X-Istence.com forums gone

xsivforce said:

Yeah, got this email:

Return-Path: <xistence@boggles.deonix.com>
Delivered-To: x-istence.com-admin@x-istence.com
Received: (qmail 63590 invoked by uid 0); 3 Sep 2004 05:49:28 -0000
Received: from unknown (HELO boggles.deonix.com) (69.93.186.250)
by Breached.X-Istence.com with SMTP; 3 Sep 2004 05:49:28 -0000
Received: from xistence by boggles.deonix.com with local (Exim 4.42)
id 1C36vB-0007MZ-Sj
for admin@x-istence.com; Fri, 03 Sep 2004 00:47:37 -0500
To: admin@x-istence.com
Subject: Password recovery information from X-Istence.com :: Forums ( From X-Istence.com :: Forums )
From: "X-Istence.com :: Forums" <x-forums@x-istence.com>
X-Priority: 3
X-Mailer: IPB PHP Mailer
Message-Id: <E1C36vB-0007MZ-Sj@boggles.deonix.com>
Date: Fri, 03 Sep 2004 00:47:37 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - boggles.deonix.com
X-AntiAbuse: Original Domain - x-istence.com
X-AntiAbuse: Originator/Caller UID/GID - [32005 32005] / [47 12]
X-AntiAbuse: Sender Address Domain - boggles.deonix.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
Breached.X-Istence.com
X-Spam-Status: No, hits=0.0 required=4.0 tests=CLICK_BELOW autolearn=no
version=2.63
X-Spam-Level:





X-Istence,
This email has been sent from http://x-istence.com/forums/index.php.

You have received this email because a user account password recovery
was instigated by you on X-Istence.com :: Forums.

------------------------------------------------
IMPORTANT!
------------------------------------------------

If you did not request this password change, please IGNORE and DELETE this
email immediately. Only continue if you wish your password to be reset!

------------------------------------------------
Activation Instructions Below
------------------------------------------------

We require that you "validate" your password recovery to ensure that
you instigated this action. This protects against
unwanted spam and malicious abuse.

Simply click on the link below and complete the rest of the form

http://x-istence.com/forums/index.p...rm&uid=1&aid=cb12bc9f4aa297b9e00a1f724a1d328b

(AOL Email users may need to cut and paste the link into your web
browser).

------------------------------------------------
Not working?
------------------------------------------------

If you could not validate your registration by clicking on the link, please
visit this page:

http://x-istence.com/forums/index.php?act=Reg&CODE=lostpassform

It will ask you for a user id number, and your validation key. These are shown
below:

User ID: 1

Validation Key: cb12bc9f4aa297b9e00a1f724a1d328b

Please cut and paste, or type those numbers into the corresponding fields in the form.

------------------------------------------------
Is this not working?
------------------------------------------------

If you cannot re-activate your account, it's possible that the account has been removed or you
are in the process of another activation, such as registering or changing your registered email address.
If this is the case, then please complete the previous activation.
If the error persists, please contact an administrator to rectify the problem.

IP address of sender: 203.210.201.7


Regards,

The X-Istence.com :: Forums team.
http://x-istence.com/forums/index.php

Well, that is not my IP, and nor did i request it, so i go back to check what is up, and someone is logged in as me, and i can't get in.

So i check the title and it is: "Has been Hacked by Leo Anderson" i immediatly drop the username xistence_forums from MySQL basically killing all of my forum cause that is the username it uses. But the ****er got to drop my posts table before that happened. Not knowing about it, i updated my forum, and tried to get things working, when i wanted to go to a post i got an error message saying the table did not exist.
 
thekore said:
well i only talked to you last night X... i needed help :p
sorry to hear about it and it really sucks, but will a re-opening of forums be included on the new version of x-istence.com?

Most probably.
 
Were you still at 1.2 or 1.3? If so, I feel bad because I should have made sure you upgraded to the latest 1.3.1 or 2.0. There were some problems recently discovered with 1.2/1.3.
 
I was at 1.3. It is not your fault. I just came back from Australia and have been really busy bringing everything else up to date (Breached, iBook, servers) and i did see there was a new version out, but thought it was nothing major.
 
I have been so wrapped up with other stuff I forgot all about X-Istence forums. We will get you back up and running and back to former glory and then some. In the future when you leave for extended periods let me know and I will do a backup in your absence and keep an eye on the place.
 
Unbelievable. Feel so sorry for ya. Just hope you can recover quickly from this.
 
i still think you should get them re-opened sooner. We can all help to get your content back :)
 
* Dns resolved 203.210.201.7 to localhost

Do you share hosting? Or is your site on your personal server?
 
So what does that mean?
Someone at the data centre did it ?

(would explain how they got into mysql ?)
 
Well someone could have r00t3d the box if it was at a DC or something. Should see if it was more then just x-istence.com that got cracked. Or possible another user on the box that found a hole in permissions you had set (long shot)?
 
It could have been as simple as crafting a url to grab X-Istence's cookie then go into the IPB admin panel and screw around with the sql from there.
 
Xie said:
* Dns resolved 203.210.201.7 to localhost

Do you share hosting? Or is your site on your personal server?

It is on a shared server with 10 other sites :p.

Lookie, it choose to call it's rdns localhost, causing you to get confused :). Second, it is prob a proxy.:

BiteSize:~ xistence$ nslookup 203.210.201.7
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 167.206.7.4
Address: 167.206.7.4#53

Non-authoritative answer:
7.201.210.203.in-addr.arpa name = localhost.

Authoritative answers can be found from:
201.210.203.in-addr.arpa nameserver = vdc-hn01.vnn.vn.
201.210.203.in-addr.arpa nameserver = hcm-server1.vnn.vn.
hcm-server1.vnn.vn internet address = 203.162.4.1
 
xsivforce said:
It could have been as simple as crafting a url to grab X-Istence's cookie then go into the IPB admin panel and screw around with the sql from there.

This has all to do with a hole in the forgot password script. Which is why i got the email. He changed my password, not any cookies.
 
Also, for you thinking the box got r00ted, it did not. I ran checks immediatly afterwards. DC is checking now, but they just believe it was a bug in IPB.
 
Ahhh, gotcha. When we had the last gallery at SP someone was able to use a hole in it to craft a url to grb my cookie. He then logged in as me and posted in the Admin section what he had done. Luckily, he was not a malicious user. He works with a group of individuals who go around and exploit things like this to let Administrators know how serious it is. He told me what allowed him to do it and explained it all to me. He asked me where I got the gallery so he could contact the maker. That was when we took the gallery down. We dodged a bullet that time. He could have really caused some problems.
 
Can't actually:

This post is a duplicate of a post that you have posted in the last five minutes. You will be redirected to that thread.
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back