# CM hacked



## RangerWickett

CM is loading a page saying that a group has hacked it to show the site's vulnerabilities. There's a flashing rainbow image. I closed the browser and am doing a scan of my computer to make sure they didn't put anything malicious there.


----------



## LightPhoenix

I don't know, that dancing rainbow cat was kind of amusing.


----------



## Dice4Hire

Ive never been over there.


----------



## Dice4Hire

And I guess now is not a good time to visit.


----------



## jonesy

RangerWickett said:


> CM is loading a page saying that a group has hacked it to show the site's vulnerabilities.



As if. Doing something like this only shows it's possible. People who do that do it so their friends think they're cool or something. If they actually wanted to show the vulnerabilities they should post a list of security holes.


----------



## Dannyalcatraz

IOW, Flaming Rainbow Cat = "Look at me, I'm an Ass!"


----------



## fanboy2000

Well, now the page is showing that CM is down for emergency maintenance.


----------



## Scott DeWar

Well, this answers my questions about this.


----------



## Bagpuss

Hope it wasn't hit as bad as EN World was. Although I guess there isn't as much to lose.


----------



## Scarbonac

Ah. Well, that explains that.


----------



## Dimwhit

Hackers are about the lowest form of life. Not quite, what with the rapists and pedophiles and all...


----------



## kirinke

I'm just...

Going to twitch over there. Don't mind me.


----------



## Scott DeWar

kirinke said:


> I'm just...
> 
> Going to twitch over there. Don't mind me.



 [MENTION=12788]Krinkle[/MENTION]
*this cup of coffee brought to by insane jeenyus*


----------



## kirinke

> this cup of coffee brought to by insane jeenyus*



Hope it's decaf!

In anycase, does anyone have a time frame of when the Circvs will be back up and how it got compromised? I mean.... It must have done some serious stuff, because it's been down a coupla days.


----------



## Morrus

kirinke said:


> Hope it's decaf!
> 
> In anycase, does anyone have a time frame of when the Circvs will be back up and how it got compromised? I mean.... It must have done some serious stuff, because it's been down a coupla days.




Are you really asking this at 1.05 am on New Years Day ?


----------



## kirinke

Lol. It's about 7pm here. Sorry, forgot about the time difference.


----------



## Morrus

kirinke said:


> Lol. It's about 7pm here. Sorry, forgot about the time difference.




7pm on New Year's Eve isn't much of an improvement...

I've been at my parents' since Saturday.  Got back today at about 6pm my time, headed out for NYE at 8pm after a quick meal and wash.  Back now and it's 1.45 am.  Going to bed....


----------



## jonesy

Morrus said:


> 7pm on New Year's Eve isn't much of an improvement...
> 
> I've been at my parents' since Saturday.  Got back today at about 6pm my time, headed out for NYE at 8pm after a quick meal and wash.  Back now and it's 1.45 am.  Going to bed....



We all wish you the best year 2013. After the one that just ended you deserve much much much much much better.


----------



## Ovinomancer

Morrus said:


> 7pm on New Year's Eve isn't much of an improvement...
> 
> I've been at my parents' since Saturday.  Got back today at about 6pm my time, headed out for NYE at 8pm after a quick meal and wash.  Back now and it's 1.45 am.  Going to bed....




You need to get your priorities in order.


----------



## kirinke

I'd say something gramma wouldn't like.... But gramma wouldn't like it. I'll go with drat and twitch.

Oooo.... The eyelid's joining the fun.


----------



## Wild Gazebo

RangerWickett said:


> CM is loading a page saying that a group has hacked it to show the site's vulnerabilities. There's a flashing rainbow image. I closed the browser and am doing a scan of my computer to make sure they didn't put anything malicious there.




What a sensible fellow.  I always know how much I like being mugged to know my personal vulnerabilities, car-jacked to know my mobile vulnerabilities...and napalmed to know my pain vulnerabilities.  What a nice fellow.


----------



## Dannyalcatraz

> ...car-jacked to know my mobile vulnerabilities...




