Language…
22 users online: crocodileman94, D1STYNCT, DanMario24YT, Domokun007, GamesInTweed, Green, GRIMMKIN, Heitor Porfirio, iRhyiku, Knetog, LightAligns, Nayfal, ocked, Pink Gold Peach, PMH, RZRider, Silver_Revolver, SMW Magic, test212, TheXander, VSmario90, yoshiatom - Guests: 299 - Bots: 311
Users: 64,795 (2,374 active)
Latest user: mathew

What the hell happened?

Link Thread Closed
I suppose it is no secret to most of you that we suffered from an attack this week. This case is rather complicated because you can view it from many different angles, and there are there are many different people involved.

To our (the staff team's) current knowledge, this is the list of people who participated, one way or the other:

Kyoseron
Kaeru
DarthRiko
TNR
Arbe
Memetchilove
Snowshoe
Yoshiro
MWC
ShadowNinjaNick
MARL
Geno


Let's start out with the things that I know for certain:

a) Kyoseron places cookie stealing script in custom title.
b) Arbe uses stolen cookie to access SNN's account.
c) Using a proxy server, he unbans his IP and gives user #1974 Administrator priviledges.
d) Arbe logs in to user #1974 from which he gives staff powers to several other users.
e) Panic.


And now, I would like to present some of the things I heard from various people. The following may or may not be the truth. I don't know whether it is or not. Judge for yourself:

Supposedly, Arbe only functioned as a catalyst for the attack. That is, without him, it is likely nothing would have happened. It has been claimed that he had no real interest in the attack, but only participated because he was asked for help on how to hack the Central. The people who asked him would be the same people who later got staff powers with his help so that they could empty the site's file sections and forums.

It has been suggested that the attack was performed because of certain users' dissatisfaction with certain staff members. If this is the case, I would love to hear about it. After all, this is why there is a "Staff complaints" thread. I can report that the hole used to perform this attack (to my knowledge) has been closed. A couple of other things were taken care of at the same time.


Q) So, wait, what... what does it mean to steal cookies?

A) When you log in to the site, a little text file is saved on your computer to let the site know that you are logged in. This text file contains your user ID, as well as a hashed password. Only the site is supposed to have access to this file, but with javascript and a little creativity, it is possible to fool your browser into sending it off to somewhere else. Now, there are filters in an attempt to prevent javascript from executing on the site. The problem was that I missed a spot. On the profile page, the custom title would go unfiltered, and as such, it would be possible to steal a cookie.


Q) Hashed password? What does this mean? Do I have to change my password everywhere?

A) Making a hash of some text is generally an irreversible process. There does exist lookup tables on the Internet, though, where you can search for a hash's unhashed counterpart. This doesn't necessarely mean that it is possible to obtain your password from the hash. First of all, if your password was complicated, it is likely that it doesn't exist in such a lookup table. Secondly, a salt is added to the password before it is hashed. This basically means that we're adding complexity to the password so that it might not be found as easily.

It would be safe to say that it probably wouldn't be stupid of you to change your password in places where you used the same password as you did on SMW Central. Perhaps you should consider not sharing your SMW Central password with any other accounts.


... aaaand that's basically it, I suppose. Feel free to ask any questions.
Ok... But who the hell is Arbe? Why he is doing that? Vegeance, or pure retardness?
Now I leave my IPS patches of my hacks for everyone play and edit as you want to.

Bramble Invasion & Surreliatus


Arbe has been arround for quite some time. His first attack happened last May, when he wiped out the entire section by manipulating certain users and getting their passwords. Needless to say, he is bad news.

(also, taking bets on how long it takes for one of them to rereg and do some generic 'you'll never win' shit.)
Originally posted by Baphomet Junior
Why he is doing that? Vegeance, or pure retardness?

If you'd read it's stated that he did it because he was asked.

As for who he is, I don't feel like explaining.

EDIT: If S.N.N. would automatically do all the things I don't want to do, that would be great.
Is there information on the motives of the staff?
So that is the information we have... I am surprised that Kyo was involved. After all, she was also a staff member.

Well, information is only to come, so we might as well wait anddiscover.
Arbe is a user we had trouble with before. He is horribly skilled at manipulating people into thinking that he can change for the better, but some time ago we realized, that this probably isn't possible. We tried dealing with him in different ways, but nothing helped. Eventually it just became a matter of banning him at the same pace as he could find a new proxy server to use. According to himself he doesn't really have anything against the site, but fact is that he has attacked it several times.
We're not exactly sure what motives Kyoseron had to do something this stupid. It is known, however, that she has been good friends with Arbe for some time and was a staff member at his site.
Originally posted by Kieran Menor
that she has been good friends with Arbe for some time and was a staff member at his site.


Originally posted by Kieran Menor
He is horribly skilled at manipulating people


welpp
I cant believe that Kyo was involved. The beast Full Moderators just degreaded to a Arbe Simpathyzer.
i just lurk sometimes
Originally posted by Bugzzy
I cant believe that Kyo was involved. The beast Full Moderators just degreaded to a Arbe Simpathyzer.

Nice spelling.

Also, I'd believe it. Kyoseron is more shady than is evident based upon her forum posts.
Yes i know. My grammar is horrible. But, a full moderator involved...
Weird.
i just lurk sometimes
Originally posted by Boingboingsplat
Also, I'd believe it. Kyoseron is more shady than is evident based upon her forum posts.


She encouraged a 10-month bump once as I recall. But I won't hold that against her, it was pretty awesome.

EDIT: vvvv anyone who poses as a girl for a year for money is not to be trusted.
I was wondering how darthriko helped in the server assault yesterday? he doesnt seem the kind of person that would do that.....
Layout by Tom Servo
It's sad to see these people do this. I can't believe how this could have happened.

World Community Grid: Thread | Team
 
There are too many people on this site who are jealous of moderators and staff members, and wish dearly they could be one too, just to have suck ups and backseat mods lick their pussies.

Like, I'm never going to be staff since I have a history of spamming and submitting buggy stuff just to see removal log mods get pissed.

A bit off topic, but is there a demotion list for people who got demoted in the takeover?

Again off topic, there totally be a custom title: Arbe Sympathizer. It comes with a ban and -100 posts. =D Jk.


Your layout has been removed.
There is always the 1 or 2 people that have to ruin it for people. Although I'm new here I'm not stupied and I know how devastating an attack like this can be. I've changed my password to be on the safe side. But it's a good example to always be prepared cause there are people that will spoil it and it can be those that you least suspect.

Fortunetly the damage could of been a lot worse and the staff have done very well in reducing the damage.
I'm not the star of the show but I try to be.
Currently making a SMW rom hack with 7 worlds. Hope to finish it soon.

Wow.

I still wonder their main motives in the attack. At least the site is still running.

The list is up. And just wow. Many people involved in this. As the majority, I'm surprised about Kyoseron, being a full mod at this site involved in this event. The others.. well. About Yoshiro, TNR and MWC, they were banned several times and the motion probably was some sort of revenge as stated before. About the others, I don't know them well. ShadowNinjaNick strangely requested a ban until June 19.. That was weird. And the others maybe had contacted with Arbe to help him, that's the only way I can think about their participation in the assault. I was thinking that Simple Bag was involved too, because he had a brown nick, but apparently he isn't (and it'd be another person without a clear motivation to participate in this thing).

Well, ending I'd like to say I'm very sad again that this happened. Just that.

I am surprised about Kaeru and DarthRiko. They just don't seem to be the kind of people to do that.

I am really sad all these people were involved, for seemingly no reason, especially Kyo.
Link Thread Closed