It should be possible to add hopefully.ProfHawking wrote:yes i know the difference between brute-horse and dictionary, but i didnt realise rainbow tables made it so fast, it is rather worrying.
no chance of this salt in phpbb?
Paypal warning.
Moderator: Forum Moderators
-
Dr. kitteny berk
- Morbo
- Posts: 19676
- Joined: December 10th, 2004, 21:53
- Contact:
There are a few mods about:ProfHawking wrote:no chance of this salt in phpbb?
http://www.phpbb.com/community/viewtopic.php?t=377611
But I've not yet seen a cryptographically secure one. For instance the link above uses the registration date as the salt. The salt should be a cryptographically secure pseudo random number, not an easily guessable date!
I could always write one for phpbb as I've written them before in asp.net, it would just be a case of converting the language of the code pretty much.
Okay, so password hacks got them into 5punk but that still doesn't explain Paypal. I did use the same password for both, so it's possible it was taken from 5punk and tried in other sites, but I don't expect Prof and Berk were as careless as me.
Needless to say, all passwords on anything even vaguely important have been changed and I'm using three different strong passwords now. This unfortunately means I have to try all three passwords on every site because I can never remember which is which.
Needless to say, all passwords on anything even vaguely important have been changed and I'm using three different strong passwords now. This unfortunately means I have to try all three passwords on every site because I can never remember which is which.
-
Dr. kitteny berk
- Morbo
- Posts: 19676
- Joined: December 10th, 2004, 21:53
- Contact:
Right, that's that sorted, we were all careless. current assumed happening:Dog Pants wrote:Okay, so password hacks got them into 5punk but that still doesn't explain Paypal. I did use the same password for both, so it's possible it was taken from 5punk and tried in other sites, but I don't expect Prof and Berk were as careless as me.
Uploaded php shell script to /uploads
Used script to get ftp login info (most likely webmin login too knowing wey)
Used hax to steal the users table.
Haxed the hashed passwords
Used stolen passwords with other info (like email addy) from the stolen tables.
Used that info to break into paypal and other stuff (I'd bet they tried wow too)
How to cure:
If we reintroduce an uploads system, limit to known registered users and known filetypes.
Use lots more better passwords for the admin side of 5punk/the dreamhost account.
Sort mod to salt/nonce the password system for 5punk
Last edited by Dr. kitteny berk on April 23rd, 2007, 7:25, edited 1 time in total.
Thought it may be a good idea to throw up a list of commonly used sites in case people forget about any they may need to change passwords for:
ebay
paypal
ebuyer (although this requires extra info so this should be ok)
ballicom
scan (also requires extra info so this should be ok)
cd-wow
play
amazon
hotmail
yahoo
gmail
ISP
BT
Utilities (Gas, elastic trickery etc)
[edit]
W</i>oW
Eve
Steam
Other games
ebay
paypal
ebuyer (although this requires extra info so this should be ok)
ballicom
scan (also requires extra info so this should be ok)
cd-wow
play
amazon
hotmail
yahoo
gmail
ISP
BT
Utilities (Gas, elastic trickery etc)
[edit]
W</i>oW
Eve
Steam
Other games
Last edited by fabyak on April 23rd, 2007, 7:36, edited 2 times in total.
Cheers Fab, I'll be checking those too although I think I've got everything that could financially affect me.
If they got in through Uploads then personally I'd not like to see it back. It was handy, but there are plenty of other ways of hosting stuff and I don't like big security holes like that. Especially when they cost me $50.
If they got in through Uploads then personally I'd not like to see it back. It was handy, but there are plenty of other ways of hosting stuff and I don't like big security holes like that. Especially when they cost me $50.
-
Dr. kitteny berk
- Morbo
- Posts: 19676
- Joined: December 10th, 2004, 21:53
- Contact:
ThatDog Pants wrote:If they got in through Uploads then personally I'd not like to see it back. It was handy, but there are plenty of other ways of hosting stuff and I don't like big security holes like that. Especially when they cost me $50.
Kinda.I suspect the risk could basically have been removed by setting the uploads section as a subdirectory and not using the standard 5punk ftp account.
Instead using another account that'd only give access to the uploads directory. however, I'm not familiar with linux, or the hax they used, so there.
Mostly I think this one came down to poor setup of site features.
-
Dr. kitteny berk
- Morbo
- Posts: 19676
- Joined: December 10th, 2004, 21:53
- Contact:
I wasn't totally sure if they took it from the card first, then paypal or the other way round-
Dr. kitteny berk
- Morbo
- Posts: 19676
- Joined: December 10th, 2004, 21:53
- Contact:
I suspect we will never know and if you'll really wanted to find out it would be a great deal of work and expense I suspect. I took a dump of the web server logs from the time and had a poke around, there was lots of dodgy looking access to an uploaded "shell.php" file coming from Google.TezzRexx wrote:BTW, did we ever find out who hacked 5punk and how?
They were probably masking their IP somehow.
Do we know exactly when it all started happening?
Didn't it start about 7:30 on the thursday thay WEY left? It could have been compromised well before that though.
Also:
Also:
Result, although even the reply I got sounds a bit dodgy. I'm sure there'll be quite a few people doing the same so hopefully Paypal will pick up on it. Maybe whoever it was was hoping they could just take a load and refund anyone who noticed, but keep those that didn't.Message from Seller:
Hello Sir this money was sent to my account I have no Knowledge on why it was
Thank you.
(Refunded)
