CAG Defacing/Hacking News & Updates

I got the "you must change your password" message. I did and then it didn't work. I chose forgot password and couldn't read most of the captchas. Finally could read one of them and it accepted my answer. I received a temporary password, logged in with it, changed my password. It kept saying that the temporary password was false (5 minutes after receiving the email). In the end it said it was good, but when I tried to log in, it said bad password again. I tried entering my old password before the reset fiasco and it works fine.

 
Is it required to change your password? I mean I got to change it but it was the same one. Does this generate a new "Salt"?

Also, feedbacks seems to be gone. Hopefully not and this would be fixed soon but answers to these queries would be appreciated.

 
Last edited by a moderator:
HyperG said:
I'm dealing with my own script kiddy issues lol... jerks got no life.
Click to expand...
That's what it was, just someone with a ready made script who scanned one of our servers and found an exploit that allowed them to upload it.

We should be good now.

Edit: Trader feedback is back online.

 
Last edited by a moderator:
John said:
That's what it was, just someone with a ready made script who scanned one of our servers and found an exploit that allowed them to upload it.

We should be good now.

Edit: Trader feedback is back online.
Click to expand...
The fact that a "ready made" script made it through your security (MULTIPLE TIMES) is a little troublesome.

 
dum1038 said:
Anyone?
Click to expand...
Up to you, really. A new salt is generated even if you change it to the same password.

Sepioth said:
The fact that a "ready made" script made it through your security (MULTIPLE TIMES) is a little troublesome.
Click to expand...
Agreed. Although it didn't make it through multiple times, it was just well hidden. Not being able to find it is what made it possible for the attacker to keep on making changes despite our efforts.

That said, I wasn't just searching for a utility file the entire time - we made a lot of changes to lock down any possible security holes. Despite always keeping the forum software updated (whenever they issued security patches), to eliminate the possibility of having missed anything we did a complete upgrade to the latest 3.4.x version of Invision. I know that sounds completely trivial, but CAG uses a heavily modified version of Invision, and upgrades to the forum software are a bit of an undertaking. Secondly (and most importantly), we did a complete overhaul of our hosting setup to replace every server and reconfigure them from the ground up. That includes a lot of new security measures to prevent attacks like this in the future. Yeah, I'm really frustrated that it took me so long to find that file.

 
Sepioth said:
The fact that a "ready made" script made it through your security (MULTIPLE TIMES) is a little troublesome.
Click to expand...
From the sounds of the script kiddy's twitter on January 10th, they claimed that they figured it out on their own but eh never know. The bitcoin image itself links to a site called newsbtc.com which has a sketchy rep from a simple google search, but who knows. When the skids hide the files that let themselves in, it really makes it hard to a point you just have to start fresh and rebuild. I'm not looking forward to having to do this myself...

 
Almost every time I click on a forum or topic link, it takes 3-5 tries to actually open properly. Everything keeps redirecting me to the main page upon the first few attempts. I also have to log in every time despite checking the box to keep me logged in.
 
Matt Young said:
Almost every time I click on a forum or topic link, it takes 3-5 tries to actually open properly. Everything keeps redirecting me to the main page upon the first few attempts. I also have to log in every time despite checking the box to keep me logged in.
Click to expand...
Working on it

 
Matt Young said:
Almost every time I click on a forum or topic link, it takes 3-5 tries to actually open properly. Everything keeps redirecting me to the main page upon the first few attempts. I also have to log in every time despite checking the box to keep me logged in.
Click to expand...
Same here. Although the sign in issue seems to be worse on mobile.

 
Turk February said:
Same here. Although the sign in issue seems to be worse on mobile.
Click to expand...
And here as well. I know you're working on it but here's a little more info from what I've found after about 30 minutes of navigating trial and error:

  • I've found that if a thread has a multiple pages to it, going to the first page and then to page 2 almost never fails. From there I can go to page ~20 and the page properly loads. From there it is just going up by ~10-20 until I'm about 5 or so pages away. At that point I have to actually navigate one page forward at a time.
I'll edit this post if I find any other items that are repeatable (good or bad).

 
Random thread redirects to the home page should be fixed. 

Also: 

- Fixed the double post issue 

- Fixed the WYSIWYG editor colours 

 
John said:
Most likely a caching issue. Clear your cache and try again?

Also, front page tweets/deals are fixed.
Click to expand...
I think I tried private browsing twice before clearing the cache. First time (before reporting) it didn't work, second time (after seeing your message) it did. Or maybe I remember wrong. :) Cleared anyway and working! Thanks!

Any chance we can get you added to the "CAG on Twitter" list, and therefore the front page tweets? And maybe @CAGNewDeals, if it isn't redundant or considered overly active that it would push down all other tweets?

 
Last edited by a moderator:
phantomphoenix said:
Any chance we can get you added to the "CAG on Twitter" list, and therefore the front page tweets? And maybe @CAGNewDeals, if it isn't redundant or considered overly active that it would push out all other tweets?
Click to expand...
The tweets that appear are based on the list belonging to @videogamedeals, which I don't control - but I wouldn't want to subject anyone to my drunken stream tweets. :drool:

Will check with Cheapy about @CAGNewDeals.

 
Yesterday when I tried to get to this site I got this message on a white page:

twitter.com/localblackhat ~Please, for the love of god. I ask you kindly to just shut this service down... you can't protect it.. Not only am I getting in over and over, but I'm fighting with another hacker to keep him out, he keeps removing my access the fucker.

Did anyone else see this?

 
Last edited by a moderator:
Don't know if it's being handled, but user sessions seem to be expiring after a period of time/inactivity.

"Remember Me" checkbox isn't doing anything against it.

 
Modoru said:
Don't know if it's being handled, but user sessions seem to be expiring after a period of time/inactivity.

"Remember Me" checkbox isn't doing anything against it.
Click to expand...
Delete cookies related to the site and try again. It should fix your issue.

 
Last edited by a moderator:
When trying to add a game to playing/beat/collection it gives an error. Thanks John

Error: Unable to connect to tcp://10.30.200.20:9200. Error: Connection refused
 
A bunch of fixes just went up. You can now change your password if you're using the mobile style, and various minor mobile glitches/broken images have been fixed.

 
The email I used here was only used one other place online, and yesterday that place informed me that someone tried to access my account with that info. Groovy.

 
Also trying to find a better solution to people getting logged out. If you've tried a cookie clear and it didn't work for you, let me know.

 
You must log in or register to reply here.
bread's done
Back
Top