ATTENTION: Recent hacks and security

Zitat:

---

Zitat von mannymix03

this is pretty dang interesting

why our password is in cookies.....

---

So it can auto log us in.

Isn't it at least encrypted in some way when its stored in cookies?

Probably is...

Zitat:

---

Zitat von |-Anubis-|

Isn't it at least encrypted in some way when its stored in cookies?

---

It's get decrypted, or he just used the cookies without even knowing the password. I would image.

Zitat:

---

Zitat von |-Anubis-|

Isn't it at least encrypted in some way when its stored in cookies?

Probably is...

---

yes it is, but there are dozens of free programs to decode these cookies to find the actual pw, their use is for pw recovery but can easily be used for finding pw to stolen cookies

Zitat:

---

Zitat von Deturbanator

yes it is, but there are dozens of free programs to decode these cookies to find the actual pw, their use is for pw recovery but can easily be used for finding pw to stolen cookies

---

Yep, there in md5 format. (I found a site that shows how to hack Vb forums a while back, if a mod wants the link so they can research it PM me. BTW, im not the hacker, and im horrible at hacking)

Zitat:

---

Zitat von C-Money

Yep, there in md5 format. (I found a site that shows how to hack Vb forums a while back, if a mod wants the link so they can research it PM me. BTW, im not the hacker, and im horrible at hacking)

---

Yea, and if you get access to the database you can decrypt that too and get all the PW. Or, it was possible before atleast.

Zitat:

---

Zitat von C-Money

Yep, there in md5 format. (I found a site that shows how to hack Vb forums a while back, if a mod wants the link so they can research it PM me. BTW, im not the hacker, and im horrible at hacking)

---

We have the link to the site he used to hack it, but it's the prevention of more hacks that's taking the time.

Also this is somewhat related to hacking and stuff. Steven was banned yesterday for saying inflammatory things towards other members. Turns out his account was being used from a different IP address, so he might be hacked also. Same thing with Gutya and apparently that account was used to PM the exploit to mods.

So yeah...pretty messed up and I'm sure everyones trying to get everything back to normal.

Zitat:

---

Zitat von PopeOfDope

Also this is somewhat related to hacking and stuff. Steven was banned yesterday for saying inflammatory things towards other members. Turns out his account was being used from a different IP address, so he might be hacked also. Same thing with Gutya and apparently that account was used to PM the exploit to mods.

So yeah...pretty messed up and I'm sure everyones trying to get everything back to normal.

---

After everything is fixed, will your signature still be able to function? It was quite entertaining.

So why was I banned? I had nothing to do with the cookie hacking.

You might have been hacked.

Wow, this is REALLY out of hand!

Yup I got hacked but im back as usual, having a day off the forums, i miss so much, scary stuff tho i got to admit (ebay etc)

Zitat:

---

Zitat von JordanBlack68

Yup I got hacked but im back as usual, having a day off the forums, i miss so much, scary stuff tho i got to admit (ebay etc)

---

Good thing im not part of any billing sites, only forums and other crap!

Ok I know why nights was banned. I was talking to the person who hacked the forums today last night. At the moment I am discussing with Jake what I did and didn't do.

nights2 so do i, justin explained to me, sounds right enough tho

Zitat:

---

Zitat von nights2

Ok I know why nights was banned. I was talking to the person who hacked the forums today last night. At the moment I am discussing with Jake what I did and didn't do.

---

Wow...

Well if you are discussing it with Jake then he will give you the answer or refer you to someone who does know the answer. No need to keep asking here.

Yes but the whole answer is I was simply resposible for the Show your love for Hooger thread. Nothing else. Hooger was telling me that if he wasn't unbanned he would have to hack the forums though. I am asking Jake to be allowed access to the proof which is in nights's PM box.

It is times like this where I just HAVE to stress that it is of the utmost importantcy that people only post when they know what they are talking about.

To clear things up...

Zitat:

---

Zitat von PopeOfDope

What happened?

As some of you have seen, a few accounts have been hacked recently on this forum by a single person who is set on ruining the forums. The user keeps on using a different IP address so an IP ban will not work in this case

Who can stop it?

While we may not be able to stop hackers from signing up using proxies, we as users must be vigilant on what links we click and what information we give out to others.

What should I do?

