:2thumbsup

Personally, I quite like the colour scheme (http://www.sportsbike.co.nz/).

*sniff* :(

WTF's up with that? :wacko:

Bugger... thats gotta suck

Lol, that sucks...

Maybe you should save up some more money and host all your sites on a mac... :whistle:

HA, sorry Quasi. :)

It's only a homepage hack. No damage would have been done.

Time to check what ports are open on the server and how old the software versions are running behind them.

lmfao

pwn3d

Thats beyond me, ports open ???
Might be something to do with me abusing some fucking arab spammer telling him I was going to get Jihad on his Muslim Arse ?

No worries will be up soon............. i hope

bugger but lol as well

Thats beyond me, ports open ???
Might be something to do with me abusing some fucking arab spammer telling him I was going to get Jihad on his Muslim Arse ?

No worries will be up soon............. i hope


You got bent over. :devil2:

Isn't it embarrassing for the hackers - advertising the fact that they can't even fuckin' spell! :rofl:

Thats beyond me, ports open ???
Might be something to do with me abusing some fucking arab spammer telling him I was going to get Jihad on his Muslim Arse ?

No worries will be up soon............. i hope

You hold him down, i'll light his turbon on fire...:devil2:

You hold him down, i'll light his turbon on fire...:devil2:

Hes not a giant joint ffs.

Lol, that sucks...

Maybe you should save up some more money and host all your sites on a mac... :whistle:

Yeah, 'cos Macs are unhackable...

no11eIx0x6w

Yeah, 'cos Macs are unhackable...

Ha ha! Yeah, oh so safe Gone in 2 minutes: Mac gets hacked first in contest (http://computerworld.co.nz/news.nsf/scrt/E0DD4B48DEF28C9DCC25741A0013F879)

It's only a homepage hack. No damage would have been done.

Might be something to do with me abusing some fucking arab spammer
Why would it only be a homepage hack. Im not farmiliar with the sportsbike forum but theres probably a nice database of emails for this spammer to harvest.

And to all who share passwords between the hacked site and anything(email). You should change that password, asap.

"On Wednesday no one was able to hack the computers, so on Thursday the hacking got easier and the prize money was halved."

This is what the youtube video says. You state the mac was insecure, yet they had to drop the security for someone to get in.

Not telling the whole story here figjam.

Interesting point you make there Dargor. I take it VBulletin uses SQL? What's the level of security on a bog-standard VBulletin website? Are we talking multiple relational databases, or one monolithic beast?

Homepage hacking is a bit of a sport among script kiddies and hackers. They do it to show off their skills, but not to be malicious. They do nothing else but replace your homepage.

Hackers who's intent is malicious will not want you to know that they have hacked your server so they can go back at any time.

Not telling the whole story here figjam.

What do you think I posted the link to the article for? And remind me again, which was the first to go? How long did the others take and at which levels?

little retard, tapping an index.htm is sad.......like saying haha i fucked you 60 year old mum.
SM is right if a proper hacker did try they would be a bit more stealth than using cuteFTP and a password hax.
At the end of the day he is an internet tagger.
Ummm why hack that website though? seems kinda pointless.

Homepage hacking is a bit of a sport among script kiddies and hackers. They do it to show off their skills, but not to be malicious. They do nothing else but replace your homepage.

Hackers who's intent is malicious will not want you to know that they have hacked your server so they can go back at any time.

Yea but you can never be sure, unless... it was you?, na just kidding im sure it was Mr Kuwait Hack.

But why not be more malicious and tell everyone. He knows the forum isnt the real target, so he might as well give you the finger and look cool. He's done what he wants with that machine, so give the finger and move on.

Ummm why hack that website though? seems kinda pointless.

Aside from the "because they could..." factor, it was probably automated. F-Secure are claiming up to half a million sites may have been hacked. (http://www.f-secure.com/weblog/archives/00001427.html) Other sites include U.N. departments etc.

What do you think I posted the link to the article for? And remind me again, which was the first to go? How long did the others take and at which levels?

Information not available in the video. However, the exploit was traced to a bug in the Safari browser (Webkit - actually OpenSource software). Hardly an operating system (or even Apple) problem.

To their credit, the Apple folk had a patch available within 24 hours.

Plenty of IE bugs cause security issues too. And also Firefox security problems in both Windows, Mac and Linux versions.

