Anyone else getting this when going to the main page?
Printable View
Anyone else getting this when going to the main page?
Yea, same story. Something going on.
Yes, I am getting that, too. We're paying for our sins. I finally managed to get through to SRP, though. I'm sure the administrative team is on top of it.
Have to get Lynn to get the drones out of the garage and go for a seek, find, and destroy mission. :gwh:
Yup - was reading some post, clicked on another one, the site went dark, refreshed, and there was the hacker screen.
Did a brief search and found a YouTube page where the guy seems to be taking down a music site here:
https://www.youtube.com/watch?v=xYVkI8Rdg5w
Once upon a time, I would've wiped his hard drive after disabling his keyboard and mouse, downloaded most of his contact list and data and had fun with him for a few weeks, but that is not the path of light!
Good job, site was brought up very quickly and the, "Under Maintenance" notification was quickly as well - good job to all those involved in bringing back the biggest AD of all - SRP!
I hate their manifesto bullsh*t.
You and your legion of "hero's" took down a shaving forum.
I bow down to you oh glorious master....
It was down for a couple hours... Not like you took down Fort Knox.
How nice of them to tell us we need to patch our site :rolleyes:
Oh... drama...
Yeah. The all powerful 'legion' of elite hackers ran a downloaded script against a piece of software they assumed was vulnerable.
How wonderful. And they proved they have the skills to perform a 'hack' that was how-to'ed on youtube.
Woot!
"Expect us'...
Ok. Not the Spanish aquisition then :p
Yes, this was annoying, but no, hardly any leet hacking skills involved.
And I know for a fact that actual skilled hackers do not go for this kind of silly grandstanding on insignificant websites like ours
Exactly - this is a kid who got his hands on a package and simply found this site with a little hole in it and cut and pasted his way in...I let a few of my old buddies know and we'll see if he posts anything about his stellar hack of the evil shaving site...afterall, he did hit a music site!
Very lame, and I agree, no skills involved at all...
edited to add:
this appears/may be him or his tag:
https://www.youtube.com/channel/UC1a...UicCClD01qx9kw
LOL l "look ma, my first script(taken from youtube)I am a bad @$$ hacka now"
It was an exploit in a orphaned software we still use for legacy reasons and we missed a security advisory because an email address wasn't updated to our current one. (It's nothing like the youtube video that was posted where they access the full server.)
It's a silly hack - replaced the home page with a different one, nothing else was compromised (we have a reasonably good security to prevent big bad things.) They left large footprints in the process so it wasn't anybody moderately knowledgeable (there are ways to leave much smaller footprints for this specific type of attack.)
Trivial to restore as well but we had to make sure the exploit was closed, verify the extent of the compromise and double check that everything is fine before allowing everybody back in again. And that takes time regardless of the reason for doing it.
Well a big thank you to all of you that give the time to keep the site up and running.
Yes, thank you for the quick fix.
Not going to lie, it made me think of a number of things, not the least of which was:
https://www.youtube.com/watch?v=BlTZyHV0kAY
Glad we have volunteers active, skilled, and willing enough to make same day repairs like this. thanks gugi and whoever else may have helped
Don't worry, they read your post few minutes after you posted it. Not the sharpest tool in the shed as they've been trying to re-run the exploit all day long even though it clearly was gone within few minutes and wasn't coming back. That's why I waited until 8pm before posting here, wanted to confirm they're as dumb as they appeared to be.
Well, I'm not remotely computer savvy, so you and Phrank scare me. Phrank I'll try to remember never annoy you.
Gugi, if you'd like, I can take them out with the Amish virus!
Attachment 199403
Missed this one...
Cheers to all for getting onto it. I feel vulnerable and threaten by the int3rwebz0rs
Considering that just last week my brother had his computer bit by cyrptohackers, I worry about this sort of thing. I'm glad you guys have the skills to fix/restore/repel people like this.
I would be at a total loss if any of it ever happened to me.
Kudos gents, for being smrter than the average bare faced shaver.
Wonder if it is possible that one of them might just get interested in the rogue community of retro shavers and become a convert?
When I came to the site all I saw was the 'down for maintenance' message. I guess I missed the 'fire sale'.
:matrix: :jedi: :matrix:
FYI, they may be continuing to try. I received a notification yesterday morning that an IP address traceable to the Computer Science department of Southeast University, China made attempts to access my account.
