Victory Road  

Go Back   Victory Road > General > Technology

Notices

 
 
  #1  
Old June 27, 2013, 05:15:20 PM
PHANTOMxTRAINER's Avatar
PHANTOMxTRAINER PHANTOMxTRAINER is offline
Giratina
 
Join Date: Jun 2011
Location: NY
Posts: 3,430
Default Hacking of Pokémon sites

Has anybody heard of that hacker that hacked many Pokemon websites, and made I link to his twitter page and stuff like that?! He got some major websites too including Smogon, Serebii and ******* ********. I found out about this because of another forum I reside on got hacked by this hacker as well. Apparently the name is; Rootinabox

Last edited by Cat333Pokémon; October 25, 2013 at 02:57:09 PM.
  #2  
Old June 27, 2013, 06:03:53 PM
Magmaster12's Avatar
Magmaster12 Magmaster12 is offline
Rayquaza
 
Join Date: Aug 2009
Location: You would know
Posts: 4,960
Default

It's just another looser who has no life.

This site is no where near popular enough to get attacked.

Apparently everything got wiped from Smogon's server.

Last edited by Magmaster12; June 27, 2013 at 06:08:06 PM.
  #3  
Old June 27, 2013, 06:36:31 PM
PHANTOMxTRAINER's Avatar
PHANTOMxTRAINER PHANTOMxTRAINER is offline
Giratina
 
Join Date: Jun 2011
Location: NY
Posts: 3,430
Default

Quote:
Originally Posted by Magmaster12 View Post
It's just another looser who has no life.

This site is no where near popular enough to get attacked.

Apparently everything got wiped from Smogon's server.
There's a rumor that they're using the downtime to upgrade the site, actually. However, that's JUST A RUMOR!
  #4  
Old June 27, 2013, 11:05:59 PM
Twiggy's Avatar
Twiggy Twiggy is offline
Kyurem
 
Join Date: Oct 2011
Location: Somewhere interesting?
Posts: 2,102
Default

I've went and reset my password on Serebii Forums and GTS just in case. Hackers are everywhere, compromised sites are now the old new news. I guess sometimes you just can't be too safe.

Why would they want to hack Pokémon sites?
  #5  
Old June 27, 2013, 11:31:42 PM
Cat333Pokémon's Avatar
Cat333Pokémon Cat333Pokémon is offline
Administrator

 
Join Date: Nov 2006
Location: Nevada
Posts: 10,353
Default

Quote:
Originally Posted by Magmaster12 View Post
This site is no where near popular enough to get attacked.
We've also got redundant backups going daily.

But for a site like Smogon to be hit so powerfully by something like this, they must either not be making routine backups (which is stupid) or as mentioned before using the downtime to finally roll out some updates.
  #6  
Old June 28, 2013, 02:37:34 AM
PureAurorae's Avatar
PureAurorae PureAurorae is offline
Haxorus
 
Join Date: Nov 2012
Posts: 444
Default

About this hacking thing, I believe we are safe as we are a fairly small community compared to sites such as Smogon and Serebii.

Last edited by Cat333Pokémon; June 28, 2013 at 03:53:17 PM.
  #7  
Old June 28, 2013, 04:38:34 AM
PHANTOMxTRAINER's Avatar
PHANTOMxTRAINER PHANTOMxTRAINER is offline
Giratina
 
Join Date: Jun 2011
Location: NY
Posts: 3,430
Default

It is confirmed that Smogon is doing perfectly fine, they are using this downtime to upgrade!

Last edited by Cat333Pokémon; June 28, 2013 at 03:53:29 PM.
  #8  
Old June 28, 2013, 08:34:37 AM
Twiggy's Avatar
Twiggy Twiggy is offline
Kyurem
 
Join Date: Oct 2011
Location: Somewhere interesting?
Posts: 2,102
Default

And just as we get to the news of Smogon back up, Bulbagarden got hacked.
  #9  
Old June 28, 2013, 08:45:25 AM
Magmaster12's Avatar
Magmaster12 Magmaster12 is offline
Rayquaza
 
Join Date: Aug 2009
Location: You would know
Posts: 4,960
Default

I like this hacker, they banned the mods on Bulbagarden I don't like XD
  #10  
Old June 28, 2013, 09:59:27 AM
Twiggy's Avatar
Twiggy Twiggy is offline
Kyurem
 
Join Date: Oct 2011
Location: Somewhere interesting?
Posts: 2,102
Default

I'm not much of a fan of what the sole hacker did on the Pokémon forums. It seems to be done to prove a point. For what, though? Leaking user data isn't the nicest thing you can do in such a situation.

