Hacking of Pokémon sites
 

Has anybody heard of that hacker that hacked many Pokemon websites, and made I link to his twitter page and stuff like that?! He got some major websites too including Smogon, Serebii and ******* ********. I found out about this because of another forum I reside on got hacked by this hacker as well. Apparently the name is; Rootinabox

It's just another looser who has no life.

This site is no where near popular enough to get attacked.

Apparently everything got wiped from Smogon's server.

There's a rumor that they're using the downtime to upgrade the site, actually. However, that's JUST A RUMOR!

I've went and reset my password on Serebii Forums and GTS just in case. Hackers are everywhere, compromised sites are now the old new news. I guess sometimes you just can't be too safe.

Why would they want to hack Pokémon sites?

We've also got redundant backups going daily.

But for a site like Smogon to be hit so powerfully by something like this, they must either not be making routine backups (which is stupid) or as mentioned before using the downtime to finally roll out some updates.

About this hacking thing, I believe we are safe as we are a fairly small community compared to sites such as Smogon and Serebii.

It is confirmed that Smogon is doing perfectly fine, they are using this downtime to upgrade!

And just as we get to the news of Smogon back up, Bulbagarden got hacked.

I like this hacker, they banned the mods on Bulbagarden I don't like XD

I'm not much of a fan of what the sole hacker did on the Pokémon forums. It seems to be done to prove a point. For what, though? Leaking user data isn't the nicest thing you can do in such a situation.

It's like... The hacker knows what he is doing in a weird way. All this screams "script kiddie", but it's still bad when it cones to user data.

I don't even think smaller sites will be safe. Stay on your guard, everyone.

Perhaps all this hacker wants is publicity. Unfortunately...people seem to be talking about him all over the place by now. I think the best thing anyone can do in this situation is to just ignore him.

This reminds me of the Conjopi incident that happened on Youtube a couple years ago. Back then, he would exploit Youtube's horrendous flagging system and falsely-flag LPer's videos to get them off Youtube. I remember people like Chugga and NCS were affected by this for nearly a week. Some other LPer I was watching at the time actually took down all of his videos and put them in private to avoid them getting falsely flagged.

I was wondering why Bulbagarden was going to get hacked.. Yeah I expected it, they're one of the major ones as well.

I'm going to perform another security audit to make sure we're good to go.

By the way, I've gotten some more details about a certain other forum getting hacked. Apparently, they allowed their moderators the permission to modify user details, including their passwords. A moderator was hacked, and that account was used to modify an administrator's password. That administrator account was used to upload a plugin to the admin panel, which returned the login details for the forum user on the MySQL database server, effectively giving them access to the entire forum database.

Another thing to note: all of these sites are running vBulletin, so the plugin is practically universal.

So it doesn't matter we're still using the older version?

Yeah, the version of the software we're using doesn't matter. The biggest problem is that many of the sites entrusted their moderators (if even not deliberately) with those powers. There's a reason I wiped a lot of Freeze's stuff after he left. I don't need more backdoors for hackers.

If KYA was still an admin it'd be hard to believe if he was faking or not.

KYA is still an admin on the server, and he's pretty serious about system security.

Was the forum you are talking about ***? Cause they got hacked the other day as well. Forum had some downtime, but its safe now. They just urge us to change our passwords and stuff.

Yes, I found information about how they were hacked mirrored on another news site, and the fact that they got hacked means that we could very easily be on the list of targets.

If *** can get hacked, I wonder about personal sites that are Pokémon themed or belonging to people with a notable presence in the Pokémon fandom.

I think the most likely candidates are those who know very little about security--typically those with a fairly new site and no record of previous webmaster work--and follow poorly-written guides for setting things up that include stuff like:
Too many privileges, and too weak of a password. (You should never run that MySQL query on your own server unless you want to be hacked. It allows forumuser to access all databases and do anything they want to them, and the account has a very weak password to boot.)

Of course, that's a moot point because what happened with these other sites is (as I mentioned above) making their way through a small loophole to obtain the forum database password, which is absolutely required to have permissions to run SELECT (read information), INSERT (add information), UPDATE (change information), and DELETE (remove information) queries on the forum database.

He/she hasn't updated the twitter page in over a day, so I'm assuming the terror is pretty much over. However, I wouldn't let my guard down. Well it seems Cat knows what he is doing so I feel safe here :)

Yeah, I'm a member on ***, & I started to change my passwords when the hacking stuff started to happen. I'm going back & changing everything again since BMGf got hit.

The recommendation I've heard is to change all passwords associated with your email address on forums. I'm doing it 'cause I'd rather be safe than sorry.

I try to use one of my crappy passwords on sites I don't really care about. :P

:giopalm:

I'm guessing some one who held common moderator positions on all of these sites was not very good with their password.

My brothers PSN account got hacked the other day when this happened, i wounder if its the same guy.I called Playstation to help fix this and they did good thing to, the guy was playing on my brothers account. PSN=Playstation Network

:ibf: :ibf2: :ibf3:

Good to see Cat Triple Three has security and backups in place. It's nice to know we are at least not caught unprepared for this kinda thing. I don't use the other Pokemon websites unless I'm looking for Lopunny and Absol in a game, but other than that I just come here when I get a Pokemon itch.
I digress.
I know some users here are underage, so I'll reiterate: Guys, never give out your passwords. Oftentimes when someone says hacked in a website or game or something, it usually means they gave away the email cause they wanted free premium content, or a mysterious user that typew in disjointed Engrish wants to give YOU super secret admin powers for seemingly no reason at all. Be on the look out guys.

I don't think your brother's PSN account has any connection to this problem.

Of all fandoms to be attacked... why Pokémon? There are far worse.... of which I shall not name as to not offend >.>

I think the reason for this is because the common moderators/members that were hacked are from Pokemon forums. I don't think Rootinabox targeted Pokemon because it's bad. She just saw a link between accounts on those websites.

Smogon is back now, yay!

What i wonder is: Why the heck would someone hack a Pokémon site? Rage? Because i don't think you would really win something outta this. :P

Maybe the hacker is a brony trying to make MLP the top fandom! D:

(I don't hate bronies, I just like to joke at them a lot)