I've just emailed SpankMe, but someone has just used my alias to make a post, the contents of which are complete bullshit and the language is certainly not what I use, neither are the sentiments. See the following post made at 1517: http://www.kiwibiker.co.nz/forums/showthread.php?p=388873#post388873. Interesting to note that the post and my subsequent rebuttal below have the same post number.

How the hell can this happen? It throws the whole security of the site into question, as well as the motives of the offender.

I suppose that I could have deleted it, but that's merely covering a potentially serious problem up.

Any ideas before I take it further? I take grave exception to this.

Cheers

Geoff

Thats horible to hear. I thought this site was a group of like minded bikers willing to go out of their way to help each other! Hope you grt to the bottom of this caper soon

Sorry if I upset SM - he can give me some bad reps if he likes but I'm downright wild.

Somebody must have access to your sign in, or have guessed it. Change it NOW!

Hopefully SpankMe can find what the problem is and sort it out.

Did you leave your computer on and someone has access to your computer while you were on signed onto KB either at work or at home?
When at work do you logout at the end of each day?

Have you ever handed out your password to anyone else in the past?

I did see the two posts....in question and thought it was strange.




PS: Can a moderator move this thread over to "Site Stuff" for 'Blackbird'

That is very strange.

Um on another note: WT wasn't able to log in on Sunday for a while - he got a message saying something about being locked out after 3 incorrect password attempts. So who out there is trying to log on under his name? Bit of a worry, eh?

How the hell can this happen? It throws the whole security of the site into question, as well as the motives of the offender.
I suppose that I could have deleted it, but that's merely covering a potentially serious problem up.Share your computer with another KBer? The person wasn't making a post of the "YOU ARE ALL FUCKING DICKS" style, so it doesn't look *that* intentional, but it bags the cops which may be not your opinion. I'm a rubbish programmer, and I make mistakes that could cause this sort of carry on. Ya know, not carrying the 1 type stuff :-) .
vBulletin seems to be a pretty fat pile of code, and it is easy to have a mistake or two in there that only crops up every 27,133 operations when the moon is full. Then you have the (I assume) DB, a filesystem or memory confuxion can cause this sort of carry on, though the 'box usually crashes very soon after. I've seen some really strange stuff when I was a sysadmin when memory goes bad. Just idle speculation here...

Nope - don't share computer with anyone else. Sounds like some unexplained errors do crop up from time to time judging by the experience of others, so have calmed down a wee bit now. Login details now changed - many thanks to those who have taken such a quick interest. Will wait to see if anything else transpires. The police may have a few dickheads in their midst but far less than the rest of society IMHO. If I've been nailed in the past, I've deserved it - end of story.

I can understand your anger at what was wrongfully attributed to you. :eek5:

Somebody must have access to your sign in, or have guessed it. Change it NOW!
heh. youll know all about that eh.


but my guess is the forums just glitched. with a forum this size things happen.

Blackbird - Just a thought, but how about either deleting that post or going into it and editing it all out. But leave a message stating why you have deleted/edited it out.

You know of anyone in any post that may have decided to be pissed off with you - bizarre though it sounds? Most people respond to a post before doing something stupid thereby creating a trail? I dunno just a thought. Nail their bits to the wall SM.

Whats the big deal :mellow: it's not that bad, lots of people dont like cops i'm sure you didnt break anyones heart with that post :Pokey: not mine anyway.

But thats not the point is it, hope it gets sorted

Change your passwords people - its the easiest method.
Also - you guys havent sold any PC's (over trademe etc), as i had a similar problem with MSN a while ago for that reason.
I dont imagine that someone would hack a TCP/IP connection for kiwibiker logins but hey who knows

Change your password and untick the box that keeps you logged in all the time. You'll have to login each time you want to post something, but it's way better than having some retard posting stuff as you.

Otherwise, SpankMe can grab the ip of who posted that message and see if it was in fact someone you work with (it will match other posts of yours from around the same time) or if someone hacked your password (ip will be completely different to yours around that time).

I'd also advise a major bout of antispyware/virus scanning. You might have a keylogger on that machine (funnily enough, I used to have 1 at my old workplace that I installed so I could find out when someone was being a wanker and using my machine for something).

