Server hacked

Discussion about hacker.org's server
spider84
Posts: 1
Joined: Thu Oct 30, 2008 5:52 pm

Post by spider84 »

how can i find out, if my login was published?
User avatar
m!nus
Posts: 202
Joined: Sat Jul 28, 2007 6:49 pm
Location: Germany

Post by m!nus »

assume it was.

looked it up, yes it was.
p.s.: your password is hilarious, dont use words
User avatar
efe
Posts: 45
Joined: Sun Oct 26, 2008 10:28 am
Location: germany

Post by efe »

Your account data is published, if you signed up for hacker.org before 21 Nov 2008.
plope0726
Posts: 826
Joined: Mon Dec 15, 2008 10:13 pm

Post by plope0726 »

Based on the fact that the accounts on that list all signed up before nov 2008, it seems like this was a seperate incident than the defacement of the homepage. If they had gotten this information at the same time that the home page was hijacked, wouldn't they have gotten everybodies info up to that date? Since the only page(s) that were defaced were the main homepage and the main forum page. I know this because while the site was still down (and the alternate homepage still up) I was still able to get to the forums ,etc. by entering the URL in the address bar. It seems to me that the most recent attack was a DNS cache poisoning to redirect the domain name to another page. Any other opinions on this?


http://en.wikipedia.org/wiki/DNS_cache_poisoning
the_impaler
Posts: 61
Joined: Wed Apr 30, 2008 3:31 am

Post by the_impaler »

m!nus wrote:assume it was.

looked it up, yes it was.
p.s.: your password is hilarious, dont use words
This begs the question - what were criteria for passwords that were not on the list ? m!nus , efe ?
There are passwords like 'oKLCz4317' on the list and it's 8 chars mixed case alphanumeric.
plope0726
Posts: 826
Joined: Mon Dec 15, 2008 10:13 pm

Post by plope0726 »

[quote="the_impaler"][quote="m!nus"]assume it was.

looked it up, yes it was.
p.s.: your password is hilarious, dont use words[/quote]
This begs the question - what were criteria for passwords that were not on the list ? m!nus , efe ?
There are passwords like 'oKLCz4317' on the list and it's 8 chars mixed case alphanumeric.[/quote]

incorporate special characters (ie: !,@,#,$,%,^,&,*)
Allosentient
Posts: 273
Joined: Thu Apr 10, 2008 9:47 pm

Post by Allosentient »

m!nus wrote:58.4% of the passwords got cracked
I know mine was, heh. This is exactly the reason I made an e-mail account and password just for this website... Anyone else who hasn't done the same isn't worth hacking :P

Sorry to hear, Adum! I always assumed that this site was near-bulletproof after more than a year had gone by without this happening, I assumed that people would have tried to do so enough for it to be a requirement :P
plope0726
Posts: 826
Joined: Mon Dec 15, 2008 10:13 pm

Post by plope0726 »

[quote="Allosentient"][quote="m!nus"]58.4% of the passwords got cracked
[/quote]

I know mine was, heh. This is exactly the reason I made an e-mail account and password just for this website... Anyone else who hasn't done the same isn't worth hacking :P
[/quote]

Quite true
User avatar
soulness
Posts: 11
Joined: Mon Oct 27, 2008 2:56 pm
Location: //Europe/Ukraine/Kharkov

Post by soulness »

Hi, guys. I'he tried to pass "Challenge 'Cavern Master'" now, but I'he got an error
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/.mazie/hacker_apache/html/hacker/html/challenge/misc/d/dungeon.php:10) in /home/.mazie/hacker_apache/html/hacker/html/challenge/misc/d/dungeon.php on line 13

Warning: Cannot modify header information - headers already sent by (output started at /home/.mazie/hacker_apache/html/hacker/html/challenge/misc/d/dungeon.php:10) in /home/.mazie/hacker_apache/html/hacker/html/forum/includes/sessions.php on line 366

Warning: Cannot modify header information - headers already sent by (output started at /home/.mazie/hacker_apache/html/hacker/html/challenge/misc/d/dungeon.php:10) in /home/.mazie/hacker_apache/html/hacker/html/forum/includes/sessions.php on line 367
I think it will be interesting for you )
xTr1m
Posts: 4
Joined: Fri Mar 06, 2009 9:26 am

Post by xTr1m »

I'm new here, got here by the article on heise.de :) I guess that some real hacking gave you free publicity!
Now on topic, I get php warnings in the first cavern challenge, something about headers that have already been sent while trying to mess around with the session :)
PeterS
Posts: 24
Joined: Thu Mar 05, 2009 7:17 pm

Post by PeterS »

Hi!
I got here from the article on heise.de about the incident, too.
The funny thing is, without this site getting hacked i would have probably never found my way here.
The challenges are really fun to solve. I already got 33627 points and 65 challenges solved. :)
User avatar
adum
Posts: 392
Joined: Thu Apr 19, 2007 12:49 pm
Contact:

Post by adum »

okay, dungeon should be fixed now...
xTr1m
Posts: 4
Joined: Fri Mar 06, 2009 9:26 am

Post by xTr1m »

Not quite... when attacking a monster:

Warning: Cannot modify header information - headers already sent by (output started at /home/.mazie/hacker_apache/html/hacker/html/challenge/misc/d/dungeon.php:13) in /home/.mazie/hacker_apache/html/hacker/html/forum/includes/sessions.php on line 366

Warning: Cannot modify header information - headers already sent by (output started at /home/.mazie/hacker_apache/html/hacker/html/challenge/misc/d/dungeon.php:13) in /home/.mazie/hacker_apache/html/hacker/html/forum/includes/sessions.php on line 367
User avatar
adum
Posts: 392
Joined: Thu Apr 19, 2007 12:49 pm
Contact:

Post by adum »

um, try now...
xTr1m
Posts: 4
Joined: Fri Mar 06, 2009 9:26 am

Post by xTr1m »

seems to work :)
Post Reply