Page 2 of 8

Posted: Fri Mar 06, 2009 10:17 am
by spider84
how can i find out, if my login was published?

Posted: Fri Mar 06, 2009 10:41 am
by m!nus
assume it was.

looked it up, yes it was.
p.s.: your password is hilarious, dont use words

Posted: Fri Mar 06, 2009 10:45 am
by efe
Your account data is published, if you signed up for hacker.org before 21 Nov 2008.

Posted: Fri Mar 06, 2009 2:41 pm
by plope0726
Based on the fact that the accounts on that list all signed up before nov 2008, it seems like this was a seperate incident than the defacement of the homepage. If they had gotten this information at the same time that the home page was hijacked, wouldn't they have gotten everybodies info up to that date? Since the only page(s) that were defaced were the main homepage and the main forum page. I know this because while the site was still down (and the alternate homepage still up) I was still able to get to the forums ,etc. by entering the URL in the address bar. It seems to me that the most recent attack was a DNS cache poisoning to redirect the domain name to another page. Any other opinions on this?


http://en.wikipedia.org/wiki/DNS_cache_poisoning

Posted: Sat Mar 07, 2009 5:28 am
by the_impaler
m!nus wrote:assume it was.

looked it up, yes it was.
p.s.: your password is hilarious, dont use words
This begs the question - what were criteria for passwords that were not on the list ? m!nus , efe ?
There are passwords like 'oKLCz4317' on the list and it's 8 chars mixed case alphanumeric.

Posted: Sat Mar 07, 2009 5:50 am
by plope0726
[quote="the_impaler"][quote="m!nus"]assume it was.

looked it up, yes it was.
p.s.: your password is hilarious, dont use words[/quote]
This begs the question - what were criteria for passwords that were not on the list ? m!nus , efe ?
There are passwords like 'oKLCz4317' on the list and it's 8 chars mixed case alphanumeric.[/quote]

incorporate special characters (ie: !,@,#,$,%,^,&,*)

Posted: Sat Mar 07, 2009 9:02 am
by Allosentient
m!nus wrote:58.4% of the passwords got cracked
I know mine was, heh. This is exactly the reason I made an e-mail account and password just for this website... Anyone else who hasn't done the same isn't worth hacking :P

Sorry to hear, Adum! I always assumed that this site was near-bulletproof after more than a year had gone by without this happening, I assumed that people would have tried to do so enough for it to be a requirement :P

Posted: Sat Mar 07, 2009 2:07 pm
by plope0726
[quote="Allosentient"][quote="m!nus"]58.4% of the passwords got cracked
[/quote]

I know mine was, heh. This is exactly the reason I made an e-mail account and password just for this website... Anyone else who hasn't done the same isn't worth hacking :P
[/quote]

Quite true

Posted: Sat Mar 07, 2009 6:09 pm
by soulness
Hi, guys. I'he tried to pass "Challenge 'Cavern Master'" now, but I'he got an error
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/.mazie/hacker_apache/html/hacker/html/challenge/misc/d/dungeon.php:10) in /home/.mazie/hacker_apache/html/hacker/html/challenge/misc/d/dungeon.php on line 13

Warning: Cannot modify header information - headers already sent by (output started at /home/.mazie/hacker_apache/html/hacker/html/challenge/misc/d/dungeon.php:10) in /home/.mazie/hacker_apache/html/hacker/html/forum/includes/sessions.php on line 366

Warning: Cannot modify header information - headers already sent by (output started at /home/.mazie/hacker_apache/html/hacker/html/challenge/misc/d/dungeon.php:10) in /home/.mazie/hacker_apache/html/hacker/html/forum/includes/sessions.php on line 367
I think it will be interesting for you )

Posted: Sun Mar 08, 2009 12:26 am
by xTr1m
I'm new here, got here by the article on heise.de :) I guess that some real hacking gave you free publicity!
Now on topic, I get php warnings in the first cavern challenge, something about headers that have already been sent while trying to mess around with the session :)

Posted: Sun Mar 08, 2009 8:13 pm
by PeterS
Hi!
I got here from the article on heise.de about the incident, too.
The funny thing is, without this site getting hacked i would have probably never found my way here.
The challenges are really fun to solve. I already got 33627 points and 65 challenges solved. :)

Posted: Mon Mar 09, 2009 2:47 am
by adum
okay, dungeon should be fixed now...

Posted: Mon Mar 09, 2009 2:33 pm
by xTr1m
Not quite... when attacking a monster:

Warning: Cannot modify header information - headers already sent by (output started at /home/.mazie/hacker_apache/html/hacker/html/challenge/misc/d/dungeon.php:13) in /home/.mazie/hacker_apache/html/hacker/html/forum/includes/sessions.php on line 366

Warning: Cannot modify header information - headers already sent by (output started at /home/.mazie/hacker_apache/html/hacker/html/challenge/misc/d/dungeon.php:13) in /home/.mazie/hacker_apache/html/hacker/html/forum/includes/sessions.php on line 367

Posted: Mon Mar 09, 2009 7:59 pm
by adum
um, try now...

Posted: Tue Mar 10, 2009 12:20 am
by xTr1m
seems to work :)