Since the successful hack on JGO
http://java-gaming.org/
redirects to:
http://www.java-gaming.org// (note the double slash)
Faulty redirects are NOT funny 
Edit:
Let me add that that HTTP Location header was already b0rked during the hack. :persecutioncomplex:
funny that you did it, it is that no ? you change the redirection ? perfect for spoofing/fishing
Well it was messed up anyway. It’s probably getting close to JGO needing to migrate somewhere else, actually. With Chris no longer at Sun and now a hack, this might be a logical step.
I’m not sure what you mean.
If you mean that I was behind the attack: no.
Anyway, that redirect is not really usable for spoofing, as it doesn’t really do much, and is noticable by the enduser. If you hack a site, it’s much more evil to not deface it, so that people will still login, allowing you to grap their password in plain text (assuming it is salted+hashed in the database).
ok I was thinking it was a demonstration of hack (that you did).
about spoofing it is very usable as it is the second step after fishing, like if you redirect to www.javagamming.org then grab password and then “spoof the victim”
why is there no info regarding the defacement?
why are we still running 1.1.5?
fwiw, I am assuming my profile info is already retrieved and that the server may be sending malicious content - so javascript is off for jgo.
The hackers replaced /index.php
They were nice enough to copy the original file to /index2.php :-*
That means they had write access to the web-root.
Once you have that, you don’t need to spoof anything. You can modify the php script that handles the login, and send every login to an IRC chatroom of your choice. It would (probably) take a long time before anybody would notice that.
so do we need to change our passwords ?
Ofcourse.
[quote]so do we need to change our passwords ?
[/quote]
I’m pretty sure SMF stores the passwords via a one-way MD5 encryption in the DB. So, probably, no… you don’t NEED to.
I suppose it depend when I connected last time, how long does this hack has been running ?
:persecutioncomplex: Never heard of rainbow tables? The passwords must be salted too, or you can simply lookup most ‘one way’ MD5 hashes (MD5 encryption does not exist)
MD5 Hash: 7232ae7254ffb527ca0db6cd1ec41152
http://passcracking.com/index.php
This is how easy it is to ‘crack’ that MD5…
Once a hacker grabs an unsalted hashed table column, most passwords are retreivable this way.
I find the lack of info disturbing… if no admin is posting anything, it might mean that no admin has done anything, and we are still hacked, just not defaced
This is a good point. I tried to email Chris about it but the email I have (a Sun email) no longer works. So does he even know?
Minutes after the site came back, I saw ChrisM on the “Latest Active users”, so I guess he does .
how do you know that was really him and not the hackers using his account?
Oh noes! It’s a conspiracy!
Quick, Chris, tell me something only you would know!
Any status update? I don’t dare log in with my real account.