]

could of been guessed. Always a possibility. Don't rule it out just cus it looks far fetched. I mean they never though two jets would crash into the wtc but it did.

 

if you start ruling things out like that then you're only setting yourself up for a fall.

[Capn Jack]

FredTheBaddie said:

Scream said:

well if they are caught they can be prosectuded as it's breaking the law. however it would be a waste of time. I think we should learn from this lesson, make the password for admin over 8 alphanumeric characters long. I mean the more characters use the better and harder the password to crack.

 

Assuming the password was cracked. Which it almost certainly wasn't.

 

Still a good idea to protect it from any other more determined attempts. And to make sure none of the admins allow their passwords to get out.

[Digital Liquid]

Isn't it reasonable to assume that in deleting the forums, in such an obvious manner, the hacker wasn't a "pro" as, if they were, surely the information potentially available would have been used in a more subtle/catastrophic way. i.e. blanket e.mail virus to the community or placing a virus within the web page itself? (I'm assuming the admin control panel gives full rights/access to files etc)

It's just a thought but, perhaps, CTW and the Community got off lightly with an opportunist who wasn't technically able to do anything more than push delete !

 

It's just a thought......

 

......who ever did it should have their hard drives inserted up their rectum - now that would be MUCH better than a toy car in a condom (JA the movie)

 

Steve