Powerbasic Museum 2020-B

who is "peter motte" ?

he's probably responsable for randomless changing (to very exponential) changing the karma points from a lot of programming people here from yesterday night to this morning. I think he has hacked the forum. He's whole time present this morning at the board. I am freebasic and thinbasic user. I think that's not fair to all the good programming guys here and jose did a great job with sharing free programming knowledge about headers and pb examples. I not like this kind of attacking this forum, because it's a serious board for engaged powerbasic programming guys. "peter motte" is still at the board while sending this post.

maurice fischer (newbie)

Hello!

At first i'm very sorry about the trouble, but at the moment i don't know whats going on my computer. It's probably a trojan virus or a hacker who hacked my wifi and my machine, and stole my username and password. I also not known the cause why he or she is braking my system. At this time i isolated my machine from the network while i can realize what's is going here. This time i cant do more just say excuse me about the trouble i caused. If i know more i write here about the incident.

Peter Motte

Well, no doubt someone is trying to hack the forum. We have had already near a million of error logs today of the type

Guest
http://www.jose.it-berater.org/smfforum/index.php?action=verificationcode;vid=post;rand=dac3036e8604cc856989120c34cc9fba
2: in_array() [<a href='function.in-array'>function.in-array</a>]: Wrong datatype for second argument
File: /homepages/21/d38531796/htdocs/jose/smfforum/Sources/Security.php
Line: 820

and they continue coming.

Do they try to guess passwords or what is the target of such scripts?

I don't know too much about the script he used. I don't want to spend too much time to find out what he doing rather i tried to solve the problem. It looks like he disassembled my wifi password. And installed a keylogger to steal my passwords to some protected site and started a DOS attack to that sites thru my computers. I'm not a computer expert just a curious amateur, so im not sure. I just see a massive network traffic. So i cant tell too much:( Now i set MAC address filtering to wifi connections and and to my firewall too. I changed my SSID and switched SSID broadcast off and changed wifi security setting to be my network more secure. And reinstalled my 2 computers to be sure i dont have any more leak. I hope this not happen again, if yes i do legal actions, because in my country its a crime.

Jose showed me some error logs that he assumed could have been from hacking attempts.
I personally can't tell much other then there was a bag of rice in china, and people said that it fell down.

Maybe you can tell me more, because you showed the logs. What do you see what was the target of the attack? What part of the forum he tried to hack? As Maurice Fisher write only the karma was changed or he make other modification too? Sorry but i cant understand this: "I personally can't tell much other then there was a bag of rice in china, and people said that it fell down.":)

Mainly to security.php, probably trying to bypass the securities of the forum.

I hope hes failed! Can he make any harm to the forum?

Unless this latest version of the forum has an unknown security hole, not. But as he was sending so many requests per minute, we have spent many days with big delays to access pages. We even changed of server and from PHP4 to PHP5 by suggestion of the provider. When I finally could access to the error log pages, I discovered that there were more than a million.

BTW I have removed as many smites as I have found. This guy must have many free time in his hands, because for Charles Pegge he had clicked the smite link 65536 times. If somebody finds undeserved smites in his profile, please let me know and I will remove them.

Ok, then i calmed down a little bit. So, it looks like to me it was a simple DOS attack, that didn't reach his goal. Yes my tip is also that he is a jobless man with much time, but very futile knowledge. Making a DOS attack just because fun its just primitive and anyone can make it with a fast internet connection. My opinion is he dont make this attack by hand, like some hacking kit that he found on the net. I hope he never comes back.

So, guys excuse me because this thing, i feel my wrong too. I must be more distrustful to all people around me. Thanx for the patience to all, take up the good work!

Quote"It looks like he disassembled my wifi password."

" ... and started a DOS attack to that sites thru my computers."

"I just see a massive network traffic."

"Yes my tip is also that he is a jobless man with much time, but very futile knowledge."

"My opinion is he dont make this attack by hand, like some hacking kit that he found on the net."

