Author Topic: the bloxcity predicament - gamefandan's & darkhawk accounts compromised??  (Read 38630 times)


The BLF has went under maintenance mode for a few hours and is now back up. Seems like Badspot somehow fixed the issue.

The BLF has went under maintenance mode for a few hours and is now back up. Seems like Badspot somehow fixed the issue.
its https now

That was quite the adventure eh'

They can't hijack the hulkster.
Last time I got hijacked, the plane went straight into the twin towers.

the forget just happened

Can someone trace the IPs that have been posted and "do something" about them?
they used a proxy ofc

Badspot

  • Administrator
So I don't exactly know what's going on.  The attacks appear to be opportunistic, getting they accounts they can.  If there were a vulnerability to account login they would just login to my account or rotondo's and forget up everything.

What I've done is forced on https, deleted all existing sessions/cookies, and updated a few of the smf session hashing functions and seed values.  This would mitigate some types of session hijacking, if that's what was happening. 

The most likely answer is probably phishing.  It's happened multiple times before, with some huge body counts.  It's not always as obvious as "enter your key for blockland gold".

wow loving French-speaking Canadians invading the forums

they'll loving pay for this, ready the bombs, we're nuking Quebec

yeah Quebec you'll get your freedom from Canada

BECAUSE WE'LL BLOW YOU OFF THE DAMN CONTINENT
trans text below

also, just changed my password to be safe if that even helps

"enter your key for blockland gold".
You need Blockland Goldtm to view this post. [DOWNLOAD HERE]

Glad you did this badspot, hopefully we can figure out what all went down in the coming days.

What I've done is forced on https

avatars still link to a http:// link only to redirect to a https:// one

So I don't exactly know what's going on.  The attacks appear to be opportunistic, getting they accounts they can.  If there were a vulnerability to account login they would just login to my account or rotondo's and forget up everything.

What I've done is forced on https, deleted all existing sessions/cookies, and updated a few of the smf session hashing functions and seed values.  This would mitigate some types of session hijacking, if that's what was happening. 

The most likely answer is probably phishing.  It's happened multiple times before, with some huge body counts.  It's not always as obvious as "enter your key for blockland gold".
That wouldn't make any sense considering one of the users compromised hadn't logged on for over 5 years. Why would they come on just to log in and get phished at the same time as all these other old users?

Glad you did this badspot, hopefully we can figure out what all went down in the coming days.

avatars still link to a http:// link only to redirect to a https:// one
to add onto this:

that's the advertisement displayed on the front page, that collapse carrot image should probably be https://