Project 1999

Go Back   Project 1999 > General Community > Rants and Flames

Closed Thread
 
Thread Tools Display Modes
  #1  
Old 08-08-2011, 12:25 PM
Aadill Aadill is offline
Planar Protector

Aadill's Avatar

Join Date: Jan 2010
Posts: 1,137
Default A Warning to the EQP99 Community: Database Hacking

With the recreation of The Mystical Order from the merging of two previously competing guilds to become stronger against opposition, the forums administrators of TheMysticalOrder.net quickly determined that something was amiss. With further research we found the possibility of a spy within the guild. That spy (or spies), however, had gone further than simply entering the ranks of a competing guild and reporting back to their own. It was obvious that a Transatlantic Rampage member had entered our ranks as not shortly after a post involving a bug was made public in the TMO forums (of which was removed and reported to the GMs considering it could be used for more than just harmless items) had been copied off of our forums and sent to the GMs.

Quote:
Originally Posted by chatlog
12:20:40 amelinda btws. is alkorin an officer or just a member?
12:21:04 aadill member but forums admin, why?
12:21:36 amelinda ohhhh looks like someone removed the thread.
12:21:38 amelinda probably jeremy
12:21:47 amelinda that's another sekrit.
12:22:14 amelinda :-P i have access to the forums - not to spy or anything. but durison knows.
12:23:37 amelinda because alkorin had that 'if you didn't know' thread up. tr copied it and emailed it to me.
12:30:26 aadill hahahahah
12:30:28 aadill yeah i removed it
12:30:33 aadill i don't want everyone in the guild trying it
12:30:35 aadill also what the fuck
12:30:39 aadill it said straight in the post
12:30:43 aadill "i told the gms"
12:30:49 aadill why the HELL are they wasting their time with that
12:30:52 aadill are they retarded
12:31:00 amelinda yeah.
12:31:13 amelinda well i already knew that he'd posted that and what i said was 'if you aren't supposed to do it then don't'
12:31:17 amelinda 'i know it's fun. but don't
12:31:24 aadill i mean illusions
12:31:26 aadill cool
12:31:28 aadill but the other stuff
12:31:29 aadill not cool
12:31:31 amelinda yeah.
12:31:33 amelinda exactly.
12:31:34 aadill this is what i said when i moved it back to officers
12:32:03 aadill I moved it because the general population of the guild doesn't need to know or know how to use something that isn't being dealt with simply because enough people aren't doing it. It's obviously an exploit as it's a problem of the entire client. If even a few more people start using it don't you suspect that people outside of the guild will want to know why members of TMO are all of the sudden disappearing into thin air and complete healing themselves and doing all this other shit? Illusions are pretty harmless but what happens when TMO_member_065 says, "Shit I wanna start fear kiting as a warrior!" and picks up that necro fear staff and some other shit and starts BLATANTLY doing that in public eye? If you want full disclosure you break it to the whole server and FORCE the devs to fix it. They use the petition/exploit forum to hide shit like that so people don't do it at large. If everyone starts doing it they'd have no choice and therefore taking it public would be the perfect way to force the GMs to do something. To keep it just in guild, and tell everyone EXACTLY how to do it, will only cause trouble for us. And if anyone with access to our forums is watching us, it won't take long until it's misconstrued much like Transcendence's little fiasco with MQ.

I am happy to see Haynar fixing it but with that said we don't need people abusing it at large right before it gets fixed.

12:33:54 amelinda good job.
At this time we were aware of the possibility of a spy but the membership at large had not been in any danger of any data compromise (or so we thought). The post in question was archived but removed from view to ensure no one attempted anything. The act of taking the post directly to the GMs was not surprising but obviously a waste of time by a member of Transatlantic Rampage in attempts to get someone in trouble. It had already been reported and a response was given by the developers.

Not long thereafter, we had discovered a sum of suspicious illegal activity being recorded by the forum server. An individual with an IP that was a proxy or a VPN in the UK was logging in as one of the guild leaders/forum admins. The guild leader lives nowhere near the UK and was therefore an issue that was quickly looked into further. This IP was linked to an individual attempting to download backup copies of the entire forums database via the Admin Control Panel as well as other private intellectual property (coding/program) created by one of our other players. The posts viewed were very selective by the hacker and indicate a specific interest in Everquest related activity.

