Bloxcity is back

Author Topic: Bloxcity is back  (Read 7644 times)


oh boy looks like his account may have been hacked
How does this continually happen to the forums? Badspot, can we get 2fa?

not being active in half a year, and when came back saying this stuff and going the opposite of his old personality

yup


National Liberation Front has declared we will take a stand against the henious acts of bloxcity

Brace your starfishs part two: Electric Boogaloo

lookiing at exploit-db (lol skiddy level stuff right here) there's a few exploits for smf > 1.1.20, one for smf 2 that exfiltrates memory
independent testing suggests these don't work however.
the million dollar question: how does bloxcity keep getting into accounts

the million dollar question: how does bloxcity keep getting into accounts

Baddy posted about it last time

Quote
So I don't exactly know what's going on.  The attacks appear to be opportunistic, getting they accounts they can.  If there were a vulnerability to account login they would just login to my account or rotondo's and forget up everything.

What I've done is forced on https, deleted all existing sessions/cookies, and updated a few of the smf session hashing functions and seed values.  This would mitigate some types of session hijacking, if that's what was happening.

The most likely answer is probably phishing.  It's happened multiple times before, with some huge body counts.  It's not always as obvious as "enter your key for blockland gold".

Baddy posted about it last time

hold on
somebody pay for leakedsource and search this email: trublurage@gmail.com
it seems that's the one associated with his forum account

hold on
somebody pay for leakedsource and search this email: trublurage@gmail.com
it seems that's the one associated with his forum account
leakedsource is gone
however i checked https://haveibeenpwned.com and it's very likely that he used the same password for his forums account and an account which has been hacked
i also found an account with his email + username (db dump) online
so it's probably some skid from bloxcity seeing all of these dumps and x-refing them to blf users to attack


motive of this story: don't use shady ass websites cunts

motive of this story: don't use shady ass websites cunts
lol the db dump was from a runescape botting site