NMA was hacked

Discussion in 'NMA News and Information' started by Odin, Sep 27, 2011.

  1. Odin

    Odin Carbon Dated and Proud
    Admin

    Apr 2, 2003
    NMA was hacked earlier today and the hacker left the following message:<blockquote>Dear NMA-Fallout.com Forum Users,

    I regret to inform you that NMA-Fallout.com staff seems to not give much of a fuck about security.
    The URL http://www.nma-fallout.com/article.php gave me access to all databases because the GET parameter 'id' is unescaped numeric injectable with 1 parenthesis. I then stumbled upon Odin's account in the phpBB database and cracked the MD5 of his ridiculously weak password (it's "" BTW). After deleting his two "sticky" posts I decided to "backup" the whole phpBB database to my computer.
    I don't want to harm any users and I will not sell or otherwise use the numerous passwords and email adresses I obtained. I only want to remind NMA-Fallout.com staff about the importance of website security.

    After this message got deleted the first time I resent it as a Mass Email so every user gets to know Razz
    I also banned all the Moderator Accounts except for Odin's.</blockquote>Props for hacking a site using quite old code also on taking a backup of the database, that shows that you just wanted to warn us. Next time send me an email or PM instead.
     
  2. TheGM

    TheGM The voice of reason

    Aug 19, 2008
    Anonymous is that you?
     
  3. Cimmerian Nights

    Cimmerian Nights So Old I'm Losing Radiation Signs

    Aug 20, 2004
    Re: NMA HACKED!!!

    :mrgreen:
     
  4. Lexx

    Lexx Background Radiant
    Moderator Modder

    Apr 24, 2005
    I am sure, that a mail about this issue directed at one of the administrators, would have been enough to catch their attention.
     
  5. bntest

    bntest First time out of the vault

    10
    Aug 22, 2008
    I didn't delete it to halt people being informed about this, mr hacker, I deleted it to ask our techies to look at it and then, of course, inform everyone, because asking people to address the problem (changing passwords) before the actual problem is fixed wouldn't be very productive. Mopping with the tap open.

    I thank you for pointing out a security flaw but question your methods. This is a site run by volunteers who have lacked technical aid for some time now. We do not "not care", but we are limited in our capabilities. A friendly email would have been as effective as what you're doing.

    I'm also unsure why you backed up the database on your computer. That doesn't seem helpful at all.
     
  6. Nark

    Nark Sonny, I Watched the Vault Bein' Built!

    Dec 6, 2008
    What the fuck am I reading.
     
  7. Nark

    Nark Sonny, I Watched the Vault Bein' Built!

    Dec 6, 2008
    What
     
  8. TheGM

    TheGM The voice of reason

    Aug 19, 2008
    Don't you people understand.

    He is the Hero you need not the hero you want.

    he is......

    BATMAN!
     
  9. TheSHEEEP

    TheSHEEEP It Wandered In From the Wastes

    149
    Jan 22, 2007
    I lol'd. :lol:

    Oh, well... n1, mr hacker. But.. uhm... I actually like this site, so could you give these people back their accounts so they can go on posting news and fixing security leaks.

    Also... why would anyone want to hack this site, anyway? To show that it can be hacked? To get emails of Fallout fanboys? :D
     
  10. Odin

    Odin Carbon Dated and Proud
    Admin

    Apr 2, 2003
    Removed bans, changed my password and he needs props for hacking ancient code..

    his ip is : 67.23.238.40
     
  11. Sander

    Sander This ghoul has seen it all
    Staff Member Admin Orderite

    Jul 5, 2003
    AKA '14mRh4X0r.tk'
     
  12. Sander

    Sander This ghoul has seen it all
    Staff Member Admin Orderite

    Jul 5, 2003
    Of course, as long as article.php remains unfixed he or someone else can come in and do the same thing.
     
  13. Odin

    Odin Carbon Dated and Proud
    Admin

    Apr 2, 2003
    Its in Florida atleast, I really dont care that people hack ancient code. Im amazed it hasnt been hacked untill now
     
  14. Odin

    Odin Carbon Dated and Proud
    Admin

    Apr 2, 2003
    I've sorted that for now, by removing the file.
     
  15. Brother None

    Brother None This ghoul has seen it all
    Staff Member Admin Orderite

    Apr 3, 2003
    That's kind of a blunt force fix :P

    Any idea when articles will be back up and running? We do use it for RSS/twitter/facebook

    Also, newspost about it? Gotta advice people to change passwords and the like, for all the good it does.
     
  16. Odin

    Odin Carbon Dated and Proud
    Admin

    Apr 2, 2003
    Already working on it
     
  17. Surf Solar

    Surf Solar So Old I'm Losing Radiation Signs

    Aug 20, 2009
    Prosper lives in Florida. :P

    Anyway to the "hacker", fuck you - you piece of shit. I fucking hate pathetic people like you. Sure, backing up the database "just to be sure" will help the admins here raising the security. :roll:

    Die in a fire.

    EDIT: After sending this post, I got the

    Vault Tech Error sending Email to Pipboy :: PHP ::


    Error Message...
     
  18. Odin

    Odin Carbon Dated and Proud
    Admin

    Apr 2, 2003
    Im getting that message as well, looking into whats causing it. I can only assume the hacker left some code in somewhere.
     
  19. Brother None

    Brother None This ghoul has seen it all
    Staff Member Admin Orderite

    Apr 3, 2003
    He's just trying to be a helpful!

    Truly an hero.
     
  20. Sander

    Sander This ghoul has seen it all
    Staff Member Admin Orderite

    Jul 5, 2003
    Or he wanted to get reports on posts. I think that can cause it as well.