Tangent: there was a car-alarm/security company that hired a street teem to hand out advertising fliers.  The technique employed was that each member of the street team was given fliers to put inside any unlocked car they found, saying something to the effect of "Congratulations!  Your car was unlocked, but we found it instead of the thieves!" and the company's contact info.

Problem was, some of the street team didn't lock the doors after placing the fliers, and at least one local car theft ring figured that out and started trailing the street team...


----------



## Rune

Dannyalcatraz said:


> Tangent: there was a car-alarm/security company that hired a street teem to hand out advertising fliers.  The technique employed was that each member of the street team was given fliers to put inside any unlocked car they found, saying something to the effect of "Congratulations!  Your car was unlocked, but we found it instead of the thieves!" and the company's contact info.
> 
> Problem was, some of the street team didn't lock the doors after placing the fliers, and at least one local car theft ring figured that out and started trailing the street team...




And those employees that _did_ lock the doors might have caused problems, too, if the car-owners didn't have car-door keys on them because they weren't expecting someone to lock them out of their car.


----------



## TarionzCousin

Dannyalcatraz said:


> Problem was, some of the street team didn't lock the doors after placing the fliers, and at least one local car theft ring figured that out and started trailing the street team...



But, you must admit, you got a really nice new car for 2013.


----------



## Umbran

Rune said:


> And those employees that _did_ lock the doors might have caused problems, too, if the car-owners didn't have car-door keys on them because they weren't expecting someone to lock them out of their car.




How many modern vehicles have door keys that aren't also ignition keys?


----------



## Rune

Umbran said:


> How many modern vehicles have door keys that aren't also ignition keys?




But we don't all drive modern cars!


----------



## PowerWordDumb

kirinke said:


> I'd say something gramma wouldn't like.... But gramma wouldn't like it. I'll go with drat and twitch.
> 
> Oooo.... The eyelid's joining the fun.




Note to self:  This is not the board where everyone routinely tells kirinke to shut the...

Well, you know.


----------



## kirinke

My car's modern. It doesn't have an ignition key thingie.
Thank god.


----------



## Umbran

kirinke said:


> My car's modern. It doesn't have an ignition key thingie.
> Thank god.




Okay, so if you leave your door unlocked, anyone could just sit down, push a button, and drive off with your car?  No skill at all required?

How often do you figure with a car like that, anyone in an area with enough people to make this ad scheme worthwhile will want their car doors left unlocked?


----------



## Dannyalcatraz

Actually, you still need the RFID chip in the key fob to start the car.

However, there ARE ways around this.  In a given car model, there may be only a couple dozen different physical key & lock variations, and some makers, its as few as seven.  Usually, they're randomized, but about a decade or so ago, Skoda got in trouble for shipping about 150,000 cars with the same lock to Canada...as a single shipment.

I wouldn't be surprised to find out that there are only a few dozen RFID codes, and over time, a car theft ring could easily scan them all and put them on a single transmitter.

...assuming that they can't just hotwire them, of course.


----------



## CypherSmith

kirinke said:


> My car's modern. It doesn't have an ignition key thingie.
> Thank god.




Actually, if you have a Prius or similar, you do have a key (it's hidden in the fob) and there's a slot to put the fob if the fob's battery has died.



Umbran said:


> Okay, so if you leave your door unlocked, anyone could just sit down, push a button, and drive off with your car?  No skill at all required?
> 
> How often do you figure with a car like that, anyone in an area with enough people to make this ad scheme worthwhile will want their car doors left unlocked?




All I have to do is have my fob on me in order to start my car.  If I don't have my fob, my car won't start.  So, unless you know how to hotwire it, you can't steal it.  I suspect the same is true of kirinke's car.


----------



## kirinke

> Thank god.
> Actually, if you have a Prius or similar, you do have a key (it's hidden in the fob) and there's a slot to put the fob if the fob's battery has died.



I have a Kia. Just a standard key you put into the ingition to start the car.


----------



## Ovinomancer

PowerWordDumb said:


> Note to self:  This is not the board where everyone routinely tells kirinke to shut the...
> 
> Well, you know.




It would be far more entertaining if you misplaced this note.

At least briefly.


----------



## Umbran

CypherSmith said:


> All I have to do is have my fob on me in order to start my car.  If I don't have my fob, my car won't start.




