Page 3 of 3
Posted: May 1st, 2007, 12:13
by spoodie
FatherJack wrote:They deleted everything to disguise the fact that they'd stolen passwords, which they then tried on PayPal, so not utterly stupid.
That's not actual proved fact though is it, could just be a coincidence.
Posted: May 1st, 2007, 12:14
by FatherJack
Two or three board members, within days of the attack, who used the same email/password combination for both.
Posted: May 1st, 2007, 12:18
by spoodie
I didn't think that was the case from what I read but I'll take your word for it. I'm glad I'm not that stupid.
Posted: May 1st, 2007, 12:22
by Dr. kitteny berk
FatherJack wrote:
They deleted everything to disguise the fact that they'd stolen passwords, which they then tried on PayPal, so not utterly stupid.
That.
Also the deleting of stuff likely destroys a lot of logs etc to make it hard to tell who and when it was done.
spoodie wrote:I didn't think that was the case from what I read but I'll take your word for it. I'm glad I'm not that stupid.
That was exactly the case, and not entirely stupid, more stupid and lazy.
Posted: May 1st, 2007, 12:29
by Woo Elephant Yeah
For those that are interested I can send you the files in a zip if you want to have a look at them, but basically it's php files that hack into the site and gain shell access.
The reason they delete everything is to try and cover their tracks, but in reality they'd be better off not doing anything, and we wouldn't of even known it happened, so I'm actually quite glad they did this, rather than have it go on without us having a clue.
Posted: May 1st, 2007, 12:31
by cashy
Did anyone get a picture of berk on his hands and knees covered in his own sick? We need a 'Berk is wrong' macro
Posted: May 1st, 2007, 12:37
by Lateralus
cashy wrote:Did anyone get a picture of berk on his hands and knees covered in his own sick? We need a 'Berk is wrong' macro
If no-one did, then clearly none of you are really his friends.
Posted: May 1st, 2007, 12:41
by Dr. kitteny berk
Woo Elephant Yeah wrote:For those that are interested I can send you the files in a zip if you want to have a look at them, but basically it's php files that hack into the site and gain shell access.
Not that.
Woo Elephant Yeah wrote:The reason they delete everything is to try and cover their tracks, but in reality they'd be better off not doing anything, and we wouldn't of even known it happened, so I'm actually quite glad they did this, rather than have it go on without us having a clue.
That, sorta. if they'd not nuked everything, they'd've been identifiable, which they probably don't want when money is involved.
As it is, everyone just assumes a basic ftp haxxing until stuff goes wrong and on bigger forums, I'd expect no-one would pick up on a few closely timed paypal hackings
Posted: May 1st, 2007, 14:58
by eion
Dr. kitteny berk wrote:
That, sorta. if they'd not nuked everything, they'd've been identifiable, which they probably don't want when money is involved.
Not that, cos even the most half-witted script kiddy knows enough to use a proxy.