It's like... The hacker knows what he is doing in a weird way. All this screams "script kiddie", but it's still bad when it cones to user data.

I don't even think smaller sites will be safe. Stay on your guard, everyone.
  #11  
Old June 28, 2013, 10:12:57 AM
Reuniclus's Avatar
Reuniclus Reuniclus is offline
Moderator

 
Join Date: Jul 2011
Location: The Desert...help me
Posts: 3,300
Default

Perhaps all this hacker wants is publicity. Unfortunately...people seem to be talking about him all over the place by now. I think the best thing anyone can do in this situation is to just ignore him.

This reminds me of the Conjopi incident that happened on Youtube a couple years ago. Back then, he would exploit Youtube's horrendous flagging system and falsely-flag LPer's videos to get them off Youtube. I remember people like Chugga and NCS were affected by this for nearly a week. Some other LPer I was watching at the time actually took down all of his videos and put them in private to avoid them getting falsely flagged.

Last edited by Reuniclus; June 28, 2013 at 10:13:38 AM.
  #12  
Old June 28, 2013, 03:00:22 PM
PHANTOMxTRAINER's Avatar
PHANTOMxTRAINER PHANTOMxTRAINER is offline
Giratina
 
Join Date: Jun 2011
Location: NY
Posts: 3,430
Default

Quote:
Originally Posted by Twiggy View Post
And just as we get to the news of Smogon back up, Bulbagarden got hacked.
I was wondering why Bulbagarden was going to get hacked.. Yeah I expected it, they're one of the major ones as well.
  #13  
Old June 28, 2013, 03:54:15 PM
Cat333Pokémon's Avatar
Cat333Pokémon Cat333Pokémon is offline
Administrator

 
Join Date: Nov 2006
Location: Nevada
Posts: 10,353
Default

I'm going to perform another security audit to make sure we're good to go.

By the way, I've gotten some more details about a certain other forum getting hacked. Apparently, they allowed their moderators the permission to modify user details, including their passwords. A moderator was hacked, and that account was used to modify an administrator's password. That administrator account was used to upload a plugin to the admin panel, which returned the login details for the forum user on the MySQL database server, effectively giving them access to the entire forum database.

Another thing to note: all of these sites are running vBulletin, so the plugin is practically universal.

Last edited by Cat333Pokémon; June 28, 2013 at 04:00:25 PM.
  #14  
Old June 28, 2013, 04:11:06 PM
Magmaster12's Avatar
Magmaster12 Magmaster12 is offline
Rayquaza
 
Join Date: Aug 2009
Location: You would know
Posts: 4,960
Default

So it doesn't matter we're still using the older version?
  #15  
Old June 28, 2013, 04:13:52 PM
Cat333Pokémon's Avatar
Cat333Pokémon Cat333Pokémon is offline
Administrator

 
Join Date: Nov 2006
Location: Nevada
Posts: 10,353
Default

Yeah, the version of the software we're using doesn't matter. The biggest problem is that many of the sites entrusted their moderators (if even not deliberately) with those powers. There's a reason I wiped a lot of Freeze's stuff after he left. I don't need more backdoors for hackers.
  #16  
Old June 28, 2013, 04:16:52 PM
Magmaster12's Avatar
Magmaster12 Magmaster12 is offline
Rayquaza
 
Join Date: Aug 2009
Location: You would know
Posts: 4,960
Default

If KYA was still an admin it'd be hard to believe if he was faking or not.
  #17  
Old June 28, 2013, 04:19:24 PM
Cat333Pokémon's Avatar
Cat333Pokémon Cat333Pokémon is offline
Administrator

 
Join Date: Nov 2006
Location: Nevada
Posts: 10,353
Default

KYA is still an admin on the server, and he's pretty serious about system security.
  #18  
Old June 28, 2013, 10:04:24 PM
PHANTOMxTRAINER's Avatar
PHANTOMxTRAINER PHANTOMxTRAINER is offline
Giratina
 
Join Date: Jun 2011
Location: NY
Posts: 3,430
Default

Quote:
Originally Posted by Cat333Pokémon View Post
I'm going to perform another security audit to make sure we're good to go.