Oh, and I'm back, by the way! Hello, Gentlemen, long time, no see! How is everyone?
I'm with ya phrank.. How about the thirteenth day of the thirteenth month ? :tameshigiri:
And later posts way its from China, maybe they are tired of electric and want learn how to use a straight razor, so they came to the Jedi master .. SRP. :beer2:
Did a brief search and found a YouTube page where the guy seems to be taking down a music site here:
https://www.youtube.com/watch?v=xYVkI8Rdg5w
Once upon a time, I would've wiped his hard drive after disabling his keyboard and mouse, downloaded most of his contact list and data and had fun with him for a few weeks, but that is not the path of light!
Good job, site was brought up very quickly and the, "Under Maintenance" notification was quickly as well - good job to all those involved in bringing back the biggest AD of all - SRP![/QUOTE]
Ooh and they're elite, we should be honnord to be hacked by such talent.
Hmmm wonder if anyone told them division by zero causes error....... So they are error.....
Geek
On a side note; this may actually be part of something more serious than many of you realize. Sure, we're just a straight razor discussion forum. Small fries, right?
Thing is, most people (even we IT folk that supposedly know better) reuse passwords. Your password -- and email! -- you use on this site may be the same across potentially dozens of richer, higher value targets. Getting a round of passwords and email addresses for this site may in fact yield access to bank accounts, credit reports...or even high-value corporate targets.
However, the fact that they were unable to get into MY account (is there any sign they cracked anyone else's?) indicates that they failed this time and the best they could manage was to vandalize the front page. Hardly elite hacker stuff, that, but we also shouldn't be blase about the fact they targeted THIS site instead of something with potential of value.
S*hhhhh, re-using passwords is a trade seceret :-) and recaptia is not that big of a deturent anymore.
The passwords are stored encrypted with salts, so they are not accessible by hacking into an account. The database where the encrypted values are stored is also not accessible through the exploit they used to replace the homepage.
The passwords and the salts were accessible on any forum that used tapatalk last year for several months. I patched it on SRP within hours of that buggy version verified nobody had tried to access the leaked data, but tapatalk didn't fix it for a long time so many other forums were exposed without ever realizing it. Still, unencrypting passwords isn't that easy and takes resources.
The login attempts that have increased in the past few months are completely different - they are probing for weak passwords by brute force. We block these after 5 unsuccessful attempts and send notification. It happens on every forum where the login names are publicly visible from the posts, except that most forums chose not to send notification to their members and if they do the block they do it silently.
We send the email notification because it's an enhancement of the security - few people have emailed us back that they have updated their password as a result, which is a good thing.
Thanks, that's what I was expecting to see for security.
Just throwing my two cents in
If a cracker wanted to do something, there's not much most people or institutions could do - period. A good hacker, worth his salt, you wouldn't even know they were here unless it was designed that way. A good virus is not designed to commit suicide unless it's work has been completed, but to potentially mine data and self-propagate.
Gugi has more knowledge in his toe-nail clippings than this dweeb who took down the homepage for what, two hours with a bad cut and paste job where he left his signature on it?
My thoughts exactly. And about the same week (maybe two weeks later?) hackers cracked/stole emails and passwords from computers in a wing of the Whitehouse, I believe it was the press wing? I might be a little fuzzy on those details... I've slept since then lol. But thats close to what the news was saying.
Anywho. I remember the news blurb mentioned that wasn't considered a classified system, so there wasn't a risk of sensitive documents being leaked. As you said, access to that system likely wasn't the goal. They were more than likely after account info that lazy people recycle, and have access to higher level systems. For example... an I.T. guy that might manage multiple systems in the WH.
Hillary Clinton and many other politicians private email servers, IMO, are a staggering breach of security IMO. Hillary Clinton, whom I quite like, as the Secretary of State of the United States of America, deleting a server full of emails, years of communications, with no ability to actually find out what she had been discussing or with who, let alone the lack of security, logs, audit trails, is absolutely beyond my comprehension that this occurred, and am surprised this isn't a major scandal in the US.
This one just baffles my mind in it's sheer stupidity and arrogance...
So you like the Hilllabeast , yet abhor her tactics? Or, do you abhor the thing and also abhor the tactics? A bit confused. Not really, though! :rofl2: