Server hacked

[adum]

as you probably noticed, hacker.org was hacked last weekend. oh, the irony!

truth to be told, we hadn't spent much effort in securing the site. which was a little foolish.

as well as defacing the site, somebody dumped the user table with names and passwords. we use the phpbb2 reg system here, and i guess they don't salt their passwords, which is unfortunate. any password that is short or based on a dictionary word has probably been reversed at this time. therefore, it's very important to change your password to something robust, and if you used the same password on any other site or email account to change that too. sorry for any trouble.

i've spent some time closing out all the SQL injection points i could think of, but in case i missed something, if you happen to notice it please drop me a PM.

[PaRaDoX]

lol yea, we'd just "notice an un-sterilized form: :3

[plope0726]

[S3th]

Eh, My password was made up of Lower and uppercase, with numbers. sorta like
LiK3sH1HwN <Example.
And even if someone wanted to crack my account...Woopdie do, I created a new email address upon signing up here, so it wouldn't get far.

[theStack]

Well, I'm glad the site is back again, my apprehensions were that the bad guy destroyed the database and there were never made any backups of hacker.org.
Anyway, I noticed the system for the HVM challenges seems to be broken since the evil 0wnage:

Parse error: syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or '}' in /home/.mazie/hacker_apache/html/hacker/html/hvm/hvmchallenge.php on line 3

adum, could you fix that please?

[DanielG]

Also, the SVG version of the map isn't working.

Warning: domdocument() expects at least 1 parameter, 0 given in /home/.mazie/hacker_apache/html/hacker/html/challenge/svg/mapsvg.php on line 31

Fatal error: Call to undefined function: loadxml() in /home/.mazie/hacker_apache/html/hacker/html/challenge/svg/mapsvg.php on line 34

[teebee]

Moreover, the system for the SuperHack challenges is broken:

Parse error: syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or '}' in /home/.mazie/hacker_apache/html/hacker/html/sh/shack.php on line 3

and the php source of the SuperHack vm is not available at http://www.hacker.org/sh/shphp.phps.

[adum]

i'll fix all that stuff soon... thanks

[Codux]

Just a notice: Since the incident (i. e. since the hashes (and email) list is online) users might get bulk mail on the used mail address (I do). Only because of that I noticed that somthing is not ok (I was quite inactive the last time ).
I hope you haven't lost the fun on running the site!

[Defil3d]

Hello, I'm new to this site and since I saw that a hacking site just got hacked...All I can say is lol

[PaRaDoX]

Hello, I'm new to this site and since I saw that a hacking site just got hacked...All I can say is lol

I wouldn't laugh, go start up a site of your own and watch what happens in like the first 2 days. (shitty free sites don't count, I mean one where you have to do the security, smartass)

[Mr_K_13]

Quite unfortunate, I hope all is fixed soon. =)

[the_impaler]

Please let us know when it's safe to change password back to 6 stars.
The stickies are not holding for long
On the other positive side - the only email I got so far was that I just inherited $13,000,000. I didn't know that adum was so rich.

cheers,

[m!nus]

58.4% of the passwords got cracked

the news is even on heise.de: http://www.heise.de/security/Nutzerpass ... ung/134052 (german)

maybe it's time for a new era on hacker.org, make it open source, so everyone can find vulnerabilities and let you fix them.


btw, how exactly did they get in the system, vulnerabilities in the challenge system or in the forum?

[S3th]

"About the circumstances of the burglary, the operator is almost no information."
What happened adum. ;3