Malicious Attacks on Websites
Posted: Sat Aug 03, 2013 12:25 am
OK, I promised I'd let everyone in on what exactly hapenned regarding this site's first ever hacking attempt.
First of all, This occurred about 8 months ago, but I only got aware of what had been tried since about one month. Indeed, my busy schedule kept me from doing a rundown of the server logs, so as to check if there wasn't something out of the common. I was looking for stuff like oddly excessive traffic and other assorted stuff. With >48,000 spam accounts blocked in less than one year
, one cannot be careful enough, right? Since I am not by formation an expert in Internet security, I figured it wouldn't be a bad idea to do a quick cursory look on the server logs, in search for some common hacks/exploits attempts.
The several searches I carried out yielded only one result
n
US.
Here is the whois result for that IP:
also seemed... odd...
My first reflex was to check the look for any hits of this IP on this site. I found out that this was an IP the "Jesus" account had posted three times from on this site.
Everyone knew that "Jesus" was Feyd_Ruin from MTGS, since at the time he requested that some former user "Jesus" surrendered his forum name (he changed it to "Iesus") so that he could find his "rightful" name.
Knowing that Feyd_Ruin had tried to hijack the site's SQL database (Although through outdated exploits, which means he achieved no illegitimate access, I could confirm this myself), I tried to dig deeper on this hacking attempt logs. All this occurred the 23rd November 2012, during the space of 40min. I went to re-check what was ocurring both here (the postings at that time) and on MTGS (the leaked mod lounge posts we were sent by a honorable staff member of MTGS), and the major event that occurred at that time was Sene posting
his discontent about the MTGS Razzies (The legendary post that was at the onset of the Blathering threads legacy) just the day before:
22nd November 2012
16th November 2012
database, perhaps to snitch on the honorable person who has been sharing us the info about the deceit and lies that MTGS has pulled on many of this site's members.
I withheld this info for some more time because I wanted some independent confirmation that an IP search on this IP gave hits on MTGS, and I've been told this week that this is correct and points to no other than Feyd_Ruin.
For me there can be no doubts that a technician of MTGS tried to hack the database of this site, probably on a futile attempt to expose the person who alerted us on the sale of MTGS and the true reasons behind the mass bannings at MTGS (which apparently are being reenacted one year after).
I was really dumbfounded by this because I honestly thought this pointless conflict would stop at just bemoaning and demonising people like myself, with just slander about the so-called "malicious actions" that I took against MTGS (exposing the sale to Curse as the real reason behind the shutdown of a subforum of MTGS and
the persecution towards is members, for the simple reason that the subforum wouldn't conform to the future TOS of the site). I would never imagine that a current staff member of MTGS would go as far as trying to hack this site, and to be honest, I'm not even mad. I just find this more sad than anything else.
So there you go. You people know everything about this affair. I know there are many decent people on the lower ranks of MTGSalvation staff, and I welcome them to search 74.137.34.86 on their IP lookup tools.
First of all, This occurred about 8 months ago, but I only got aware of what had been tried since about one month. Indeed, my busy schedule kept me from doing a rundown of the server logs, so as to check if there wasn't something out of the common. I was looking for stuff like oddly excessive traffic and other assorted stuff. With >48,000 spam accounts blocked in less than one year
, one cannot be careful enough, right? Since I am not by formation an expert in Internet security, I figured it wouldn't be a bad idea to do a quick cursory look on the server logs, in search for some common hacks/exploits attempts.The several searches I carried out yielded only one result
n
SQL database hacking attempt
The first thing I found weird was the attempt at hijacking the SQL database of the server. Odd I thought. Then I did a quick search to the offending IP (74.137.34.86) expecting to have a hit from typical places such as Russia, Ukraine, China, or even France. Yet lo and behold, the IP came from Kentucky, US.
Here is the whois result for that IP:
Whois 74.137.34.86
That also seemed... odd...
My first reflex was to check the look for any hits of this IP on this site. I found out that this was an IP the "Jesus" account had posted three times from on this site.
Everyone knew that "Jesus" was Feyd_Ruin from MTGS, since at the time he requested that some former user "Jesus" surrendered his forum name (he changed it to "Iesus") so that he could find his "rightful" name.
Knowing that Feyd_Ruin had tried to hijack the site's SQL database (Although through outdated exploits, which means he achieved no illegitimate access, I could confirm this myself), I tried to dig deeper on this hacking attempt logs. All this occurred the 23rd November 2012, during the space of 40min. I went to re-check what was ocurring both here (the postings at that time) and on MTGS (the leaked mod lounge posts we were sent by a honorable staff member of MTGS), and the major event that occurred at that time was Sene posting
his discontent about the MTGS Razzies (The legendary post that was at the onset of the Blathering threads legacy) just the day before:
22nd November 2012
At about the same time we had received this info about the MTGS mod lounge:One would think you'd move on and try to focus your considerable resources on building your own welcoming & quality community to rival MTGS, instead of making this a site an outlet for pettiness and satisfying personal grudges.
Just saying.
16th November 2012
And it is not difficult to make the logic leap that one of the tricks he tried was hijacking this site'sFeyd_Ruin applied for tech. He's now making magic tricks in Mod Chat with HTML and BBcode to impress the kids so they hire him.
database, perhaps to snitch on the honorable person who has been sharing us the info about the deceit and lies that MTGS has pulled on many of this site's members.
I withheld this info for some more time because I wanted some independent confirmation that an IP search on this IP gave hits on MTGS, and I've been told this week that this is correct and points to no other than Feyd_Ruin.
For me there can be no doubts that a technician of MTGS tried to hack the database of this site, probably on a futile attempt to expose the person who alerted us on the sale of MTGS and the true reasons behind the mass bannings at MTGS (which apparently are being reenacted one year after).
I was really dumbfounded by this because I honestly thought this pointless conflict would stop at just bemoaning and demonising people like myself, with just slander about the so-called "malicious actions" that I took against MTGS (exposing the sale to Curse as the real reason behind the shutdown of a subforum of MTGS and
the persecution towards is members, for the simple reason that the subforum wouldn't conform to the future TOS of the site). I would never imagine that a current staff member of MTGS would go as far as trying to hack this site, and to be honest, I'm not even mad. I just find this more sad than anything else.
So there you go. You people know everything about this affair. I know there are many decent people on the lower ranks of MTGSalvation staff, and I welcome them to search 74.137.34.86 on their IP lookup tools.