I think its disingenuous to claim a browser hack as being indicative of an insecure operating system. I believe you could have hacked any of the other operating systems in a similar way.

The biggest single security problem on any computer still remains open ports, or more appropriately, a lack of understanding of proper security practices. These factors are exclusive of any operating system. Any OS can be as secure or insecure as you make it. Scoring points by attempting to bait the mac fanboys is going to get you nowhere...

Bret - that server's not up yet mate.

Sad. No matter how "tough" these hackers try to come across, fact is its probably a weedy little computer dweeb who sits at home every night in his parents house, trying to figure out why he has never seen a real pair of tits and never will.

Hmmm, hope noone sent their credit card details through to Quasimoto recently.:(

Information not available in the video. However, the exploit was traced to a bug in the Safari browser (Webkit - actually OpenSource software). Hardly an operating system (or even Apple) problem.

Ahhm, sorry? Run that one by me again. Are you saying that Apple did not develop Safari? So it's ok because it uses an Opensource engine at its core? What do you think OS X is? At one stage there was talk that Apple were intending to fully opensouce OS X until they decided there was stuff they didn't want in the public domain.



To their credit, the Apple folk had a patch available within 24 hours.

So they should, they wrote it.


Plenty of IE bugs cause security issues too. And also Firefox security problems in both Windows, Mac and Linux versions.

And yet the Vista machine wasn't hacked until the third day when third party applications were allowed to be introduced and an Adobe Flash exploit was umm... exploited. Note not a browser hack.


I think its disingenuous to claim a browser hack as being indicative of an insecure operating system. I believe you could have hacked any of the other operating systems in a similar way.

And yet neither the Vista nor the Ubuntu machine were compromised via a "browser hack". And that's with some serious talent with some serious knowledge and skills, who wanted the kudos far more than the money or hardware. In fact no one managed to compromise the Ubuntu (linux) laptop at all. Next year the results will probably be completely different.



The biggest single security problem on any computer still remains open ports, or more appropriately, a lack of understanding of proper security practices. These factors are exclusive of any operating system. Any OS can be as secure or insecure as you make it. Scoring points by attempting to bait the mac fanboys is going to get you nowhere...

I'm not disagreeing with you on that... Except for the baiting bit. I reckon the fishing's been pretty good so far. Had some massive bites and didn't even have to use much bait :D

Ahhm, sorry? Run that one by me again. Are you saying that Apple did not develop Safari? So it's ok because it uses an Opensource engine at its core? What do you think OS X is? At one stage there was talk that Apple were intending to fully opensouce OS X until they decided there was stuff they didn't want in the public domain.
Ahem... since when was NextStep OpenSource? Or are you talking OpenBSD?"


So they should, they wrote it.
Not the part which enabled the exploit. So there's not really much of a difference between a browser hack and a Flash exploit.


And yet the Vista machine wasn't hacked until the third day when third party applications were allowed to be introduced and an Adobe Flash exploit was umm... exploited. Note not a browser hack.
And yet neither the Vista nor the Ubuntu machine were compromised via a "browser hack". And that's with some serious talent with some serious knowledge and skills, who wanted the kudos far more than the money or hardware. In fact no one managed to compromise the Ubuntu (linux) laptop at all. Next year the results will probably be completely different.

What we can take out of this whole thing is that:

1. The ex-NSA bloke who exploited the Webkit vulnerability was a Unix expert.
2. Third-party developers are a big problem security-wise
3. Most OS's are pretty secure anyway.

Hmmm, hope noone sent their credit card details through to Quasimoto recently.:(

Why would that matter, we use DPS , its an external external system

little retard, tapping an index.htm is sad...

They were making the point that they'd cr4x0r3d Quasi's b0x0r, without actually doing any damage.

It's a 'nyah nyah' to show that the attacker could have completely hosed the system and/or rootkitted it and used it for his own purposes, but didn't.

Just kids arsing about. Annoying, certainly, but nothing to do with real cybercrime, and about as minor as data vandalism gets.

Not sure why the server's still up, though; if it were mine, I'd yank its interweb plugs while patching it up to date and doing a lockdown on whatever extraneous services it's running. In fact, given that it's been compromised, I'd run an immediate backup on the forum database, then just rebuild the machine from scratch (securely, this time) and reinstall the forum software with its current data before going live again.