Right.  And is your fob at all likely to be any distance from the physical key for the door?  Like, you'd leave your door key in the car, but keep the ignition fob with you?  Because that's the basic question that this is about - the driver having the way to *start* the car on them, but somehow not have the thing to unlock the door.


----------



## CypherSmith

kirinke said:


> I have a Kia. Just a standard key you put into the ingition to start the car.




I assume then that you key also unlocks the door?



Umbran said:


> Right.  And is your fob at all likely to be any distance from the physical key for the door?  Like, you'd leave your door key in the car, but keep the ignition fob with you?  Because that's the basic question that this is about - the driver having the way to *start* the car on them, but somehow not have the thing to unlock the door.




Well, I could have the fob and not have the key, and I would have absolutely no problem getting into the car (and I wouldn't even have to take it out, my car unlocks with a touch of the door handle and locks with a touch of a button on the outside, neither of which will work without the fob).  And if a thief happened to have the key, he could NOT start the car, though he could get in.  And, if I lost that key, and the battery on my fob was dead, I could start the car, but I could NOT unlock it.


----------



## TarionzCousin

One weird thing about this thread is seeing what people pick for their own avatars when given a chance. Ovi's actually fits.

So does PWD, but Kirinke's is completely wrong!


----------



## loki44

TarionzCousin said:


> One weird thing about this thread is seeing what people pick for their own avatars when given a chance. Ovi's actually fits.
> 
> So does PWD, but Kirinke's is completely wrong!




I always pictured you with more erect ears.


----------



## Scarbonac

Sooo, any word, yet...?


----------



## Morrus

I posted this in the Facebook group earlier. 

[h=5]So  here's an update - we're still working on the server.  The whole thing  was rootkitted, which means completely reformatting the HD and start  again using a backup of the database and a clean install of vBulletin.  We also have some hosted sites on the server (like the Creature Catalog)  which we're trying to work out what to do with.  Both my sites hacked  within one month; if I didn't know better I'd think it was personal!   Anyway, CM is coming back; it's just proving slightly trickier than we  thought.  Not "we can't do it" tricky, just "it's a bit more work than  we expected" tricky.[/h]


----------



## loki44

Thanks for the update and the effort!


----------



## Scott DeWar

Are you able to figure out who the b4574rd5 are yut, Guvnor?


----------



## Dungannon

Are going to use this as an opportunity to upgrade the vBulletin like you were talking about?


----------



## jonesy

Dannyalcatraz said:


> Actually, you still need the RFID chip in the key fob to start the car.
> 
> However, there ARE ways around this.  In a given car model, there may be only a couple dozen different physical key & lock variations, and some makers, its as few as seven.  Usually, they're randomized, but about a decade or so ago, Skoda got in trouble for shipping about 150,000 cars with the same lock to Canada...as a single shipment.
> 
> I wouldn't be surprised to find out that there are only a few dozen RFID codes, and over time, a car theft ring could easily scan them all and put them on a single transmitter.
> 
> ...assuming that they can't just hotwire them, of course.



No need to hotwire or hack anything. All that the thieves apparently need is to know where the owner keeps his key and have an accomplice near him or it:

http://www.technologyreview.com/news/422298/car-theft-by-antenna/

Just another reason why the words 'digital security' make me cringe.


----------



## Dannyalcatraz

jonesy said:


> No need to hotwire or hack anything. All that the thieves apparently need is to know where the owner keeps his key and have an accomplice near him or it:
> 
> http://www.technologyreview.com/news/422298/car-theft-by-antenna/.




That's what I was alluding to when I said:


> I wouldn't be surprised to find out that there are only a few dozen RFID codes, and over time, a car theft ring could easily scan them all and put them on a single transmitter.




But even without that, I'm sure there are old-fashioned low-tech ways to steal those cars, if you're an experienced pro.


----------



## kirinke

Dannyalcatraz said:


> That's what I was alluding to when I said:
> 
> 
> But even without that, I'm sure there are old-fashioned low-tech ways to steal those cars, if you're an experienced pro.