By the way, I've gotten some more details about a certain other forum getting hacked. Apparently, they allowed their moderators the permission to modify user details, including their passwords. A moderator was hacked, and that account was used to modify an administrator's password. That administrator account was used to upload a plugin to the admin panel, which returned the login details for the forum user on the MySQL database server, effectively giving them access to the entire forum database.

Another thing to note: all of these sites are running vBulletin, so the plugin is practically universal.
Was the forum you are talking about ***? Cause they got hacked the other day as well. Forum had some downtime, but its safe now. They just urge us to change our passwords and stuff.
  #19  
Old June 28, 2013, 10:09:27 PM
Cat333Pokémon's Avatar
Cat333Pokémon Cat333Pokémon is offline
Administrator

 
Join Date: Nov 2006
Location: Nevada
Posts: 10,353
Default

Quote:
Originally Posted by PHANTOMxTRAINER View Post
Was the forum you are talking about ***? Cause they got hacked the other day as well. Forum had some downtime, but its safe now. They just urge us to change our passwords and stuff.
Yes, I found information about how they were hacked mirrored on another news site, and the fact that they got hacked means that we could very easily be on the list of targets.
  #20  
Old June 28, 2013, 10:23:47 PM
Twiggy's Avatar
Twiggy Twiggy is offline
Kyurem
 
Join Date: Oct 2011
Location: Somewhere interesting?
Posts: 2,102
Default

If *** can get hacked, I wonder about personal sites that are Pokémon themed or belonging to people with a notable presence in the Pokémon fandom.
  #21  
Old June 29, 2013, 09:18:12 AM
Cat333Pokémon's Avatar
Cat333Pokémon Cat333Pokémon is offline
Administrator

 
Join Date: Nov 2006
Location: Nevada
Posts: 10,353
Default

I think the most likely candidates are those who know very little about security--typically those with a fairly new site and no record of previous webmaster work--and follow poorly-written guides for setting things up that include stuff like:
Code:
GRANT ALL PRIVILEGES ON *.* TO 'forumuser'@'%'
    IDENTIFIED BY 'password' WITH GRANT OPTION
Too many privileges, and too weak of a password. (You should never run that MySQL query on your own server unless you want to be hacked. It allows forumuser to access all databases and do anything they want to them, and the account has a very weak password to boot.)

Of course, that's a moot point because what happened with these other sites is (as I mentioned above) making their way through a small loophole to obtain the forum database password, which is absolutely required to have permissions to run SELECT (read information), INSERT (add information), UPDATE (change information), and DELETE (remove information) queries on the forum database.

Last edited by Cat333Pokémon; June 29, 2013 at 09:19:07 AM. Reason: Typo
  #22  
Old June 29, 2013, 12:07:32 PM
PHANTOMxTRAINER's Avatar
PHANTOMxTRAINER PHANTOMxTRAINER is offline
Giratina
 
Join Date: Jun 2011
Location: NY
Posts: 3,430
Default

He/she hasn't updated the twitter page in over a day, so I'm assuming the terror is pretty much over. However, I wouldn't let my guard down. Well it seems Cat knows what he is doing so I feel safe here
  #23  
Old June 29, 2013, 04:25:30 PM
Mistral's Avatar
Mistral Mistral is offline
Mudkip
 
Join Date: Jun 2013
Location: In a cardboard box.
Posts: 32
Default

Yeah, I'm a member on ***, & I started to change my passwords when the hacking stuff started to happen. I'm going back & changing everything again since BMGf got hit.

The recommendation I've heard is to change all passwords associated with your email address on forums. I'm doing it 'cause I'd rather be safe than sorry.
  #24  
Old June 29, 2013, 08:35:55 PM
Cat333Pokémon's Avatar
Cat333Pokémon Cat333Pokémon is offline
Administrator

 
Join Date: Nov 2006
Location: Nevada
Posts: 10,353
Default

I try to use one of my crappy passwords on sites I don't really care about.
  #25  
Old June 30, 2013, 06:41:58 AM
hinorashi's Avatar
hinorashi hinorashi is offline
Zoroark
 
Join Date: May 2010
Location: Mahogany Town
Posts: 199
Default

Quote:
"hacking"


