NMA was hacked

Odin

Odin

Carbon Dated and Proud
Admin
NMA was hacked earlier today and the hacker left the following message:<blockquote>Dear NMA-Fallout.com Forum Users,

I regret to inform you that NMA-Fallout.com staff seems to not give much of a fuck about security.
The URL http://www.nma-fallout.com/article.php gave me access to all databases because the GET parameter 'id' is unescaped numeric injectable with 1 parenthesis. I then stumbled upon Odin's account in the phpBB database and cracked the MD5 of his ridiculously weak password (it's "" BTW). After deleting his two "sticky" posts I decided to "backup" the whole phpBB database to my computer.
I don't want to harm any users and I will not sell or otherwise use the numerous passwords and email adresses I obtained. I only want to remind NMA-Fallout.com staff about the importance of website security.

After this message got deleted the first time I resent it as a Mass Email so every user gets to know Razz
I also banned all the Moderator Accounts except for Odin's.</blockquote>Props for hacking a site using quite old code also on taking a backup of the database, that shows that you just wanted to warn us. Next time send me an email or PM instead.
 
I am sure, that a mail about this issue directed at one of the administrators, would have been enough to catch their attention.
 
I didn't delete it to halt people being informed about this, mr hacker, I deleted it to ask our techies to look at it and then, of course, inform everyone, because asking people to address the problem (changing passwords) before the actual problem is fixed wouldn't be very productive. Mopping with the tap open.

I thank you for pointing out a security flaw but question your methods. This is a site run by volunteers who have lacked technical aid for some time now. We do not "not care", but we are limited in our capabilities. A friendly email would have been as effective as what you're doing.

I'm also unsure why you backed up the database on your computer. That doesn't seem helpful at all.
 
Don't you people understand.

He is the Hero you need not the hero you want.

he is......

BATMAN!
 
I lol'd. :lol:

Oh, well... n1, mr hacker. But.. uhm... I actually like this site, so could you give these people back their accounts so they can go on posting news and fixing security leaks.

Also... why would anyone want to hack this site, anyway? To show that it can be hacked? To get emails of Fallout fanboys? :D
 
Removed bans, changed my password and he needs props for hacking ancient code..

his ip is : 67.23.238.40
 
Of course, as long as article.php remains unfixed he or someone else can come in and do the same thing.
 
Its in Florida atleast, I really dont care that people hack ancient code. Im amazed it hasnt been hacked untill now
 
Sander said:
Of course, as long as article.php remains unfixed he or someone else can come in and do the same thing.
Click to expand...

I've sorted that for now, by removing the file.
 
That's kind of a blunt force fix :P

Any idea when articles will be back up and running? We do use it for RSS/twitter/facebook

Also, newspost about it? Gotta advice people to change passwords and the like, for all the good it does.
 
Prosper lives in Florida. :P

Anyway to the "hacker", fuck you - you piece of shit. I fucking hate pathetic people like you. Sure, backing up the database "just to be sure" will help the admins here raising the security. :roll:

Die in a fire.

EDIT: After sending this post, I got the

Vault Tech Error sending Email to Pipboy :: PHP ::


Error Message...
 
Im getting that message as well, looking into whats causing it. I can only assume the hacker left some code in somewhere.
 
Odin said:
Im getting that message as well, looking into whats causing it. I can only assume the hacker left some code in somewhere.
Click to expand...
Or he wanted to get reports on posts. I think that can cause it as well.
 
You must log in or register to reply here.
Back
Top