Lastly, the server might have had a brain fart. Happens occassionally, but usually when it does happen, the person posting usually ends up posting as a Guest - which is impossible to do in theory. But who knows what happens when a machine brain farts.

...How the hell can this happen? It throws the whole security of the site into question, as well as the motives of the offender.That sucks Geoff! If it wasn't maliciously planned then maybe vBulletin inadvertently mixed up aliases somehow?? Hopefully site admins will be able to look at logs or summat to see what happened...keep us posted.


Matthew :spudwave:

SM might want to upgrade to VB 3.0.9. I notice that 3.0.8 fixed some exploitable XSS stuff.

I am not sure if this is related but my name appeared in a post of people who were attending a track day - the guy who posted it said he only listed people who had contacted him to say they were attending. I hadn't, didn't even know about the post until Saturday, and no one else uses my computer. WTF?

I am not sure if this is related but my name appeared in a post of people who were attending a track day - the guy who posted it said he only listed people who had contacted him to say they were attending. I hadn't, didn't even know about the post until Saturday, and no one else uses my computer. WTF?Hmmm...now that you say that Beemer I recall several times when my name is somehow added to the list of those attending certain calendar events, like the last track day, and so I remove it then refresh my screen and go back to the event to find my name has been put back on! So then i delete it several times and it miraculously disappears!!! I'm probably on one or more of the other future calendar events without my consent - naughty software!

Certainly mine is a glitch though, unlike the supposed counterfeit Blackbird's post!? :confused:

I thought Admin can see the IP address for posts?

Change your password and untick the box that keeps you logged in all the time. You'll have to login each time you want to post something, but it's way better than having some retard posting stuff as you.

Yeah what he said, if anyone else uses your pc they just need to click on the KB web page & they're logged in under you.

I know I've had that problem when using another KBers pc and then almost posting a message under their i.d.

I gotta notice in my e mail stating that my account at Kiwi Biker had been locked because someone had tried to log into the account with the wrong password 5 times. Then went on to say it had the following IP address 83.245.82.196

Doesn't mean much to me. I guess if it isn't a glitch, the person has worked out that my password is not bike related! :bleh:

I think we need to make this thread ATT Spank/wari--given it isn't just one Kber who has had this issue and also given so
meone is out there attempting to hack KB accounts.

I only just rejoined and all hell breaks loose, there is NO CONECTION, ok? :mellow:

Feel your anger BB. I'd feel the same way. If they can hack your KB log-in, then what is stopping them from doing that with more senative log-in's?

Hope it get's sorted, and if there's a "Perp", that they get major finger burn:argh:

Feel your anger BB. I'd feel the same way. If they can hack your KB log-in, then what is stopping them from doing that with more senative log-in's?

Hope it get's sorted, and if there's a "Perp", that they get major finger burn:argh:

nothing stoping them from more sensitive logins... however it could have been a hack specific to KB as a website.

And web caches at ISP's are know to do that in the past.

vbulletin cant mix sessions, its impossible php uses dynamic memory not static it was either a hack attempt or someone got your password, or maybe someone spoofed your id, your browser (EXACT VERSION) then it would happen as vbulletin builds session md5 crypts based on ip and browser.

or maybe you did post it?

vbulletin cant mix sessions, its impossible php uses dynamic memory not static it was either a hack attempt or someone got your password, or maybe someone spoofed your id, your browser (EXACT VERSION) then it would happen as vbulletin builds session md5 crypts based on ip and browser.

or maybe you did post it?

So -John - WHEN ARE YOU GOING TO LEARN TO SPEAKA DA INGLISH?

He's speaking geek. We understand him.

The sessions can't corrupt ech other's emeory space. But if the database had a corrupt index it could screw up the user attribution. Doesn't have to be an error in memory.

or maybe you did post it?Have met Geoff. Not his style, Johnboy. You're not too old or too far away to have your ear clipped, Sonny:msn-wink:

He's speaking geek. We understand him.

The sessions can't corrupt ech other's emeory space.

Err so what is that sentence geek speek for?

Yep, had the same thing.

Couldn't log on the other day because apparently I'd used my 5 login attempts. Then got an e-mail saying that IP address 203.109.252.198 had tryed unsuccessfully five times to access my account.