They were making the point that they'd cr4x0r3d Quasi's b0x0r, without actually doing any damage.

It's a 'nyah nyah' to show that the attacker could have completely hosed the system and/or rootkitted it and used it for his own purposes, but didn't.

Just kids arsing about. Annoying, certainly, but nothing to do with real cybercrime, and about as minor as data vandalism gets.

Not sure why the server's still up, though; if it were mine, I'd yank its interweb plugs while patching it up to date and doing a lockdown on whatever extraneous services it's running. In fact, given that it's been compromised, I'd run an immediate backup on the forum database, then just rebuild the machine from scratch (securely, this time) and reinstall the forum software with its current data before going live again.


I dunno i suspect quasi might just get cowpoos around and do something like this...

HNLoCun5DGM

Ahem... since when was NextStep OpenSource? Or are you talking OpenBSD?"

Sigh, no, FreeBSD 5. Why don't you go look here? http://developer.apple.com/opensource/index.html. Quoting part of the first line:
"If you like open source development, you'll love Mac OS X. This fully-conformant UNIX operating system—built on Mach 3.0 and FreeBSD 5..."

Not to mention part of the first paragraph at http://www.apple.com/opensource/
"Major components of Mac OS X, including the UNIX-based core, are made available under Apple’s Open Source license,..."



Not the part which enabled the exploit. So there's not really much of a difference between a browser hack and a Flash exploit.
Oh piss off. As you said, the rendering engine is open source, nothing is obfuscated or hidden. Apple developers were able to see every line of code they implemented in the default browser for the OS. They missed a vulnerability in their testing and allowed it to go out. You don't install the browser separately, it's supplied in the default installation of the OS. You don't think there were plenty of other things they found, modified the code and supplied back to the project? That's how opensource works. I guarantee that Safari received a shitload more testing from Apple than Adobe Flash ever did. Safari was written and supplied by Apple and they had far more opportunity to test it. I don't blame Apple and I doubt many people do. No single team of developers is going to find every problem, but the fact remains that they missed one and they have no one but themselves to blame. I haven't seen anything from Apple to say they don't think it was their responsibility. They just patched it in a timely manner (how often have you seen Microsoft delay and refuse to admit a problem until they have no choice?), and got on with it. The fact that they were able to patch it so quickly with additional javascript validation shows that it was not that difficult or obscure a bug.




What we can take out of this whole thing is that:

1. The ex-NSA bloke who exploited the Webkit vulnerability was a Unix expert.
Can we now? Can you please post any link that supports this? The most I've seen is that he got paid $50k in 2005 for delivering a linux bug to an undisclosed government agency. If that is the case, it is really stretching to describe someone probably paid as a contractor, to be an employee. And despite the fact that he was a Unix expert, he chose to attack the Mac rather than the Ubuntu linux box. Interesting statement in itself, don't you think?

2. Third-party developers are a big problem security-wise
3. Most OS's are pretty secure anyway.
Don't basically disagree with either of those. Apple is paying the price for becoming more successful. They're selling way more, so way more people are becoming intimately familiar with their workings. Because there are so many more targets than there used to be, the losers are turning their attention to the new (ish) kid. Third party apps are mostly a problem because the bulk of the comapnies lack the resources to carry out the level of testing that Apple or Microsoft do. The ones that care and are in it for the long run rely on their intimate knowledge of their own product. Excluding Redhat Enterprise/CentOS, when you consider how the other Linux distributions are put together, it's amazing that they're as secure as they are. Those distributions are effectively all third party applications.

:corn: :corn: :corn: :corn: :corn: :corn: :corn: :corn: :corn: :corn:

gFAJDbV9Vfs

Ha ha! Yeah, oh so safe Gone in 2 minutes: Mac gets hacked first in contest (http://computerworld.co.nz/news.nsf/scrt/E0DD4B48DEF28C9DCC25741A0013F879)


Errr he put it first... and was being sarcastic...

You my good sir are a class a moron.

Like me... welcome to the club.