Y'kin tell how much a bunch of CMer's are ancy by the the amount of thread-drift on a topic they're posting in.


----------



## darjr

It is entertaining. In a way it's a disincentive. In a good way.


----------



## PowerWordDumb

Morrus said:


> I posted this in the Facebook group earlier.
> 
> [h=5]So  here's an update - we're still working on the server.  The whole thing  was rootkitted, which means completely reformatting the HD and start  again using a backup of the database and a clean install of vBulletin.  We also have some hosted sites on the server (like the Creature Catalog)  which we're trying to work out what to do with.  Both my sites hacked  within one month; if I didn't know better I'd think it was personal!   Anyway, CM is coming back; it's just proving slightly trickier than we  thought.  Not "we can't do it" tricky, just "it's a bit more work than  we expected" tricky.[/h]




Take your time, dude.  We're a legendarily understanding and forgiving bunch.


----------



## TarionzCousin

kirinke said:


> Y'kin tell how much a bunch of CMer's are ancy by the the amount of thread-drift on a topic they're posting in.






darjr said:


> It is entertaining. In a way it's a disincentive. In a good way.



So... how about those [insert name of favorite sports team here]? They really played hard/sucked/got their butts kicked/are motivated to win now, huh?


----------



## Scott DeWar

TarionzCousin said:


> So... how about those [insert name of favorite sports team here]? They really played hard/sucked/got their butts kicked/are motivated to win now, huh?




Wow, that statement is as definitive as an indefinate maybe.


----------



## kirinke

> So here's an update - we're still working on the server. The whole thing was rootkitted, which means completely reformatting the HD and start again using a backup of the database and a clean install of vBulletin. We also have some hosted sites on the server (like the Creature Catalog) which we're trying to work out what to do with. Both my sites hacked within one month; if I didn't know better I'd think it was personal! Anyway, CM is coming back; it's just proving slightly trickier than we thought. Not "we can't do it" tricky, just "it's a bit more work than we expected" tricky.




Ouch. I kinda figgured it was giving you a migraine to untangle, considering that the site has been down over a week.  I don't envy you the job lemme say that!

Right. The next time I see those toaster hackers, I'm denying them bread! That'll teach em!


----------



## Scarbonac

PowerWordDumb said:


> Take your time, dude.  We're a legendarily understanding and forgiving bunch.




Oh hell no.

...wait -- I mean...yes.

Maybe...?

...oh, I don't know...

[I suspect personal malice on the part of the "hackers", but then, I'm something of a misanthrope...]


----------



## kirinke

It's starke's revenge!


----------



## freyar

Morrus said:


> I posted this in the Facebook group earlier.
> 
> [h=5]So  here's an update - we're still working on the server.  The whole thing  was rootkitted, which means completely reformatting the HD and start  again using a backup of the database and a clean install of vBulletin.  We also have some hosted sites on the server (like the Creature Catalog)  which we're trying to work out what to do with.  Both my sites hacked  within one month; if I didn't know better I'd think it was personal!   Anyway, CM is coming back; it's just proving slightly trickier than we  thought.  Not "we can't do it" tricky, just "it's a bit more work than  we expected" tricky.[/h]




Just a question or two about the Creature Catalog there: The CC site is still up, so should it be disabled if it's on a compromised server?  And have you been able to back up the CC database?  No rush answering or getting things fixed, I know you're doing the best job possible.


----------



## Vrecknidj

kirinke said:


> It's starke's revenge!



I knew it! It must be an international waters, maritime law thing. Damn those ruthless, super-intelligent-at-law hackers.


----------



## Ovinomancer

PowerWordDumb said:


> Take your time, dude.  We're a legendarily understanding and forgiving bunch.




I lol'd.


----------



## kirinke

Vrecknidj said:


> I knew it! It must be an international waters, maritime law thing. Damn those ruthless, super-intelligent-at-law hackers.




He's really steppin out of the books on this one......


----------



## Dimwhit

Out of curiosity, how old is the backup you'll be restoring?


----------



## jonesy

Dimwhit said:


> Out of curiosity, how old is the backup you'll be restoring?



It's from when Diaglo was still a young man.


