Notices |
Hello!
Either you have not registered on this site yet, or you are registered but have not logged in. In either case, you will not be able to use the full functionality of this site until you have registered, and then logged in after your registration has been approved.
Registration is FREE, so please register so you can participate instead of remaining a lurker....
Please note that the information requested during registration will be used to determine your legitimacy as a participant of this site. As such, any information you provide that is determined to be false, inaccurate, misleading, or highly suspicious will result in your registration being rejected. This is designed to try to discourage as much as possible those spammers and scammers that tend to plague sites of this nature, to the detriment of all the legitimate members trying to enjoy the features this site provides for them.
Of particular importance is the REQUIREMENT that you provide your REAL full name upon registering. Sorry, but this is not like other sites where anonymity is more the rule.
Also your TRUE location is important. If the location you enter in your profile field does not match the location of your registration IP address, then your registration will be rejected. As such, I strongly urge registrants to avoid using a VPN service to register, as they are often used by spammers and scammers, and as such will be blocked when discovered when auditing new registrations.
Sorry about all these hoops to jump through, but I am quite serious about blocking spammers and scammers at the gate on this site and am doing the very best that I can to that effect. Trust me, I would rather be doing more interesting things with my time, and wouldn't be making this effort if I didn't think it was worthwhile.
|
Board of Inquiry® This forum is provided exclusively for the discussion of specific persons or businesses in the herp industry. |
03-10-2003, 04:47 PM
|
#51
|
|
I will try to put this in simple laymen terms and not panic people, but I think it is important that people, who do not understand how sites, servers and security work and know what hackers can do with this information.
I ran a test on this, so know its possible, this is not theory. From my computer I connected to a local server. This server is setup exactly the same way as it would be if it were publicly accessible on the Internet. I was using a regular user account and was able to get basic access into that system. Even "basic" access exposed a lot of potentially sensitive information (E-Mail records, etc.).
From that, we were able to expand the access which we had to the system, eventually upgrading to the "root" account, which is the administrative account on the system - the one who has TOTAL access to everything on the system.
I then could look at all information on that system, including information stored in the MySql data base which included, email address, Ip address, Date of Birth(if added by the user @ registration) location, website info(this is significant if they have a online business) complete private messages (PM's) that had been sent from any user to anyone else!! (Information that can also very quickly be accessed via the web by an authorized administrator), and encrypted password hashes. Those we could run on a program to match encryptions and get matches on passwords!!
These encrypted passwords are, by themselves, useless. They will not work to gain entry into the forum, and are useless on other sites that might be using the same password. However, there are many applications available for brute-force password cracking these lists in as little as a few minutes. Any search engine will direct you to the programs that can break the encryption........With a userbase of over a thousand users, some of them are bound to be using very commonly used, and easy to guess, passwords. Even if more complex, they can be gained.
Wordlists containing commonly used passwords are available even more freely than the software they're designed for, and they're updated constantly. These wordlists can be ran against an encrypted password file and complete it a matter of hours. You may not have access to all the accounts on the system with this method, but you should have a fair amount. and chances are, many of these people will have login details common to something of importance like PayPal or eBay.
Even without a word list of commonly used passwords, some of the brute-force cracking applications are able to sequentially generate a series of words & combinations. For example: If you were only allowed numeric passwords on a site, the software would start at "1", and work its way up to "99,999,999", or whatever the maximum number of characters allowed is. This would run through in a relatively short space of time, and reveal the password of every account on the system. Due to the fact that upper & lower case letters, as well as symbols (such as !#@$, etc.) are allowed in passwords, it may take a little while for this process to complete. But it is possible and only as slow as the computer(s) running them.
Information accessible is able to be downloaded to the hacking computer and used to "test" access to passwords then in turn if the same passwords are used on the paypal accts or ebay accts of those users...... boom, I have access to them and their funds or ordering.
Bottom line...... if you use the same password on here as on any commercial site, paypal, ebay or anywhere you may have funds stored or the ability to buy/sell..... CHANGE IT. Do not use any mutual passwords on those accts, or email accounts.
The real beauty of this, after accessing the root I was also able to go in and remove all info of me accessing it , so no one could ever be aware of it or was there any record left behind of me being there and what I did.
