Server hacked

spider84 · Post by **spider84** » Fri Mar 06, 2009 10:17 am

how can i find out, if my login was published?

m!nus · Post by **m!nus** » Fri Mar 06, 2009 10:41 am

assume it was.

looked it up, yes it was.
p.s.: your password is hilarious, dont use words

efe · Post by **efe** » Fri Mar 06, 2009 10:45 am

Your account data is published, if you signed up for hacker.org before 21 Nov 2008.

plope0726 · Post by **plope0726** » Fri Mar 06, 2009 2:41 pm

Based on the fact that the accounts on that list all signed up before nov 2008, it seems like this was a seperate incident than the defacement of the homepage. If they had gotten this information at the same time that the home page was hijacked, wouldn't they have gotten everybodies info up to that date? Since the only page(s) that were defaced were the main homepage and the main forum page. I know this because while the site was still down (and the alternate homepage still up) I was still able to get to the forums ,etc. by entering the URL in the address bar. It seems to me that the most recent attack was a DNS cache poisoning to redirect the domain name to another page. Any other opinions on this?

http://en.wikipedia.org/wiki/DNS_cache_poisoning

the_impaler · Post by **the_impaler** » Sat Mar 07, 2009 5:28 am

m!nus wrote:assume it was.

looked it up, yes it was.
p.s.: your password is hilarious, dont use words

This begs the question - what were criteria for passwords that were not on the list ? m!nus , efe ?
There are passwords like 'oKLCz4317' on the list and it's 8 chars mixed case alphanumeric.

plope0726 · Post by **plope0726** » Sat Mar 07, 2009 5:50 am

[quote="the_impaler"][quote="m!nus"]assume it was.

looked it up, yes it was.
p.s.: your password is hilarious, dont use words[/quote]
This begs the question - what were criteria for passwords that were not on the list ? m!nus , efe ?
There are passwords like 'oKLCz4317' on the list and it's 8 chars mixed case alphanumeric.[/quote]

incorporate special characters (ie: !,@,#,$,%,^,&,*)

Allosentient · Post by **Allosentient** » Sat Mar 07, 2009 9:02 am

m!nus wrote:58.4% of the passwords got cracked

I know mine was, heh. This is exactly the reason I made an e-mail account and password just for this website... Anyone else who hasn't done the same isn't worth hacking

Sorry to hear, Adum! I always assumed that this site was near-bulletproof after more than a year had gone by without this happening, I assumed that people would have tried to do so enough for it to be a requirement

plope0726 · Post by **plope0726** » Sat Mar 07, 2009 2:07 pm

[quote="Allosentient"][quote="m!nus"]58.4% of the passwords got cracked
[/quote]

I know mine was, heh. This is exactly the reason I made an e-mail account and password just for this website... Anyone else who hasn't done the same isn't worth hacking

[/quote]

Quite true

soulness · Post by **soulness** » Sat Mar 07, 2009 6:09 pm

Hi, guys. I'he tried to pass "Challenge 'Cavern Master'" now, but I'he got an error

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/.mazie/hacker_apache/html/hacker/html/challenge/misc/d/dungeon.php:10) in /home/.mazie/hacker_apache/html/hacker/html/challenge/misc/d/dungeon.php on line 13

Warning: Cannot modify header information - headers already sent by (output started at /home/.mazie/hacker_apache/html/hacker/html/challenge/misc/d/dungeon.php:10) in /home/.mazie/hacker_apache/html/hacker/html/forum/includes/sessions.php on line 366

Warning: Cannot modify header information - headers already sent by (output started at /home/.mazie/hacker_apache/html/hacker/html/challenge/misc/d/dungeon.php:10) in /home/.mazie/hacker_apache/html/hacker/html/forum/includes/sessions.php on line 367

I think it will be interesting for you )

xTr1m · Post by **xTr1m** » Sun Mar 08, 2009 12:26 am

I'm new here, got here by the article on heise.de

I guess that some real hacking gave you free publicity!
Now on topic, I get php warnings in the first cavern challenge, something about headers that have already been sent while trying to mess around with the session

PeterS · Post by **PeterS** » Sun Mar 08, 2009 8:13 pm

Hi!
I got here from the article on heise.de about the incident, too.
The funny thing is, without this site getting hacked i would have probably never found my way here.
The challenges are really fun to solve. I already got 33627 points and 65 challenges solved.

Post by **adum** » Mon Mar 09, 2009 2:47 am

okay, dungeon should be fixed now...

xTr1m · Post by **xTr1m** » Mon Mar 09, 2009 2:33 pm

Not quite... when attacking a monster:

Warning: Cannot modify header information - headers already sent by (output started at /home/.mazie/hacker_apache/html/hacker/html/challenge/misc/d/dungeon.php:13) in /home/.mazie/hacker_apache/html/hacker/html/forum/includes/sessions.php on line 366

Warning: Cannot modify header information - headers already sent by (output started at /home/.mazie/hacker_apache/html/hacker/html/challenge/misc/d/dungeon.php:13) in /home/.mazie/hacker_apache/html/hacker/html/forum/includes/sessions.php on line 367

Post by **adum** » Mon Mar 09, 2009 7:59 pm

um, try now...

xTr1m · Post by **xTr1m** » Tue Mar 10, 2009 12:20 am

seems to work