----------



## Dannyalcatraz

Oh, so from when EVERYTHING was done on tablets...


----------



## kirinke

Dannyalcatraz said:


> Oh, so from when EVERYTHING was done on tablets...




Pfft. Yer nuthin but a youngun. We're talkin Abacus' here....

I betcha don't even remember when we had calculator's the size of tablets, instead of being an app on a tablet....


----------



## Morrus

kirinke said:


> Pfft. Yer nuthin but a youngun. We're talkin Abacus' here....
> 
> I betcha don't even remember when we had calculator's the size of tablets, instead of being an app on a tablet....




I think Danny's joke went right over your head there.


----------



## Bagpuss

Yeah there was an unspoken "clay" in front of the tablets.


----------



## Morrus

Bagpuss said:


> Yeah there was an unspoken "clay" in front of the tablets.




Or stone.


----------



## Scott DeWar

Dimwhit said:


> Out of curiosity, how old is the backup you'll be restoring?






jonesy said:


> It's from when Diaglo was still a young man.






Dannyalcatraz said:


> Oh, so from when EVERYTHING was done on tablets...




We have to wait so long because they are still trying to chip off the settled dust. Harder then fringe amber!



kirinke said:


> Pfft. Yer nuthin but a youngun. We're talkin Abacus' here....
> 
> I betcha don't even remember when we had calculator's the size of tablets, instead of being an app on a tablet....




I remember the TI-30 with the black plastic case. That was right before graduating high school.


----------



## Scott DeWar

Dimwhit said:


> Out of curiosity, how old is the backup you'll be restoring?






jonesy said:


> It's from when Diaglo was still a young man.






Dannyalcatraz said:


> Oh, so from when EVERYTHING was done on tablets...






Morrus said:


> Or stone.




Given we're talking Diaglo, We are talking stone, for certain.


----------



## Dannyalcatraz

Me?  I'm a geezer of sorts.  I can remember when we couldn't have thos big calculators in school because they all:

1) required a plug

2) required paper

3) were too noisy

Not to mention all they did was add, subtract, multiply & divide.

I remember the first LED calculators from TI...and the joy of discovering the importance of numbers like 7734, 58008 and so forth.

Yes, mom DID drop me off at school from the back of a dinosaur...


----------



## Scott DeWar

710 77245, except the 4 was an h.


----------



## Umbran

"When I Was a Boy"
Copyright © 1997 by Frank Hayes, Firebird Arts & Music (BMI)

Performed by Joe Bethancourt:

http://www.youtube.com/watch?v=p1fBd7UbQPA

Lyrics:
_When I was a boy our Nintendo
Was carved from an old Apple tree
And we used garden hose to connect it
To our steam-powered color tv.

But it still beat that ancient Atari
'Cuz I almost went blind, don'tcha know,
Playing Breakout and Pong on a video game
Hooked up to the radio.

And we walked twenty miles to the schoolhouse
Barefoot, uphill both ways,
Through blizzards in summer and winter
Back in the good old days.
Back when Fortran was not even Three-tran
And the PC was only a toy
And we did our computing by gaslight
When I was a boy.

When I was a boy all our networks
Were for hauling in fish from the sea--
Our bawd rate was eight bits an hour (and she was worth it!),
And our IP address was just 3.

And you kids who complain that the World Wide Web
Is too slow oughtta cut out your bitchin',
'Cuz when I was a boy every packet
Was delivered by carrier pigeon

And we walked twenty miles to the schoolhouse
Barefoot, uphill both ways,
Through blizzards in summer and winter
Back in the good old days.
Back when Fortran was not even Two-tran
And the mainframe was only a toy
And we did our computing by torchlight
When I was a boy.

When I was a boy our IS shop
Built relational tables from wood,
And we wrappered our data in oilcloth
To preserve it the best that we could.

And we carried our bits in a bucket,
And our mainframe weighed 900 tons,
And we programmed in ones and in zeros
And sometimes we ran out of ones.

And we walked twenty miles to the schoolhouse
Barefoot, uphill both ways,
Through blizzards in summer and winter
Back in the good old days.
Back when Fortran was not even One-tran
And the abacus? Only a toy!
And we did our computing in primordial darkness
When I was a boy._


----------



## Dannyalcatraz

Scott DeWar said:


> 710 77245, except the 4 was an h.






