Project 1999
Page 1 of 14 1 2311 Last »
Show 10 post(s) from this thread on one page

Project 1999 (/forums/index.php)
-   Rants and Flames (/forums/forumdisplay.php?f=30)
-   -   A Warning to the EQP99 Community: Database Hacking (/forums/showthread.php?t=44862)

Aadill 08-08-2011 12:25 PM
A Warning to the EQP99 Community: Database Hacking
 
With the recreation of The Mystical Order from the merging of two previously competing guilds to become stronger against opposition, the forums administrators of TheMysticalOrder.net quickly determined that something was amiss. With further research we found the possibility of a spy within the guild. That spy (or spies), however, had gone further than simply entering the ranks of a competing guild and reporting back to their own. It was obvious that a Transatlantic Rampage member had entered our ranks as not shortly after a post involving a bug was made public in the TMO forums (of which was removed and reported to the GMs considering it could be used for more than just harmless items) had been copied off of our forums and sent to the GMs.

Quote:
Originally Posted by chatlog
12:20:40 amelinda btws. is alkorin an officer or just a member?
12:21:04 aadill member but forums admin, why?
12:21:36 amelinda ohhhh looks like someone removed the thread.
12:21:38 amelinda probably jeremy
12:21:47 amelinda that's another sekrit.
12:22:14 amelinda :-P i have access to the forums - not to spy or anything. but durison knows.
12:23:37 amelinda because alkorin had that 'if you didn't know' thread up. tr copied it and emailed it to me.
12:30:26 aadill hahahahah
12:30:28 aadill yeah i removed it
12:30:33 aadill i don't want everyone in the guild trying it
12:30:35 aadill also what the fuck
12:30:39 aadill it said straight in the post
12:30:43 aadill "i told the gms"
12:30:49 aadill why the HELL are they wasting their time with that
12:30:52 aadill are they retarded
12:31:00 amelinda yeah.
12:31:13 amelinda well i already knew that he'd posted that and what i said was 'if you aren't supposed to do it then don't'
12:31:17 amelinda 'i know it's fun. but don't
12:31:24 aadill i mean illusions
12:31:26 aadill cool
12:31:28 aadill but the other stuff
12:31:29 aadill not cool
12:31:31 amelinda yeah.
12:31:33 amelinda exactly.
12:31:34 aadill this is what i said when i moved it back to officers
12:32:03 aadill I moved it because the general population of the guild doesn't need to know or know how to use something that isn't being dealt with simply because enough people aren't doing it. It's obviously an exploit as it's a problem of the entire client. If even a few more people start using it don't you suspect that people outside of the guild will want to know why members of TMO are all of the sudden disappearing into thin air and complete healing themselves and doing all this other shit? Illusions are pretty harmless but what happens when TMO_member_065 says, "Shit I wanna start fear kiting as a warrior!" and picks up that necro fear staff and some other shit and starts BLATANTLY doing that in public eye? If you want full disclosure you break it to the whole server and FORCE the devs to fix it. They use the petition/exploit forum to hide shit like that so people don't do it at large. If everyone starts doing it they'd have no choice and therefore taking it public would be the perfect way to force the GMs to do something. To keep it just in guild, and tell everyone EXACTLY how to do it, will only cause trouble for us. And if anyone with access to our forums is watching us, it won't take long until it's misconstrued much like Transcendence's little fiasco with MQ.

I am happy to see Haynar fixing it but with that said we don't need people abusing it at large right before it gets fixed.

12:33:54 amelinda good job.
At this time we were aware of the possibility of a spy but the membership at large had not been in any danger of any data compromise (or so we thought). The post in question was archived but removed from view to ensure no one attempted anything. The act of taking the post directly to the GMs was not surprising but obviously a waste of time by a member of Transatlantic Rampage in attempts to get someone in trouble. It had already been reported and a response was given by the developers.

Not long thereafter, we had discovered a sum of suspicious illegal activity being recorded by the forum server. An individual with an IP that was a proxy or a VPN in the UK was logging in as one of the guild leaders/forum admins. The guild leader lives nowhere near the UK and was therefore an issue that was quickly looked into further. This IP was linked to an individual attempting to download backup copies of the entire forums database via the Admin Control Panel as well as other private intellectual property (coding/program) created by one of our other players. The posts viewed were very selective by the hacker and indicate a specific interest in Everquest related activity.

Some of the activity recorded by the administrators includes the encrypted passwords of each and every member being downloaded and therefore compromised. Multiple non-existing portions of the site were accessed in attempts to fish further into the site. Whether or not the hacked download of the database and intellectual property succeeded lies in the hands of the individual that took such great measures to commit an illegal act.

EDIT: I edited a pronoun in the phrase "had done it" to lessen confusion.

Doktoor 08-08-2011 12:47 PM
Yay, I'll have something to read today!

Shiftin 08-08-2011 12:47 PM
It is a logical fallacy that because your database was hacked and because a TR member forwarded on an exploit you talked about (even in a "don't do this" way) on your member forums that a TR member hacked your database. We have had former/disgruntled TMO / DA in our app pool consistently for a solid 8 months, including apps received as recently as this morning. People offer us, unsolicited, a ridiculous amount of information about what goes on in your guild.

I am sorry you got hacked. I don't know jack and/or crap about database security, but it seems pretty out of line to point the finger without any actual evidence when this server is a cesspool of people who know entirely too much about the internet. We're not the only people your guild's leadership has pissed off.

Bardalicious 08-08-2011 12:51 PM
The fact that anyone, TR or not, would get so obsessive over an emulated video game as to illegally hack into a guilds' forums is pretty fucking sad.

Vohl 08-08-2011 12:57 PM
Even if this information was provided by someone outside your guild as you say, wouldn't the ethical choice be to inform this other guild about who provided this information, and let them know that you were informing GMs?

Shiftin 08-08-2011 01:01 PM
Yes, after every nice thing TMO has said about us and done for us, I think it's only fair we let them know every time one of their members tells us something embarassing about their guild.

JenJen 08-08-2011 01:03 PM
embarrassing for all involved

Secrets 08-08-2011 01:04 PM
Why is this a warning to this community? No one gives a damn about guild drama, especially if it's third party (IE non-official p1999) sites.

Half the players on p1999 I know for a fact don't care about this.

JenJen 08-08-2011 01:06 PM
Quote:
Originally Posted by Secrets (Post 356871)
Why is this a warning to this community? No one gives a damn about guild drama, especially if it's third party (IE non-official p1999) sites.

Half the players on p1999 I know for a fact don't care about this.

Zeelot 08-08-2011 01:17 PM
Guild drama and illegal activity that affects players on this server are very different things


All times are GMT -4. The time now is 02:04 AM.
Page 1 of 14 1 2311 Last »
Show 10 post(s) from this thread on one page

Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.