Author Topic: the bloxcity predicament - gamefandan's & darkhawk accounts compromised?? (Read 50204 times)

Otis Da HousKat · April 16, 2016, 10:14:37 AM

Quote from: mod-man on April 16, 2016, 10:12:01 AM

migas profile is giving a big thumbs up for bloxcity.com

Accidentally deleted the image in my last post, but here is my profile after compromise:

Ad Bot · Advertisement

Prokiller10 · April 16, 2016, 10:14:58 AM

I just stay logged in all the time, so that way I am safe

Gytyyhgfffff · April 16, 2016, 10:16:03 AM

Quote from: Trymos on April 16, 2016, 10:07:59 AM

how would this work if they do not have your ip address and they never visited the bloxcity website aka migas case?

i feel like theyre doing a man in the middle on the forum itself or actually compromised the forum itself

i'm thinking its some sort of smf exploit or some database badspot somehow forgeted up but i have no clue

Landmineman4000� · April 16, 2016, 10:16:56 AM

Well at least most of the spam topics are posted in off topic, that's pretty nice of em

}]Crazy[{ · April 16, 2016, 10:19:58 AM

Quote from: Kyuande on April 16, 2016, 10:03:16 AM

I said I was safe and then I got hijacked within 20 minutes.

my password is something very secure, if they know my password, then they know...
ok something extra related to blockland which identifies me

c · April 16, 2016, 10:21:46 AM

if it's session ids they need it think the people getting randomly logged out without their knowing MAY be the hijacker. I don't mean to fearmonger. Just adding my two cents.

for safety, please log out and uncheck this box, then log back in

Quote from: Prokiller10 on April 16, 2016, 10:14:58 AM

I just stay logged in all the time, so that way I am safe

That makes your more vulnerable if i'm correct. Why the hijacker is going for older accounts only with one exception(??Why tho??) is beyond me. this is all a big ball of I don't know. If it's session IDs how did they know nienhaus' password?

Though, maybe i'm just spewing crap and y'all shouldn't listen to me.

Mr Noobler · April 16, 2016, 10:22:05 AM

i think my account's being hijacked, i logged off 2 times without me doing anything

c · April 16, 2016, 10:22:52 AM

Quote from: Mr Noobler on April 16, 2016, 10:22:05 AM

i think my account's being hijacked, i logged off 2 times without me doing anything

once again - i could be all wrong about this and it's not session ids.

}]Crazy[{ · April 16, 2016, 10:26:32 AM

so i went on there.
(ill be checkin my posts, dont worry)
yeah, even my wiiu says "woah there, somethin aint right"

Mr Noobler · April 16, 2016, 10:27:34 AM

Quote from: c on April 16, 2016, 10:22:52 AM

once again - i could be all wrong about this and it's not session ids.

no, that was before your two posts

Gytyyhgfffff · April 16, 2016, 10:31:20 AM

it's an smf exploit, visolator didn't go to any other websites other than the blf before he was hijacked. that or someone managed to get his session ids earlier in the week

Landmineman4000� · April 16, 2016, 10:32:32 AM

Quote from: Gytyyhgfffff on April 16, 2016, 10:31:20 AM

it's an smf exploit, visolator didn't go to any other websites other than the blf before he was hijacked. that or someone managed to get his session ids earlier in the week

How do we protect ourselves?

Gytyyhgfffff · April 16, 2016, 10:35:03 AM

i think it's just best to assume that they're using some smf glitch to steal session ids and they aren't doing any other attack like a man in the middle of something. log off and back in every so often, if you get hijacked log off on every site you're logged in on, change passwords, etc.

}]Crazy[{ · April 16, 2016, 10:35:41 AM

oh wait nevermind, the wii u is like super protective. i doubt theid be able to crack it.

Trymos · April 16, 2016, 10:38:04 AM

Quote from: Gytyyhgfffff on April 16, 2016, 10:35:03 AM

i think it's just best to assume that they're using some smf glitch to steal session ids and they aren't doing any other attack like a man in the middle of something. log off and back in every so often, if you get hijacked log off on every site you're logged in on, change passwords, etc.

if he hijacked you

that's all he's getting unless you're handicapped enough to not change your password every time a website you've registered on got hacked, in that case he will get your email too because you failed at doing what everybody told you to do.