Wasn't that supposed to be 710 77345?


----------



## Scott DeWar

Dannyalcatraz said:


> Wasn't that supposed to be 710 77345?




_Lo Ciento_. I am still having troubles with my hands.


----------



## Dannyalcatraz

No biggie- I was just wondering if I missed one!


----------



## Scarbonac

Scott DeWar said:


> Given we're talking Diaglo, We are talking stone, for certain.




We all know that the only workable material was fresh droppings, worked into slabs and incised with runes & sigils via tools made of old fish-bones, Australopithecus afarensis teeth and velociraptor claws; then, dried in the sun (with care to keep the ravening dung-beetles from ruining Shaky-Spear's "Romie-Ugh and Julie-Hurr") to preserve them for later generations to burn when they ran out of wood...

An entire literary tradition, gone in a puff of smoke due to the scarcity of fuel during the last Ice Age...


----------



## PowerWordDumb

Umbran said:


> "When I Was a Boy"
> Copyright © 1997 by Frank Hayes, Firebird Arts & Music (BMI)
> 
> Performed by Joe Bethancourt:
> 
> http://www.youtube.com/watch?v=p1fBd7UbQPA
> 
> Lyrics:
> _When I was a boy our Nintendo
> Was carved from an old Apple tree
> And we used garden hose to connect it
> To our steam-powered color tv.
> 
> But it still beat that ancient Atari
> 'Cuz I almost went blind, don'tcha know,
> Playing Breakout and Pong on a video game
> Hooked up to the radio.
> 
> And we walked twenty miles to the schoolhouse
> Barefoot, uphill both ways,
> Through blizzards in summer and winter
> Back in the good old days.
> Back when Fortran was not even Three-tran
> And the PC was only a toy
> And we did our computing by gaslight
> When I was a boy.
> 
> When I was a boy all our networks
> Were for hauling in fish from the sea--
> Our bawd rate was eight bits an hour (and she was worth it!),
> And our IP address was just 3.
> 
> And you kids who complain that the World Wide Web
> Is too slow oughtta cut out your bitchin',
> 'Cuz when I was a boy every packet
> Was delivered by carrier pigeon
> 
> And we walked twenty miles to the schoolhouse
> Barefoot, uphill both ways,
> Through blizzards in summer and winter
> Back in the good old days.
> Back when Fortran was not even Two-tran
> And the mainframe was only a toy
> And we did our computing by torchlight
> When I was a boy.
> 
> When I was a boy our IS shop
> Built relational tables from wood,
> And we wrappered our data in oilcloth
> To preserve it the best that we could.
> 
> And we carried our bits in a bucket,
> And our mainframe weighed 900 tons,
> And we programmed in ones and in zeros
> And sometimes we ran out of ones.
> 
> And we walked twenty miles to the schoolhouse
> Barefoot, uphill both ways,
> Through blizzards in summer and winter
> Back in the good old days.
> Back when Fortran was not even One-tran
> And the abacus? Only a toy!
> And we did our computing in primordial darkness
> When I was a boy._




Spoony?!?


----------



## Morrus

We're back, by the way.


----------



## PowerWordDumb

Morrus said:


> We're back, by the way.




Phew.  Some things are hard to hold in.


----------



## Scott DeWar

Saw that, now I have to figure out what my password was.


----------



## Dannyalcatraz

Scott DeWar said:


> Saw that, now I have to figure out what my password was.




Is it "password"?  "Friend", perhaps?  Or "Joshua"!


----------



## darjr

or 'mellon'?


----------



## Scott DeWar

It was Joshua . . . . .but now my computer wants to play THERMAL NUCLEAR WAR for some reason . . . .


----------



## fanboy2000

Dannyalcatraz said:


> But even without that, I'm sure there are old-fashioned low-tech ways to steal those cars, if you're an experienced pro.



Well, there's towing.



Dannyalcatraz said:


> Yes, mom DID drop me off at school from the back of a dinosaur...



Yabba, dabba, do!


----------