This obviously worries me as I can make a big enough cock of myself without some other tards help.

Yep, had the same thing.

Couldn't log on the other day because apparently I'd used my 5 login attempts. Then got an e-mail saying that IP address 203.109.252.198 had tryed unsuccessfully five times to access my account.

This obviously worries me as I can make a big enough cock of myself without some other tards help.

Whois results for 203.109.252.198



Search results for: 203.109.252.198


OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

ReferralServer: whois://whois.apnic.net

NetRange: 202.0.0.0 - 203.255.255.255
CIDR: 202.0.0.0/7
NetName: APNIC-CIDR-BLK
NetHandle: NET-202-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: NS-SEC.RIPE.NET
NameServer: DNS1.TELSTRA.NET
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse


Not much help I'm afraid, not a person specific IP. But does imply that it's someone in Oz.

Err so what is that sentence geek speek for?

It's geekspek for "My keybord is buggered since I tipped V ll over it. the letter before b doesn't work nd I hve to enter it with LT-097 or ALT-065"

Yep, had the same thing.

Couldn't log on the other day because apparently I'd used my 5 login attempts. Then got an e-mail saying that IP address 203.109.252.198 had tryed unsuccessfully five times to access my account.

This obviously worries me as I can make a big enough cock of myself without some other tards help.


person: Ketan Anand Lal
address: 127-131 Newton Rd.
address: Newton
address: Auckland
country: NZ
phone: +64-9-3592767
fax-no: +64-9-3581518
e-mail: anand.lal@ihug.net
nic-hdl: KL47-AP
mnt-by: MAINT-KAL-PER
changed: sohail@ihug.co.nz 20000918
source: APNIC

I won't ask how you got that.

person: Ketan Anand Lal
address: 127-131 Newton Rd.
address: Newton
address: Auckland
country: NZ
phone: +64-9-3592767
fax-no: +64-9-3581518
e-mail: anand.lal@ihug.net
nic-hdl: KL47-AP
mnt-by: MAINT-KAL-PER
changed: sohail@ihug.co.nz 20000918
source: APNIC

Tiz not the end users details, that's the contact details for iHug....

Have met Geoff. Not his style, Johnboy. You're not too old or too far away to have your ear clipped, Sonny:msn-wink:
I am still wondering if I would enjoy this?

Yep, had the same thing.

Couldn't log on the other day because apparently I'd used my 5 login attempts. Then got an e-mail saying that IP address 203.109.252.198 had tryed unsuccessfully five times to access my account.

This obviously worries me as I can make a big enough cock of myself without some other tards help.

Operating system - Windows 2000.

Firewall - Wingate proxy server.

AOL?

That was fun.

erm, its a proxy server - that proves nothing it just proves that someone with Ihug broadband did it, WT are you sure you just didnt fuck up your login?.

hell even GOTO the site http://203.109.252.198

erm, its a proxy server -
hell even GOTO the site http://203.109.252.198

Have you used Wingate before?

I am still wondering if I would enjoy this?Tell you what I'll give you a good clip around the ears and then you can tell me if it does anything for you:devil2:

OK Ixion and other esteemed I.T techos, help me out with this please...

After yesterday's trauma, I ran every piece of spyware I have and whilst most of them didn't show anything, Ad-Aware came up with the list shown on the attached gif when I ran it on my wife's account on our PC.

This is what I'd like explained in non-techo speak please... Sometimes, there is a visual cue that a piece of spyware has been intercepted whilst browsing. There certainly wasn't any warning about the ones shown. They show up in IE cache - am I at risk with them being there? Has Ad-Aware failed to block them and simply detects them when I run it? They have been removed now.

I hope I'm not asking completely dorky questions - I'll bet there's some other people who maybe wonder the same thing **blush**

Cheers

Geoff

they look to be site cookies (advertising cookie data trackers that are used on more than one site, they share them so that they collect all your browsing habbits), not often a problem on any occasion - but can be stolen by other sites if the cookie isnt secured well enough - vbulletin doesnt really encrypt the cookies that well, but always clear your cookies and cache regularly.

It would seem asthough someone either did a session steal hack, I dont know what verson of apache this site is running, I assume it does and cant be bothered looking but there was a apache right through mod that let people steal sessions just by doing a simple url buffer overflow...