PLEASE NOTE: This was done with consent of the other party, no illegal activities took place, nor was anyone's privacy violated
If I wanted to target something to exploit for financial gain, I would look for a site of heavy registration of users, finding one with classified would tell me they have money flowing somewhere between users and add in the fact I could also get their REAL NAMES to use, which opens a whole other can of worms for me to exploit.......... makes me wonder that this site was a random act or a very smart gathering of potential information that could be profited from with little effort.
Before anyone ask, NO, I did not hack FC or know who did.... I was concerned about some questions raised here and the answers provided and wanted to test something to know the answer.
|
|
|
03-10-2003, 05:25 PM
|
#52
|
|
Security Test
I am posting a link for a free security test on your personal computer. This has always been a reliable test. This is for windows only.
https://grc.com/x/ne.dll?bh0bkyd2
Even if you think your firewall is working it always pays to check it.
Someone has tried to access my checking account 38 times as of 4 pm est this afternoon.
Candy King
|
|
|
03-10-2003, 08:25 PM
|
#53
|
|
Quote:
Originally posted by Axe
Yup, like I said, it's doable, but certainly not worth the hassle.
|
And most importantly - don't use anything made by microsoft....
Joe Monahan
|
|
|
03-10-2003, 08:31 PM
|
#54
|
|
lol! that reminds me of a guy that does Security checks for website to see how hackable they are..... if he can hack em, he leaves them a nice big picture of a penguin as a calling card as their front page along with a message "do you really want to trust your website to software that is this easy to hack? USE LINUX
I thought that was so funny
|
|
|
03-11-2003, 12:40 AM
|
#55
|
|
I love it, I can’t believe you people really honestly believe what people say here. You people sure must trust every word out of these people to not research anything.
“Jees people, calm down.
This was just a random hack done by a bunch of cretins in Europe somewhere. They picked an IP address of a server (mine!) that was using an older version of CPanel and just did a minor inconvenience. It was not anyone specifically attacking THIS site.”
Rich Z you are hilarious. I would love to see your proof because I’m not one of your sheep that follow your garbage that is placed in front of me. That link has nothing to do with who the hacker is.
And Ritchie the one everyone love’s to believe at face value.
“Here are the best things I know.
1. get a good antivirus (Norton?)
2. get a good firewall software (Zone alarm) EASY to figure out...even a dumb ### like me
3. some hardware comes with its own firewall (routers?) this stuff is harder..definately not for me. Leave this stuff for the computer people.”
You got to be joking, cause I know you don’t lie, right?
Wow what a false sense of security. You people truly believe too much at face value.
Here’s a hint people the Hacker is from the United States, not Europe. That is pure BS.
And to show you people who it is, I will say a few more things about your hacker. I do know he is a white person, age around 15 and the last letter of the State abbreviation is I.
Let’s see how long it takes you people to figure it out.
Clock start’s now.
P.S. It wasn’t me, nor have I had any involvement in it. I just find it interesting!
|
|
|
03-11-2003, 12:52 AM
|
#56
|
|
You had nothing to do with it, yet you seem to know so much about the person who you claim did it.
|
|
|
03-11-2003, 01:01 AM
|
#57
|
|
Yup
|
|
|
03-11-2003, 01:09 AM
|
#58
|
|
HUMMMMMMMMMM
In a lot of cases, someone who has info (specific) about something important ends up knowing a lot more then they first let on!
You seem to be hinting you know more then what you're letting on.... or maybe you are just seeking attention and trying to pick a fight with the two fauna members you mentioned by throwing in some rather weak punches?
Try wetting the paper bag next time Mario, you might punch a hole through it!
|
|
|
03-11-2003, 01:11 AM
|
#59
|
|
Lol, I like that one. Here’s more info to see the suspicions fly.
His hair style. It’s short and he where’s it in a spike.
|
|
|
Join
now to reply to this thread or open new ones
for your questions & comments! FaunaClassifieds.com
is the largest online community about Reptile
& Amphibians, Snakes, Lizards and number one
classifieds service with thousands of ads to look
for. Registration is open to everyone and FREE.
Click Here to Register!
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -4. The time now is 12:18 PM.
|
|