Jump to content

yetanothername

Members
 View Profile  See their activity

  • Posts

    449

  • Joined

  • Last visited

 Content Type 

Posts posted by yetanothername

  1. Joint Statement from RIA and PC

    in Open World RP

    Posted

    [quote name='bros2' date='29 April 2010 - 12:41 PM' timestamp='1272559295' post='2279942']
    This could happen to [b]anyone[/b] who checks the box to be logged in forever, as the cookies can be taken by using a cookie grabber.
    [/quote]

    You don't even need to check the little box. In fact, I can hijack your session even after you log out.

  2. Joint Statement from RIA and PC

    in Open World RP

    Posted

    [quote name='Bob Janova' date='29 April 2010 - 12:08 PM' timestamp='1272557290' post='2279918']
    On another note, any alliance which is still running an outdated version of SMF (or IVF) at this point pretty much deserves to get broken into, it's not like this is the first occurence or no-one's mentioned it before. Go and upgrade them right now!
    [/quote]

    Problem there, is that [i]every single[/i] version of SMF has a critical vulnerability that allows anyone to hijack your user account.

  3. Joint Statement from RIA and PC

    in Open World RP

    Posted · Edited by yetanothername

    *sigh*

    [img]http://img121.imageshack.us/img121/6468/cpu.gif[/img]
    [img]http://img63.imageshack.us/img63/3418/netw.gif[/img]

    Those are histograms of Tilton53's server's activity. See the plateau in the CPU graph at Week 9? And the spike just before and just after that in the Network graph? Someone hacked the server and uploaded a list of passwords to crack, the server cracked a couple, and the hacker downloaded the list a couple days later.

    Furthermore, the owner of the log files was changed from "logs" to "root". "chown root /var/logs" anyone?

    ThunderStrike says that no one ever presented evidence of Tilton's server being hacked. Evidence was presented, it just didn't fit his theory so it went in one ear and out the other. Yet, he's the one who deleted evidence from the RIA's forums, showed selected server logs and started insulting people when they didn't drink his kool-aid.

    Edit: Not to mention the fact that it took me about thirty seconds to hack into one of Citizenkane's forums, which run the same version of SMF that RIA use[b]s[/b].

  4. A Lesson in Computer Networks

    in Open World RP

    Posted · Edited by yetanothername

    When you visit a webpage, your browser sends a whole bunch of information to the web server, but in this guide I'll only be focusing on two things: The browser user-agent and the IP address.

    [b]What is a user agent?[/b]

    A user agent is a way to identify what web browser a user is connecting with. In my case, it is [i]"Opera/9.80 (Windows NT 6.1; U; en) Presto/2.5.22 Version/10.50"[/i] From this, we can infer that I'm using Opera 10.5 on Windows 7 with English as my default language. Different people may have the same user-agent, and one person can have multiple user-agents. (For example, if I start up Internet Explorer, I get [i]"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)"[/i]) Again, a user-agent is not a way to identify someone in your server logs.

    [b]What is an IP?[/b]
    An IP address is a way to [b][i]semi[/i][/b]-uniquely identify someone. It is a four part number where each part is separated by a period. (My current IP address is 192.168.1.104 - at least on my internal network ;)). Some people hide their IP address by using a proxy. One such proxy service is called Tor. It works by forwarding your request through a random number of other people, so their IP address shows up instead of yours. At some point in the requests traveling, it needs to end up at it's destination. It exits the Tor network via something called a Tor Exit Node. There are a limited number of these Exit Nodes, so if someone is using Tor to browse anonymously or to bypass a firewall, there is a chance that two unrelated people's traffic will exit via the same Exit Node.
    tl;dr? Look at this pretty image or [url=http://www.torproject.org/overview.html.en]read the actual tutorial[/url]

    [img]http://www.torproject.org/images/htw2.png[/img]

    So, in conclusion: Relying on a user agent and an IP address to uniquely identify a person in your hacked alliance's server logs is a surefire way to waste everyone's time. But going through your forum's administrative login access logs for any signs of suspicious activity is a good way to waste your time, because it logs every access attempt, successful or not successful, into the Administrative Control Panel.