You can start by changing your password right now. It isn't in any danger right now, but it is good practice to change it at least once a month, regardless of whether you think it is hacked or not.
Another tip is to make sure you do not use the same password for multiple sites. In the past, Myspace exploits have led to passwords being stolen off users and the same passwords worked on QJ.
Use Firefox or Opera if you are still using Internet Explorer. While that may have not helped in this situation, FF and Opera are still safer browsers.
Use an antivirus software if you are using Windows. The best free one is AVG
http://free.grisoft.com/doc/1

The only way we can stop these hacks is to become more vigilant. Do not click any links from posters with a very low number of posts, unless they seem to be trustworthy. If no one falls for any of the hackers tricks, then they will have no reason to keep on doing it.

What's being done?

Links have been disabled in order to stop people from posting more links to potential exploits. This is only a temporary measure and it should be resolved soon. Admins know what exploit was used and are currently working to fix it. Things should go back to normal soon

We thank you for your co operation

---

First off, passwords were not compromised. This is near impossible as even the Admins themselves do NOT have access to your passwords. They are stored in the forum database as an MD5 hash. An MD5 hash cannot be reversed. And it is pretty much IMPOSSIBLE to "decrypt"/"crack" an MD5 hash.

Secondly, changing your password isn't what will secure your account. You need to LOG OUT, clear your cookies AND log back in, in order for the old cookie to be invalidated and the new one to take its place.

Zitat:

---

Zitat von Deturbanator

yes it is, but there are dozens of free programs to decode these cookies to find the actual pw, their use is for pw recovery but can easily be used for finding pw to stolen cookies

---

No there aren't. Since passwords are not stored in cookies. The only thing stored in a cookie for vBulletin that is of any use to a hacker is a session key. This allows you masquerade as the user to which the cookie is associated.

Zitat:

---

Zitat von Brad.

Make sure to clear you cookies if you clicked the image link posted by the hacked accounts.

---

As I said above, clearing your cookies is not enough. You'll get the same one assigned to your account. Thus, leaving yourself vulnerable.

Zitat:

---

Zitat von PopeOfDope

It's a sad time for that person who sits in his mums basement, trying to hack a PSP hacking forum multiple times.

---

Feeding the troll is never smart. You're giving him what he/she wants. Attention and "praise" for what they have "achieved".

Zitat:

---

Zitat von TheMarioKarters

He made a new account. He linked to a website that collected your cookies, people click on it. He takes your password along with other nonsense from those cookies. You can guess the rest.

That's as much as I know.

---

Again, passwords are not stored in cookies (for vBulletin).

Zitat:

---

Zitat von PopeOfDope

The user posted a jpeg picture which is actually a trojan. It steals a cookie, which is basically a text file that sits on your PC which tells QJ that you are a specific user. Each time you come to the site, you are automatically logged in because you have this cookie.
The picture will steal this cookie from you, which will allow the hacker to use it to automatically log in to your account.

It is very important that you do not click on pictures or links from posters who are newly registered.
Also if the picture is not hosted on a free image hosting site like Imageshack, then be wary too. I think Imageshack can detect trojan pictures and they won't upload them.

---

JPEGs can't execute code. A JPEG can only "execute" code if it causes a buffer overrun (I will not go into the technical details of any exploits I briefly discuss). Therefore, JPEGs cannot be trojans. All they did was sniff for a cookie and have it copied onto their server.

The general rule for security is, don't click on a link that goes to a site that you aren't familiar with. Even if that link is from your best friend or your significant other.

Zitat:

---

Zitat von bossmanuk

Just to also state, this is not an isolated QJ forum problem. Any site which uses VBulletin would be vunerable to the same exploits, and possibly other forum systems through other exploits too. However, we at QJ are dedicated to our users and our very own Mysticales is working on stopping these exploits as well as the Vbulletin team.

We have a great 24/7 moderation team here too, so if you find something (i.e. a link) a little bit dodgy then don't hesitate to use the 'notify mod' button in the username area of a post. Thanks.

---

This "exploit" affects any system that uses cookies. The security hole is not the software, it is being human.

Zitat:

---

Zitat von C-Money

What a loner... (Not you, the hacker)

---

Don't feed the troll.

Zitat:

---

Zitat von Tommi_

heh, even if TMK was a moron (which he's not), at least he's not a low life arsehole who has nothing better to do than hack peoples accounts.

seriously, grow the **** up.

u got banned, big deal, move on.

if i did something to people who upset me, id be in prison for god knows how many life sentences

---

Don't feed the troll.

Zitat:

---

Zitat von bossmanuk

Yes due to the lengths we have had to go to in oder to stop these hacks some signitures aren't working correctly, however this is for the greater good, and not in the Hot Fuzz sense if anyone has seen the film.



It's also worth noting that hacking is an imprisonable offence, and since a lot of people know who is behind this, if he carries on this hacker could also
be facing a term behind bars.

---

Hacking is a federal offence, but it's hard to prove it and the authorities don't care about small sites that garner no threat to National Security.