Some of the activity recorded by the administrators includes the encrypted passwords of each and every member being downloaded and therefore compromised. Multiple non-existing portions of the site were accessed in attempts to fish further into the site. Whether or not the hacked download of the database and intellectual property succeeded lies in the hands of the individual that took such great measures to commit an illegal act.

EDIT: I edited a pronoun in the phrase "had done it" to lessen confusion.
Last edited by Aadill; 08-08-2011 at 02:48 PM.. Reason: i edited a pronoun!
  #2  
Old 08-08-2011, 12:47 PM
Doktoor Doktoor is offline
Banned


Join Date: Jul 2011
Location: Northwest Alaska
Posts: 160
Default

Yay, I'll have something to read today!
  #3  
Old 08-08-2011, 12:47 PM
Shiftin Shiftin is offline
Fire Giant


Join Date: Aug 2010
Posts: 755
Default

It is a logical fallacy that because your database was hacked and because a TR member forwarded on an exploit you talked about (even in a "don't do this" way) on your member forums that a TR member hacked your database. We have had former/disgruntled TMO / DA in our app pool consistently for a solid 8 months, including apps received as recently as this morning. People offer us, unsolicited, a ridiculous amount of information about what goes on in your guild.

I am sorry you got hacked. I don't know jack and/or crap about database security, but it seems pretty out of line to point the finger without any actual evidence when this server is a cesspool of people who know entirely too much about the internet. We're not the only people your guild's leadership has pissed off.
  #4  
Old 08-08-2011, 12:51 PM
Bardalicious Bardalicious is offline
Planar Protector

Bardalicious's Avatar

Join Date: Jun 2011
Posts: 1,684
Default

The fact that anyone, TR or not, would get so obsessive over an emulated video game as to illegally hack into a guilds' forums is pretty fucking sad.
  #5  
Old 08-08-2011, 12:57 PM
Vohl Vohl is offline
Sarnak


Join Date: May 2011
Posts: 381
Default

Even if this information was provided by someone outside your guild as you say, wouldn't the ethical choice be to inform this other guild about who provided this information, and let them know that you were informing GMs?
  #6  
Old 08-08-2011, 01:01 PM
Shiftin Shiftin is offline
Fire Giant


Join Date: Aug 2010
Posts: 755
Default

Yes, after every nice thing TMO has said about us and done for us, I think it's only fair we let them know every time one of their members tells us something embarassing about their guild.
  #7  
Old 08-08-2011, 01:03 PM
JenJen JenJen is offline
Fire Giant


Join Date: Mar 2011
Location: Busan, South Korea
Posts: 692
Default

embarrassing for all involved
  #8  
Old 08-08-2011, 01:04 PM
Secrets Secrets is offline
VIP / Contributor

Secrets's Avatar

Join Date: Oct 2009
Posts: 1,354
Default

Why is this a warning to this community? No one gives a damn about guild drama, especially if it's third party (IE non-official p1999) sites.

Half the players on p1999 I know for a fact don't care about this.
__________________
Engineer of Things and Stuff, Wearer of Many Hats

“Knowing yourself is the beginning of all wisdom.” — Aristotle
  #9  
Old 08-08-2011, 01:06 PM
JenJen JenJen is offline
Fire Giant


Join Date: Mar 2011
Location: Busan, South Korea
Posts: 692
Default

Quote:
Originally Posted by Secrets [You must be logged in to view images. Log in or Register.]
Why is this a warning to this community? No one gives a damn about guild drama, especially if it's third party (IE non-official p1999) sites.

Half the players on p1999 I know for a fact don't care about this.
  #10  
Old 08-08-2011, 01:17 PM
Zeelot Zeelot is offline
Fire Giant


Join Date: Sep 2010
Posts: 625
Default

Guild drama and illegal activity that affects players on this server are very different things
__________________
Zeelot <TMO>
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 02:12 AM.


Everquest is a registered trademark of Daybreak Game Company LLC.
Project 1999 is not associated or affiliated in any way with Daybreak Game Company LLC.
Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.