Usagi Yojimbo DojoBoard

Hello,

To the members of the UYD: As you might have noticed, some brat had fun with our forum. This should be fixed, now.

To the brat: I'm currently analysing the log files of your attack. When I find your IP address and the time when you did it, I'll file a complaint with your ISP. Maybe you should get in contact with your lawyer, now.

Have a nice day,

Thanks for getting us back online so quickly Aaron. And I am glad to see nothing was deleted. Whoever it was who hacked us, show no mercy! If we can take this person down, then I say we do it. Here's what Dreamhost told me, but I doubt it'sof any help.

"This could have been caused by all sorts of issues - ie. an old or
unpatched script of some kind (a content management system, forum, etc) that had known exploits associated with it. For this reason, we
recommend upgrading any scripts under your account and ensuring that you are only using current software. You should also make sure to follow any security precautions listed in the documentation to ensure that it is locked down."

Hi Todd,

I'm pretty sure the brat used the security hole in phpBB 2.0.12 (which was fixed in 2.0.13). I knew about the issue and the fix and I planned to install it this weekend but I missed the deadline by a few hours

PS: Can you please check your mailbox? I sent you four mails in the last few weeks without a single reply.

Regards,

You RULE!

I am so tired of these slackers-- I mean, hackers--

I hope you nail this jerk to the wall!

Cynthia

Sorry about that. It's been a hectic day. I got the call from Robert "Dranatha" while I was in a big meeting at work (sorry I couldn't pick up Rob), but I had my laptop in front on me so I quickly went to the Board to see what happened. Needless to say i was pretty pissed off, and very worried that we lost all the messages on the Board. That's when I uploaded the message in index.php that the board had been hacked and will be up soon.. and it was. Awesome.

Anyway, I emailed you about it at the tail end of my work day and didn't get back home for another 2.5 hours... rain, not to mention my meeting was 50 miles from home...yow! After a few beers I finally got the nerve to check my stocks and the Board... voila...it was back. YOU DA MAN Aaron!

PS: For some reason my lame Yahoo account had your email going directly to my "bulk" folder where spam goes. From now on try emailing me at work instead...just to be on the safe side.

Todd

Seems there is a whole web-site devoted to these "bluejackers" which I ran across when I tried a google search for bluejack.

I'm glad to see the forum up and running again...

I was worried since I spend so much time here when on line.

Thank you, Aaron, and everyone else for your quick work. We wouldn't have these boards without you guys.

Steve what is the address? I all could find were sites on the Bluetooth flirting craze from a couple years ago... could these be the culprits??? Doesn't seem like it....

http://www.bluejackq.com/phpbb2/index.php

http://www.bluejackq.com/phpbb2/profile ... e&u=100077&

http://www.bluejackq.com/phpbb2/memberlist.php

http://www.bluejackq.com/index.shtml

This link is to a hackers forum with postings from someone calling themself Bluejacker...

http://www.jinx.com/forum/topic.asp?TOP ... ichpage=31

I guess the previous links are more concerned with prank messages being sent to strangers cell phones ???

The layout of the dojoboard has been restored, too. Please have a look for things which are still odd.

Hi!

Yesterday afternoon, i try go in to DojoBoard forum and couldn't realize that. So thanks everyone (Shogun, Taisho, Daimyo, Shinobi) so today is everything ( i think ) correct in this.
Let find this CRACKER ( dont' wrote hacker - it is nobilitation for him ), than let him make seppuku!

AbaYo! Jerry

Nice job, guys!


By the way, are you backing up the board to hard disk on a regular basis? It would be a good idea. This hacker was actually quite merciful in not obliterating everything. I've seen worse happen.

Jerry wrote:Let find this CRACKER ( dont' wrote hacker - it is nobilitation for him ), than let him make seppuku!

Well, what worries me most is the lost time. I've had from midnight to 11:00 in the morning to fix the mess and to make sure that they didn't leave any "surprises".

Usually, my company charges $100/hour for such jobs. Where can I send the $1100 bill? Not to speak about one night without sleep

What I do know now is that three computers were involved. Two are dialups and located in England. They were using the ISP Telewest HSD Platform which is maintained by a company located in Bradford. The other one is from Italy and uses an ISP named Pontificio Collegio Spagnolo which is maintained by Colt in Milano. I know that Colt does take these things very seriously.

I'm not sure how to continue from this point, though. From what I've gathered, it was probably some kind of joke by some kids. Having the police knock down their doors might be a nice retribution for us but that also means Todd would have to file complaint with the FBI (which is probably more hazzle than it's worth right now).

What I propose is to file a complaint to the abuse sections of the respective ISPs so they can find out who was online from where at that time and they can take the appropriate measures. They usually reply with an email which I can then forward to the authorities should Todd file a complaint. Here in Germany, such deeds can get you as much as three years of jail or a fine. No matter what, you're convicted afterwards which means you'll have a lot more trouble finding a job (especially in the IT sector).

And don't forget that many hackers don't use their own PC but first crack some other boxes and then start their attacks from those. So the police might actually knock down the doors of some innocent fool who doesn't know about firewalls and malware scanners. Therefore, I suggest that the ISPs should have a look at their logs. That will usually mean that their accounts will be closed or, if they are kids, the ISP will tell their parents ... and then close the account.

shaxper wrote:By the way, are you backing up the board to hard disk on a regular basis?

Yes It took so long because I wanted to know what had happened. So I had to compare the backups of the database but the format of the backup had changed and that made thinks a little complicated.