Not sure why the server's still up, though; if it were mine, I'd yank its interweb plugs while patching it up to date and doing a lockdown on whatever extraneous services it's running. In fact, given that it's been compromised, I'd run an immediate backup on the forum database, then just rebuild the machine from scratch (securely, this time) and reinstall the forum software with its current data before going live again.
Bah sometimes its just laziness,
Right now i type this i type this on a laptop with porn encrusted XP sitting on it (I have vista sitting 2 inches from me - but that will happen tomorrow), my linux box has a serious resolution issue (lurvely and fuzzy), misses PC has enough spyware to crash the wireless network (which is currently on *default-192.168.0.1* settings). The work dell has a version of DIGSI that is stuffed, and conflicting SQL databases (Goldmine and MySQL). The only up to date PC in this house is the torrent PC running XP SP3....which only has 2GB left on the drive.
So i can sympathize a bit with Quasi in the aspect that nothing is ever sorted.
God dammit this post wont load due to F-Secure noting SQL mass postings. Spank it told me to tell you to check database is ok

So what about my credit card details that were used/saved? on your site Qausi?

So what about my credit card details that were used/saved? on your site Qausi?

CREDIT CARD DETAILS ARE NOT USED OR SAVED ON OUR SITE.

We use DPS an encrypted external bank credit card system, Additionally this has not affected QUASiMOTO.co.nz, Only SPORTSBIKE.co.nz

there is NO NEED TO WORRY.

CREDIT CARD DETAILS ARE NOT USED OR SAVED ON OUR SITE.

We use DPS an encrypted external bank credit card system, Additionally this has not affected QUASiMOTO.co.nz, Only SPORTSBIKE.co.nz

there is NO NEED TO WORRY.

I think he means if sent via PM

Sysadmin for hire.

Expert in security (although no one is above getting truly hacked)

Loves motorbikes, margaritas, and walking in the rain

offers sensible hosting prices for small to medium websites.

contact: please_do_not_hack_me_mr@mcrides.co.nz

Thats beyond me, ports open ???
Might be something to do with me abusing some fucking arab spammer telling him I was going to get Jihad on his Muslim Arse ?

No worries will be up soon............. i hope

It probably happened to everyone who has a hosting account on the server you use. I suspect you have your site hosted in the US? You really shouldnt be :P

PM me if you want some help sorting it out or some ideas about hosting.

Iain

I see that the whole site has been hacked - not just the homepage. All changed to some mid-eastern language and reading right to left.

I see that the whole site has been hacked - not just the homepage. All changed to some mid-eastern language and reading right to left.

Hey Marty, how did you get in past the home page to find that out? Also did you receive a PM on SB about a week ago from a "Scott" someone or other appearing to be a long lost aquantance and wanting to make contact with you? I did but i did'nt reply as have had some Spam by PM on there lately.
Could have been quite innocent or something to do with the latest problem there. Has Bret given any indication as to when he may be up and running again?

Cheers:niceone:

Also did you receive a PM on SB about a week ago from a "Scott" someone or other appearing to be a long lost aquantance and wanting to make contact with you? I did but i did'nt reply as have had some Spam by PM on there lately.
Could have been quite innocent or something to do with the latest problem there. Has Bret given any indication as to when he may be up and running again?

Cheers:niceone:

Hey, I got a pm from that guy but never even opened, as you say because of all the spam that'd been hitting SB. I was thinking the same thing.....
Some people just need to get a life!!

mmmm do I tell people people about the "other" other site? before I finish it?

typed www.sportsbike.co.nz/forums

All sites get spammers ,cant help that once identified they get delelted quickly.
Hope to have it back up soon, we are working on it, so much for my weekend!!
thanks for your patience

All sites get spammers ,cant help that once identified they get delelted quickly.
Hope to have it back up soon, we are working on it, so much for my weekend!!
thanks for your patience

Hey thanks Bret, no panic, just a shame that some arsehole had to cause you all this un-needed grief. Good luck with the repairs and will look foward to having you back up and running soon.
Cheers

All the best Bret for a full and speedy recovery of Sportsbike.

.

typed www.sportsbike.co.nz/forums (http://www.sportsbike.co.nz/forums)


BWAHAHAHAHAHA it's in arabic.

mmmm do I tell people people about the "other" other site? before I finish it?

I've found it - and been posting there, it's cool, a bit more bike orientated
Starting to see some kiwibikers signing up there
http://www.mcrides.co.nz
Actually it's got a few links to the sportbike site
I like the spell check on it - Hitcher would like it.