I'm guessing some one who held common moderator positions on all of these sites was not very good with their password.
  #26  
Old July 2, 2013, 12:15:39 AM
kakashidragon's Avatar
kakashidragon kakashidragon is offline
Kyurem
 
Join Date: Feb 2010
Location: Where i belong
Posts: 2,055
Default

My brothers PSN account got hacked the other day when this happened, i wounder if its the same guy.I called Playstation to help fix this and they did good thing to, the guy was playing on my brothers account. PSN=Playstation Network
  #27  
Old July 2, 2013, 07:22:45 AM
Absol's Avatar
Absol Absol is offline
Haxorus
 
Join Date: Aug 2011
Location: Alabama
Posts: 318
Default



Good to see Cat Triple Three has security and backups in place. It's nice to know we are at least not caught unprepared for this kinda thing. I don't use the other Pokemon websites unless I'm looking for Lopunny and Absol in a game, but other than that I just come here when I get a Pokemon itch.
I digress.
I know some users here are underage, so I'll reiterate: Guys, never give out your passwords. Oftentimes when someone says hacked in a website or game or something, it usually means they gave away the email cause they wanted free premium content, or a mysterious user that typew in disjointed Engrish wants to give YOU super secret admin powers for seemingly no reason at all. Be on the look out guys.
  #28  
Old July 3, 2013, 03:28:23 AM
PHANTOMxTRAINER's Avatar
PHANTOMxTRAINER PHANTOMxTRAINER is offline
Giratina
 
Join Date: Jun 2011
Location: NY
Posts: 3,430
Default

Quote:
Originally Posted by kakashidragon View Post
My brothers PSN account got hacked the other day when this happened, i wounder if its the same guy.I called Playstation to help fix this and they did good thing to, the guy was playing on my brothers account. PSN=Playstation Network
I don't think your brother's PSN account has any connection to this problem.
  #29  
Old July 8, 2013, 07:21:36 AM
Wolfbane5001's Avatar
Wolfbane5001 Wolfbane5001 is offline
Linoone
 
Join Date: Jul 2013
Posts: 90
Default

Of all fandoms to be attacked... why Pokémon? There are far worse.... of which I shall not name as to not offend >.>
  #30  
Old July 8, 2013, 06:51:46 PM
PHANTOMxTRAINER's Avatar
PHANTOMxTRAINER PHANTOMxTRAINER is offline
Giratina
 
Join Date: Jun 2011
Location: NY
Posts: 3,430
Default

Quote:
Originally Posted by Wolfbane5001 View Post
Of all fandoms to be attacked... why Pokémon? There are far worse.... of which I shall not name as to not offend >.>
I think the reason for this is because the common moderators/members that were hacked are from Pokemon forums. I don't think Rootinabox targeted Pokemon because it's bad. She just saw a link between accounts on those websites.
  #31  
Old July 9, 2013, 04:55:26 AM
Aquablast's Avatar
Aquablast Aquablast is offline
Kyurem
 
Join Date: Jun 2010
Location: Internet
Posts: 2,074
Default

Smogon is back now, yay!
  #32  
Old July 9, 2013, 07:43:47 AM
Maogi's Avatar
Maogi Maogi is offline
Pikachu
 
Join Date: Jun 2013
Posts: 9
Default

What i wonder is: Why the heck would someone hack a Pokémon site? Rage? Because i don't think you would really win something outta this.
  #33  
Old July 9, 2013, 02:41:33 PM
Wolfbane5001's Avatar
Wolfbane5001 Wolfbane5001 is offline
Linoone
 
Join Date: Jul 2013
Posts: 90
Default

Quote:
Originally Posted by Maogi View Post
What i wonder is: Why the heck would someone hack a Pokémon site? Rage? Because i don't think you would really win something outta this.
Maybe the hacker is a brony trying to make MLP the top fandom! D:

(I don't hate bronies, I just like to joke at them a lot)

Last edited by Wolfbane5001; July 10, 2013 at 06:29:56 AM. Reason: Clarification
 
Thread Tools

Forum Jump


All times are GMT -8.


Powered by vBulletin® Version 3.8.11 Beta 1
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Victory Road ©2006 - 2018, Scott Cat333Pokémon Cheney
Theme by A'bom and Cat333Pokémon