SO my advise to you is, get the latest ad-aware definitions file, run that delete everything that it comes up with - then change your password to something longer and more complexed using both [A-z] and [0-9] characters, as this will make cracking a longer proccess if that was indeed what happened, and as a general keep passwords longer than 10chars.

On another note, go here (http://www.mvps.org/winhelp2002/hosts.htm) to find out howto stop getting ads and bad cookies/spyware forever, I've been doing it ever since windows 98 works a charm.

Thank you John - appreciate it. You veered dangerously close to techno-speak but I will forgive you as you have been so helpful. As I'm charitably disposed because you were so helpful, I shall plead with my good friend Rider in Black to refrain from nipping round and giving you a clip round the ear - I assure you you won't like it if he did. :whistle:

Cheers :niceone:

Geoff

Thank you John - appreciate it. You veered dangerously close to techno-speak but I will forgive you as you have been so helpful. As I'm charitably disposed because you were so helpful, I shall plead with my good friend Rider in Black to refrain from nipping round and giving you a clip round the ear - I assure you you won't like it if he did. :whistle:

Cheers :niceone:

GeoffYep, gave John a "greenie" and a big wet soppy kiss for that (personally I'd rather have clipped his ear).

I really would preferr a clip around the ear... sigh...

but that kiss wowza. that just did it for me.

On another note, go here (http://www.mvps.org/winhelp2002/hosts.htm) to find out howto stop getting ads and bad cookies/spyware forever, I've been doing it ever since windows 98 works a charm.

ermm smart... smart... on another note... don't do it on your work computer people.... might break something

ermm smart... smart... on another note... don't do it on your work computer people.... might break something
ah true good point, if you still want to just copy the original content of the hosts file on your computer into the one that you download, and it will be cool as.

If any of you who have been 'hacked' are using KB from your work and are connecting to the net through a proxy server (especially wingate), I would suggest telling your IT Administrator to clear the proxy server's IE cache. This is happening at work where you'd open up the Microsoft evaluation page for example and get someone elses login.

If any of you who have been 'hacked' are using KB from your work and are connecting to the net through a proxy server (especially wingate), I would suggest telling your IT Administrator to clear the proxy server's IE cache. This is happening at work where you'd open up the Microsoft evaluation page for example and get someone elses login.

Crikey, all this great info coming out shows what a minefield the IT world is. Thanks for the initiation!

Geoff

Word of advice about Adaware, and some other spyware programmes. Some of these companies (including Lavasoft - creators of Adaware) actually de-list spyware distributed by company's that pay Lavasoft a royalty. In other words Adaware, amongst others, are pretty shite. I recommend looking at packages such as Spy Doctor, but use Adaware and Spybot as well.

The bottom line - as always - if it's free, it's free for a reason, if it's cheap, you get what you pay for.

On another note, go here (http://www.mvps.org/winhelp2002/hosts.htm) to find out howto stop getting ads and bad cookies/spyware forever, I've been doing it ever since windows 98 works a charm.


i run a hosts file also.. i have a pretty complete file ( made in conjunction with a few spy/ ad/ cookie/ etc utilities)..

am happy to donate a copy to anyone who needs it .. my browsers dont get many adverts, no spy cookies..pop ups.. nothin i dont want at all..

i run a hosts file also.. i have a pretty complete file ( made in conjunction with a few spy/ ad/ cookie/ etc utilities)..

am happy to donate a copy to anyone who needs it .. my browsers dont get many adverts, no spy cookies..pop ups.. nothin i dont want at all..

Ill take that. handy in my proffession.

Word of advice about Adaware, and some other spyware programmes. Some of these company's (including Lavasoft - creators of Adaware) actually de-list spyware distributed by company's that pay Lavasoft a royalty. In other words Adaware, amongst others, are pretty shite. I recommend looking at packages such as Spy Doctor, but use Adaware and Spybot as well.

The bottom line - as always - if it's free, it's free for a reason, if it's cheap, you get what you pay for.
I gave adaware & Spybot the flick. Using a-squared, which seems to do the best job all rolled into one. And it's free.
http://www.a-2.org/en/software/free/