"I must be more distrustful to all people around me."

To do this, he has to be living in the same house/apartment as you or your neighbour. You have a tip he is a jobless man.

So you know him!

Quote"...because in my country its a crime."

What are you waiting for? Do some justice!

I live in a 10 level block house where we have 44 residence. And about 20 wifi network. How can i tell exactly who was that? I cant ring the doorbell to all residence and ask "You was that f*cking asshole who cracked my wifi network?" And the other...here in my country the inoccupation rate is about 10-12 percent. So, its a true to the half of my house:) I dont have any logs what i can take to the police, so he's safe, at least for now. This time was more important to solve the problem than traceing the sinner. Now i have very deep traffic logging set, so if he tries again i get some evidence, what i can use to make justice as you wrote. But i truly don't want to discuss some incompetent policeman who cant make solution just more problem. :)

Pleae, anyone can tell me what is this karma thing? My karma is changed to -1. What does it mean?

Thanx!

A quick and anonymous way of showing appreciation of reprobation for what someone has posted. Users can click "applaud" or "smite".

Just checked my profile and I see my karma is at -5.  This will make my 14th post to the forums so I'm thinking that I couldn't have annoyed people that much.  :)  I'm not worried about it if this value is nothing but a display value.  If it affects being able to download stuff, then I'd be a little concerned.

Don't worry, it's just a display value, but can give bad impression to other users. I have put the smites to 0.

Quote from: José Roca on January 31, 2012, 05:28:38 AM
A quick and anonymous way of showing appreciation of reprobation for what someone has posted. Users can click "applaud" or "smite".

So, I hurt anyone. I don't know which my post was bad, so if anyone want to tell me anyone then im here... :)

I don't think you can smite yourself, because I tried.  Remember several months back someone found one of my tutorials useful concerning inter-operating between C and PowerBASIC.  However, I had inadvertently forgotten the __cdecl calling convention on something.  Now, I know better, but just missed it.  Edwin spotted the error.  I felt bad about it and felt that I deserved to be smitted, or should I say smote?  Not sure of the English.  Anyway, I tried to give myself the smite I felt I deserved, but nothing happened.  So I decided to give Edwin an applaud for catching my error.

It sounds to me like the person who has caused all this grief is quite adolescent.  It looks to me like Jose and Theo have suffered greatly from this.  It is clear that there is evil in this world of ours.

He is still trying to access random pages each 5 minutes. Must be using an automated script.

Guest
IP address 66.249.66.203 
Today at 08:56:27 PM
e0d0abcf0325dcf309b5d7723512c2ae
http://www.jose.it-berater.org/smfforum/index.php?topic=1874.0;prev_next=next

unless something has recently changed... a hacker can spoof the IP address ... the calling IP is sent by the calling program

Jose, I've got a good connection here right now... do you need any help backing any of the site up ? ... if so .. which forums ?...

I'm having also a good connection now. I have just made a backup of the entire database without problems. It is an intermitent problem. Sometimes it goes very fast and others very slow.

 ;D

Quote from: José Roca on January 31, 2012, 09:05:57 PM
He is still trying to access random pages each 5 minutes. Must be using an automated script.

Guest
IP address 66.249.66.203 
Today at 08:56:27 PM
e0d0abcf0325dcf309b5d7723512c2ae
http://www.jose.it-berater.org/smfforum/index.php?topic=1874.0;prev_next=next

But at least this is not my ip address :) And one page per 5 minutes is not a fast DOS attack, that the site can't deal... But it's still annoying :(

All that he is getting is this message: "Sorry Guest, you are banned from using this forum!".

SMF is php right ?

I've never tried this but why not just block the IP .. so it reduces sever time... ie

<?php$deny = array("111.111.111", "222.222.222", "333.333.333");if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {   header("location: http://www.google.com/");   exit();} ?>

and,  instead of using google for redirect use his IP...

see,  http://perishablepress.com/press/2007/07/03/how-to-block-ip-addresses-with-php/