Zitat:

---

Zitat von Phil

When his ISP disconnect him for malicious activity he wont be so happy. That is when the greater good will show.

---

That won't happen.

Zitat:

---

Zitat von -ReD-

How long should my password be?

---

Zitat:

---

Zitat von Bundy

23 chars recomended.

---

Zitat:

---

Zitat von Deturbanator

the length of pw is not to prevent you from the hacker, it is so you dont make a 1 letter pw and then some random user access ur account...

5-8 is fine

---

Zitat:

---

Zitat von PopeOfDope

A longer password will only stop people who are watching you type your password from guessing. Also passwords which are found using dictionaries won't work as effectivley since the longer your password, the more combination of letters.

Just use numbers, letters, caps and some symbols if they are allowed. As long as you have them, your password doesn't have to be very long.

---

The length of the password is only one of the important things when choosing a password. Some password choice guides say make it something you'll remember (that's a given, but also a flaw).

In general a password should be at least 10 characters in length with a mixture of alphanumeric characters (and unicode/other characters if permitted). The key here is that you do not choose a password that is a word from the dictionary and not something someone can associate to yourself (like your birthday).

dsj-089-l.'[!{] is a nice password. Don't even think about using it though, as it's been posted here.

Oh and, don't use the same password for everything important to you.

For reference, each of my passwords that are important to me, are at LEAST 32 characters in length, contain alphanumeric, unicode and anything else that is allowed. I never use the same password for anything else (unless I don't care if it gets stolen).

Zitat:

---

Zitat von SeanyP

dont worry about it.
its a trojan.
and it's illegal so dont worry about it.
-= Double Post =-

that's the first time i have heard you complain.
I assumed you didnt mind.
do you want it back?
Sorry.

---

It's not a trojan. Please look on WikiPedia for the true definition of a trojan. A mere Java script sniffing for cookies isn't illegal, nor is it a trojan.

Zitat:

---

Zitat von mannymix03

this is pretty dang interesting

why our password is in cookies.....

---

Zitat:

---

Zitat von C-Money

So it can auto log us in.

---

Zitat:

---

Zitat von |-Anubis-|

Isn't it at least encrypted in some way when its stored in cookies?

Probably is...

---

Zitat:

---

Zitat von Bundy

It's get decrypted, or he just used the cookies without even knowing the password. I would image.

---

Your passwords are not stored in the cookies. Only a session key is.

Zitat:

---

Zitat von C-Money

Yep, there in md5 format. (I found a site that shows how to hack Vb forums a while back, if a mod wants the link so they can research it PM me. BTW, im not the hacker, and im horrible at hacking)

---

Zitat:

---

Zitat von Bundy

Yea, and if you get access to the database you can decrypt that too and get all the PW. Or, it was possible before atleast.

---

Wrong. Passwords are not stored in cookies and if they were stored in a cookie, they could not be stored in MD5 hash format.

EvilSeph-Very good job in clearing this up for me!

Nice description EvilSeph, that explains alot

I just posted this (accidently in the wrong forum ) but ill post it here because it may be related


1.
What the heck happended to my post count? I was at 382 ealier and when i logged it I am now at 705.

2. What happended to my custom title? I purchased one from vbplaza and have used it for a week or two and when i logged on just now it said Prem memeber.

3. I also purchased sports logos awhile back. They never worked. I pmed frozen and he saw i purchased them. He donated me some more cash to go buy em again and i did. Again they never showed up.

4. Finally my points. I had 3 k last night not in the bank. I log on today and its 6k. Whats up with that? I doubt anyone donated

All the posts in the MDPR now count, I think off topic also? Cause my post count went up alot.

Zitat:

---

Zitat von Anti-QJ

All the posts in the MDPR now count, I think off topic also? Cause my post count went up alot.

---

Don't think so, that got hacked

Just the MD's posts count, I showed this a few pages back.

Hax chat in the Flaschat section. Check 'lolhax'

Zitat:

---

Zitat von Chathurga

Just the MD's posts count, I showed this a few pages back.

---

Is that supposed to happen?

Ah that explains the post count and points

Zitat:

---

Zitat von EvilSeph

It is times like this where I just HAVE to stress that it is of the utmost importantcy that people only post when they know what they are talking about.

---

Thanks for that. However I just posted this to curb the questions being asked when no one really knew what the hell was going on. All I knew is that someone posted a picture and when you clicked it, someone else could log into your account.
We have pretty much figured out how it works now, and that the jpeg file didn't actually exist and it redirects to another page which is exploited by using javascript. I will add your information to the first post.