about the recent "hack"
posted by max on January 02, 2006 at 04:59:33 PM
Some of you may have noticed some sites claiming that YTMND was hacked, and a lot of upvoting going on. I thought I'd give an explanation of what happened. For more information read more.
Thanks to everyone who has been donating to the new content server. We are nearly halfway there.
CURRENT STATUS
Now, about the "hack". I was planning on adding some new features today, but this took priority. A user wrote a script to brute force passwords of many users with weak passwords such as "123456", "qwerty", "password" etc. He gained access to roughly 80 accounts, including "ShittyMcShit", the user who created picard.ytmnd.com. He then went on to brag about it on a message board and posted the password which led to someone deleting picard.ytmnd.com. Sadly this isn't an easy thing to "undo" but I am going to go through by hand and see if I can't restore picard to at least some of it's former glory.
In response to the brute force attacks, I've written a strike system that will only allow you five login attempts per 30 minutes and I am now logging all logins. I deleted over 2,000 votes and 400 comments from the "hacked" users and reset all of their passwords. I have also disallowed the use of such simple passwords for users who signup in the future.
I find it sad and a bit disheartening that people would spend the time to go to such great lengths to try and draw attention to themselves. I have spent relatively no time on developing the site in the last month and half because I've had to deal with people cheating. The user who took part in this attack has been ip banned.
As for the comments, I am rebuilding the comment cache, so don't worry.
So much for "playing fair".
Thanks to everyone who has been donating to the new content server. We are nearly halfway there.
CURRENT STATUS
Now, about the "hack". I was planning on adding some new features today, but this took priority. A user wrote a script to brute force passwords of many users with weak passwords such as "123456", "qwerty", "password" etc. He gained access to roughly 80 accounts, including "ShittyMcShit", the user who created picard.ytmnd.com. He then went on to brag about it on a message board and posted the password which led to someone deleting picard.ytmnd.com. Sadly this isn't an easy thing to "undo" but I am going to go through by hand and see if I can't restore picard to at least some of it's former glory.
In response to the brute force attacks, I've written a strike system that will only allow you five login attempts per 30 minutes and I am now logging all logins. I deleted over 2,000 votes and 400 comments from the "hacked" users and reset all of their passwords. I have also disallowed the use of such simple passwords for users who signup in the future.
I find it sad and a bit disheartening that people would spend the time to go to such great lengths to try and draw attention to themselves. I have spent relatively no time on developing the site in the last month and half because I've had to deal with people cheating. The user who took part in this attack has been ip banned.
As for the comments, I am rebuilding the comment cache, so don't worry.
So much for "playing fair".
Add a comment
What's funny is that brute-force scripts that crack non-strong passwords are not even junior g-man level sh*t. They are the bottom of the barrel. The fry cook at BK could do a Google search, find a script and fire it off.
Pathetic worthless amateur wannabe kiddie-scripters are worthless.
"But I was just trying to help the site!"
download mp3 knife from download.com then use itunes to convert any mp3 to wav.
if you didn't know itunes could do it, then you may bow down at my uber hax. cuz thats how i did this http://billzz.ytmnd.com/
then go to edit>preferences>advanced>importing
after changing the import to wav, right click the mp3 clip you wish to convert and say 'convert to wav'
there you go.
Jesus that is f*cking lame... Max I don't know how you keep the faith and remain patient with the general population here but I'm glad you do/are. I love it here. I love pop cutlure. The day YTMND is no longer around will be a sad day indeed. For now, I'm glad you keep it going for us. f*ck those guys, they need to grow pubes and blah blah pubes.
also, i have a site on top15 right now that i dont believe got there fair and square. as you might remember, last time justkeepthatinmind was on he hacked me to try and get me in trouble.. when i see any of my sites take that jump i think he's back... i dont know if you can now, but a tool to reset views of sites suspected of being hacked might be good.