Jump to content

yetanothername

Members
  • Posts

    449
  • Joined

  • Last visited

Profile Information

  • Gender
    Not Telling

Previous Fields

  • Sanctioned Alliance
    Green Protection Agency
  • Nation Name
    Pridelands
  • Resource 1
    Lumber
  • Resource 2
    Wheat

Recent Profile Visitors

558 profile views

yetanothername's Achievements

Newbie

Newbie (1/14)

  1. [quote name='bros2' date='29 April 2010 - 12:41 PM' timestamp='1272559295' post='2279942'] This could happen to [b]anyone[/b] who checks the box to be logged in forever, as the cookies can be taken by using a cookie grabber. [/quote] You don't even need to check the little box. In fact, I can hijack your session even after you log out.
  2. [quote name='Bob Janova' date='29 April 2010 - 12:08 PM' timestamp='1272557290' post='2279918'] On another note, any alliance which is still running an outdated version of SMF (or IVF) at this point pretty much deserves to get broken into, it's not like this is the first occurence or no-one's mentioned it before. Go and upgrade them right now! [/quote] Problem there, is that [i]every single[/i] version of SMF has a critical vulnerability that allows anyone to hijack your user account.
  3. *sigh* [img]http://img121.imageshack.us/img121/6468/cpu.gif[/img] [img]http://img63.imageshack.us/img63/3418/netw.gif[/img] Those are histograms of Tilton53's server's activity. See the plateau in the CPU graph at Week 9? And the spike just before and just after that in the Network graph? Someone hacked the server and uploaded a list of passwords to crack, the server cracked a couple, and the hacker downloaded the list a couple days later. Furthermore, the owner of the log files was changed from "logs" to "root". "chown root /var/logs" anyone? ThunderStrike says that no one ever presented evidence of Tilton's server being hacked. Evidence was presented, it just didn't fit his theory so it went in one ear and out the other. Yet, he's the one who deleted evidence from the RIA's forums, showed selected server logs and started insulting people when they didn't drink his kool-aid. Edit: Not to mention the fact that it took me about thirty seconds to hack into one of Citizenkane's forums, which run the same version of SMF that RIA use[b]s[/b].
  4. When you visit a webpage, your browser sends a whole bunch of information to the web server, but in this guide I'll only be focusing on two things: The browser user-agent and the IP address. [b]What is a user agent?[/b] A user agent is a way to identify what web browser a user is connecting with. In my case, it is [i]"Opera/9.80 (Windows NT 6.1; U; en) Presto/2.5.22 Version/10.50"[/i] From this, we can infer that I'm using Opera 10.5 on Windows 7 with English as my default language. Different people may have the same user-agent, and one person can have multiple user-agents. (For example, if I start up Internet Explorer, I get [i]"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)"[/i]) Again, a user-agent is not a way to identify someone in your server logs. [b]What is an IP?[/b] An IP address is a way to [b][i]semi[/i][/b]-uniquely identify someone. It is a four part number where each part is separated by a period. (My current IP address is 192.168.1.104 - at least on my internal network ). Some people hide their IP address by using a proxy. One such proxy service is called Tor. It works by forwarding your request through a random number of other people, so their IP address shows up instead of yours. At some point in the requests traveling, it needs to end up at it's destination. It exits the Tor network via something called a Tor Exit Node. There are a limited number of these Exit Nodes, so if someone is using Tor to browse anonymously or to bypass a firewall, there is a chance that two unrelated people's traffic will exit via the same Exit Node. tl;dr? Look at this pretty image or [url=http://www.torproject.org/overview.html.en]read the actual tutorial[/url] [img]http://www.torproject.org/images/htw2.png[/img] So, in conclusion: Relying on a user agent and an IP address to uniquely identify a person in your hacked alliance's server logs is a surefire way to waste everyone's time. But going through your forum's administrative login access logs for any signs of suspicious activity is a good way to waste your time, because it logs every access attempt, successful or not successful, into the Administrative Control Panel. This topic brought to you by CyberNations's GeekSquad - irc://irc.coldfront.net/GeekSquad
  5. It's better to be proactive and secure your forums now rather than waking one of up at 2 in the morning. If that means going to InvisionFree and using their service rather than using your pirated version of IP.Board with the hosting your ex-president's uncle's friend provides, then that is a step forward.
  6. I'd also be willing to help out other alliances. I know I'm not as high-profile as Bilrow or bros is, but I know my @#$%. (Or at least I like to think I do ) [quote]But some alliances are a bit touchy [/quote] If an alliance doesn't want your OOC technical knowledge and help just because you run with Pacifica or MK, then that's their own prerogative. Let them run their outdated pirated version of IPB. We'll still open our arms to help them once they get hacked.
  7. [quote name='bros2' date='17 February 2010 - 07:23 PM' timestamp='1266452609' post='2188367'] ....what do people actually do this? no i can't believe they are that dumb [/quote] Yes, people actually do this, and yes, people are actually that dumb when it comes to technology. Kinda like the whole "I want multiple founders for my IRC channel." thing that I have to deal with every few days. Every host I've ever been on (paid, that is), allows SSH connections. [quote] VPS, Dedi, they are close enough to each other. [/quote] A VPS is just a glorified shared server. You can still break out of the virtual machine and into the hypervisor, and wreak havoc on other people's websites.
  8. Collecting taxes from your members, really? Sounds interesting. Tell me more Generally, offering .gov positions to brand new members isn't a good idea. Gah, you know how much I hate web design Does that mean your IRC channel is typically dull? Like? Why should I join TPF over anyone else in this thread? I like an active channel But what does being active on the forum give you? Ha nice, I love inactive forums But, democratic governments don't work IRL, let alone in an online game.
  9. So, I'm looking for an alliance to join. Some things about me: *I'm not willing to switch from green *I won't be (that) active on your forums, but I'll be on your IRC almost 24/7* *(That being said, I got couped from my last alliance for inactivity and didn't notice for two weeks) *Um ya....recruit me. Past alliances I've been in are GGA and EG. Edit: I guess I should add that I was the MoF in the GGA for a while Edit2: Your alliance better have stand alone forums, I refuse to put up with invisionfree. *Assuming my server operator doesn't screw up ZNC again.
  10. Yes, there is a rule against harassment on Coldfront IRC. Join #irchelp and ask for an IRCop to file your compliant.
  11. It means somewhere along the line, your ISP or network admin is blocking port 6667. Are you in a college and/or what is your ISP?
  12. You ask for forgiveness and reconciliation but yet you get banned from Coldfront because you stole an alliance's public IRC channel? Oh and that little stunt with "PWNEDTHEBALLER"? Nice try.
  13. Please note that +M won't work if you are one of the idiots who have your channel set to autovoice everyone. +R is really the best bet anyways (Everyone should have their nick registered, and if they don't, they need to get it registered anyways)
×
×
  • Create New...