my forum account was hacked by TIX
and I am not going to change my password because I don’t fucking care haha
my forum account was hacked by TIX
and I am not going to change my password because I don’t fucking care haha
hmmm, makes Sense. >:]
Haha, hey
Who the fuck is TIX?
Who is Erabilly?
Why do we care if he got hacked by TIX?
WHAT IS THE POINT OF THIS?!
[QUOTE=Agret;4563]
Who the fuck is TIX?
Who is Erabilly?
Why do we care if he got hacked by TIX?
WHAT IS THE POINT OF THIS?!
[/QUOTE]
true story, what is the point? :]
only ceiling cat knows…
Erabilly is Mafukie
[QUOTE=Agret;4563]
Who the fuck is TIX?
Who is Erabilly?
Why do we care if he got hacked by TIX?
WHAT IS THE POINT OF THIS?!
[/QUOTE]
My forum-profile says the same and my email was changed to “[email protected]”. Dunno by whom and for what purpose.
Joey should look this up. He knows how vBulletin works.
Users that has been “hacked”:
216 - Hacked by Tix + oh8
218 - Hacked by Tix 6/13/08
238 - Hacked by Tix
280 - Hacked by Tix
521 - hacked by Tix & oh8
lol @ Cadavre you got haxed
216 - Hacked by Tix + oh8 <— lol
rofl @ Downsider you got haxed
521 - hacked by Tix & oh8 <— rofl
Onoez!!! Plz No Hax Meh!!!
[QUOTE=Erabilly;4610]Onoez!!! Plz No Hax Meh!!![/QUOTE]
wtf?
[QUOTE=MNSTRSPN;4604]
lol @ Cadavre you got haxed
216 - Hacked by Tix + oh8 <— lol
[/QUOTE]
[QUOTE=oh8]
hi, BallinGraalin you made a site containing a hell alot of information, pretty fuckin sweet. I took adventage of this once I found it, and I was globally bant left with Thor + Masterstorm, doing research “I think”. He started askin around for the list. I just have a few questions, 1. How were you getting them all, Bruteforcing?, 2. Do you have a better place to talk “AIM?”/“MSN”?.
oh8
[/QUOTE]
lolz
I had a web server running with graal files on it, I gave it to like three people specifically telling them NOT to tell anyone else about them, it did have some nearly year old password lists on it all of which were from way before Graal Reborn was even created and I think they came from anti unixmad. You would not believe the access logs and unknown ips I have gotten since then, it looks like several proxies, bots, and brute force GET commands on files I dont even have…
Yeah I didn’t bother changing the pass so whoever has my account pw still has it haha. I never trust 3rd party graal sites so I use passwords that are semi insulting to people who get the passwords by creating password stealing sites such as this one. This accounts pw is fuckyou, I could care less if someone takes over it. Shitty fucking graal sites, no wonder why GO doesn’t want people to go to peoples graal sites.
everytime i use the same pasword, if someone finds it out, great, he has now access to all my free accounts :V
Alright let me explain what ‘PROBABLY’ happened. As you all should know by now (since we’ve been TRYING TO TELL YOU GUYS FOREVER - I’m disappointed in you Cadavre), the graal client < 2.19 sends the clients passwords as raw data. Due to this, anyone who wants to log the incoming passwords by changing 2 lines could do so. This is pretty much non-preventable which is why we made the second password for the serverlist.
All Graal Reborn passwords are double-md5ed with a salt (we use the method vbulletin uses: md5(md5(password) + salt); With that said, we recommend using two seperate passwords for graal reborn and the graal account.
The only graal reborn servers i can 99% gurantee are safe (don’t know if beholder and nalin have dark sides :p) would be Sentinel and Waffles.
On the bright side, I’ve been working with Angelscript lately to try to implement a script engine in my own game client (which will most likely be ported over as an npc-server when completed :D)
yay!
In which if that occurs we’d be able to do so on a later version such as 2.31 :P.
Anyway, it was Spooon – he’s been banned, and in a bit I’ll go ip ban his subnet.
[QUOTE=Joey;4631](since we’ve been TRYING TO TELL YOU GUYS FOREVER - I’m disappointed in you Cadavre), the graal client < 2.19 sends the clients passwords as raw data…[/QUOTE]
I fucking know that it sends the password as rawtext, I knew that before you. My password has not been stolen. My graalacc-pass is not the same as the forumacc-pass. So FUCK YOU. I just tried to tell you that there’s a security hole in vBulletin and you stupify me. Thanks.
[QUOTE=Nalin;4632]The only way it could be prevented is if somebody like Karsten is somehow able to hack the 2.171 client to take command line arguments to auto-connect to a specified ip:port.[/QUOTE]
He already makes it connect to the listserver by filling in your username & password into the box and bypassing it.
[QUOTE=Nalin;4632]Then I could program in a launcher application that works with the list server to generate a custom salt value and md5 + salt your password before sending it to the gserver.[/QUOTE]
Can already do that, just make his loader set your password box to a md5 + salt of your password and change the listserver so it checks if your pass is a md5 + salt AND if it is just plain-text so it won’t break old client and it will support new client. You’ll have to change gserver to accept both too, it’s not an impossible task and is quite easily implemented as-is. Only problem is you won’t be able to connect to servers run by people with outdated servers.