I've found it - and been posting there, it's cool, a bit more bike orientated
Starting to see some kiwibikers signing up there
http://www.mcrides.co.nz
Actually it's got a few links to the sportbike site
I like the spell check on it - Hitcher would like it.

Has it been hacked as well ??? I cant load it seems bloody slow 5 mins and a couple of refreshes and zippo

Has it been hacked as well ??? I cant load it seems bloody slow 5 mins and a couple of refreshes and zippo

It's actually quicker than other forums I've been on - not sure why
Could be slow because it's being viewed a lot at the moment
Still - at lest it's up and running (sorry couldn't help myself)

BWAHAHAHAHAHA it's in arabic.

Whats so fucking funny about that? I have spent fucking heaps of dollars and fuck loads of time on that site , to have it fucked up is not funny in the slightest so pull ya fucking head in !!

Still - at lest it's up and running (sorry couldn't help myself)

Yes it is for two days, lets see it in a couple of years eh:yes:

Yes it is for two days, lets see it in a couple of years eh:yes:

I think he knows what he's doing - he runs and administrates 100's of web sites, it's his full time job.
He owns and runs http://mandrivausers.org/ - a bloody good forum site, been up for a few years now, much bigger than kiwibiker even, and I don't think thats the bigest site he looks after.
He was recently quoted front page in the business news - something about the advantages of the connection up grade in Hamilton city.

Didn't he offer to help sort your problem out for you earlier in this thread.

I know myself and three others wouldn't of spent a shit load of money on your leathers if it wasn't for him either - go Terminal

I think he knows what he's doing - he runs and administrates 100's of web sites, it's his full time job.
He owns and runs http://mandrivausers.org/ - a bloody good forum site, been up for a few years now, much bigger than kiwibiker even, and I don't think thats the bigest site he looks after.
He was recently quoted front page in the business news - something about the advantages of the connection up grade in Hamilton city.

Thanks for the plug :) .. yeah I run some sites with 10's of millions of users .. keep the mortgage paid ;)

Felt pretty special being on the front of the business times :2thumbsup


Didn't he offer to help sort your problem out for you earlier in this thread.

My services are always available to friends .. just don't go telling my boss :D



I know myself and three others wouldn't of spent a shit load of money on your leathers if it wasn't for him either - go Terminal


Support the locals and all that ;)
Quasi looks after me too eh .. got a killer price after I tore up my first Q jacket on the tarmac :P

Has it been hacked as well ??? I cant load it seems bloody slow 5 mins and a couple of refreshes and zippo

nope .. still running sweet as ....
maybe somebody on your IP address has been bad, and made it to my firewall ?!?!?

I think he knows what he's doing - he runs and administrates 100's of web sites, it's his full time job.
He owns and runs http://mandrivausers.org/ - a bloody good forum site, been up for a few years now, much bigger than kiwibiker even, and I don't think thats the bigest site he looks after.
He was recently quoted front page in the business news - something about the advantages of the connection up grade in Hamilton city.

Didn't he offer to help sort your problem out for you earlier in this thread.

I know myself and three others wouldn't of spent a shit load of money on your leathers if it wasn't for him either - go Terminal

Ah ha, I think I met him once before
Sheeesh

Got everything back except the home page, still working on that.
Stay tuned hopefully will be back to full speed soon.

Maybe I should send you my highly skilled network security experts to help ya out Quasi. :p

Maybe I should send you my highly skilled network security experts to help ya out Quasi. :p

yes please, that would be appreciated.

as a update, we have all the data still so thats safe !! we just have to get the homepage back online.
Ive been stressed out about this whole event and dam angry as to why people would go out of there way to fuck other peoples lives up, Im thinking of flying to Kuwait to hunt this little fucker down chop his fingers off and make him eat them, after that I will gut him then give him the option of eating them again or cutting his head off and sticking it inside his computer monitor as a warning to other hackers (but still thinking about it)

cheers Spank

Unfortunately, hackers are a fact of life when running servers on the net. My security log which I get emailed to me daily show KB server getting scanned/attempted hacked every day. Sometimes hundreds of times a day.

I be a little pissed at your service provider for not running a more secure server.

SPORTSBIKE LIVES ,we are back online !!!

Thanks for the support and sorry about that !