    This topic brought to you by CyberNations's GeekSquad - irc://irc.coldfront.net/GeekSquad

  6. 8 Simple Rules For Keeping My Alliance Forum Secure

    in Open World RP

    Posted

    I'd also be willing to help out other alliances. I know I'm not as high-profile as Bilrow or bros is, but I know my @#$%. (Or at least I like to think I do ;) )

    [quote]But some alliances are a bit touchy :P[/quote]

    If an alliance doesn't want your OOC technical knowledge and help just because you run with Pacifica or MK, then that's their own prerogative. Let them run their outdated pirated version of IPB. We'll still open our arms to help them once they get hacked.

  7. 8 Simple Rules For Keeping My Alliance Forum Secure

    in Open World RP

    Posted

    [quote name='bros2' date='17 February 2010 - 07:23 PM' timestamp='1266452609' post='2188367']
    ....what

    do people actually do this?

    no i can't believe they are that dumb
    [/quote]

    Yes, people actually do this, and yes, people are actually that dumb when it comes to technology. Kinda like the whole "I want multiple founders for my IRC channel." thing that I have to deal with every few days.

    Every host I've ever been on (paid, that is), allows SSH connections.

    [quote]
    VPS, Dedi, they are close enough to each other.
    [/quote]

    A VPS is just a glorified shared server. You can still break out of the virtual machine and into the hypervisor, and wreak havoc on other people's websites.

  9. Recruit Me

    in Player Created Alliances

    Posted

    Partopian Alliance

    Collecting taxes from your members, really?

    Join the GPA! We're green, and you can quietly build your nation in peace and comfort.

    Sounds interesting. Tell me more

    I would like to formally invite you to join Paix.

    Generally, offering .gov positions to brand new members isn't a good idea.

    Yam, you don't have to be green to be a GUNner. I need a buddy in my IRC channel anyway. In the off chance we throw you out, I will personally make sure you know it(that isn't a threat). Plus, if you want you can work on our website. :)

    Gah, you know how much I hate web design ;)

    Activity: Again, while forum activity is encouraged, it is not a requirement. And a little liveliness injected into #invicta is always fun.

    Does that mean your IRC channel is typically dull?

    ...They truly have everything...

    Like?

    You asked, I posted. Join TPF

    Why should I join TPF over anyone else in this thread?

    As long as you are active on IRC, we aren't going to kick you out of the alliance, and our private channel is generally pretty active with a range of people (including Wimminz). It's also home to a diverse set of topic choices, so we can talk about sports, video games, politics, etc...and CN politics usually aren't the main topic of conversation!

    Although, being forum active does entitle you to more benefits.

    I like an active channel :lol1:

    But what does being active on the forum give you?

    You can stay green and "lurk" on our forums seems 110% of us do anyway.

    We do have a working democratic government (which drives me insane) and sound systems such as tech, banks and defence

    Ha nice, I love inactive forums :P

    But, democratic governments don't work IRL, let alone in an online game.

  10. Recruit Me

    in Player Created Alliances

    Posted · Edited by yetanothername

    So, I'm looking for an alliance to join.

    Some things about me:

    *I'm not willing to switch from green

    *I won't be (that) active on your forums, but I'll be on your IRC almost 24/7*

    *(That being said, I got couped from my last alliance for inactivity and didn't notice for two weeks)

    *Um ya....recruit me. Past alliances I've been in are GGA and EG.

    Edit: I guess I should add that I was the MoF in the GGA for a while

    Edit2: Your alliance better have stand alone forums, I refuse to put up with invisionfree.

    *Assuming my server operator doesn't screw up ZNC again.

  17. A question to all alliances in CN

    in Open World RP

    Posted · Edited by yetanothername

    If you want really old school IPs - I have access to the now old GGA forums if you need any verifications.

    Are you talking about this forum?

    404: Board Does Not Exist.

    Make sure you did not mis-type the URL.

    But, OT: Elephant Graveyard, #elephantgraveyard, Me (~). Just leave a message and my bouncer will pick it up if I'm offline.

  19. Ex-GGA Members

    in Open World RP

    Posted

    Heh, well I am a former member of the true GGA. Not the one calling themselves GGA these days.

    I joined in February 2006, and left about 2 weeks before GW1, only to return and fight GW1 in GGA. I left a couple months after. So, I'll guess around until August 2006.

    I was a Paladin, Minister of Defense, Vice Chancellor, and founded the GGA's Internal Affairs Ministry, and was the first Minister of Internal Affairs. I also led the GGA's army in GW1, upon my return from LUE.

    Wasn't the GGA founded on March 1st, 2006? :unsure:

×
×
  • Create New...