* WalrusIRC

You need to have 5 posts and not be part of restricted usergroups in order to use the WalrusIRC embedded shoutbox. However, you can also access our IRC channel called #CodeWalrus via EFnet.

Author Topic: Important security notice about your CodeWalrus account  (Read 10244 times)

0 Members and 1 Guest are viewing this topic.

Offline p4nix

  • Full User
  • Join Date: Jun 2015
  • Location: Germany
  • Posts: 430
  • Post Rating Ratio: +6/-1
  • Don't catch the ball.
    • p4nix
  • Gender: Male
Just ignore comments which lead to nowhere. :)
Coincidence is coincidence, proof is proof.
  • Calculators owned: fx9860GII (SH4)

Offline Sorunome

  • Full User
  • CodeWalrus Supporter
  • *
  • Safe-haven access
  • 2016 Yearly CW Project Winner
  • *
  • Join Date: Mar 2015
  • Location: Equestria
  • Posts: 162
  • Post Rating Ratio: +6/-0
  • Keep calm and fox on
    • @sorunome
    • @sorunome
    • /u/sorunome
    • Sorunome
    • 110/11005
    • My Website
  • Gender: Female
[...] According to Eeems, it looks like SMF doesn't salt+hash their passwords in a very secure way[...]
That was me, but OK :P
[...]
We do not know how the attack occurred, we know that Omnimaga was two SMF versions behind and Omnimaga was not the only place attacked, as one of KermMartian e-mail account was also hit. Also, according to the Omnimaga topic and their IRC logs, the IP address used by the hacker is from France (although we do not know what it is).
[...]
At the time of the attack we were already at 2.0.11, Eeems ran upgrades a day or two earlier.
  • Calculators owned: Too many (why are you even reading this?)
  • Consoles, mobile devices and vintage computers owned: Gamebuino!
This is a signature.
And now......give me an internet!

To be or not to be.........is that even a question? Who gets to decide this anyways?

Offline Streetwalrus

  • Professional slacker
  • Super User
  • Original 5
  • Join Date: Nov 2014
  • Location: Israel
  • Posts: 2903
  • Post Rating Ratio: +20/-0
  • ƎW∀⅁ ƎH⊥
  • Gender: Male
The attacker could have prepared his attack before you guys updated by setting up a backdoor. Did they leave anything behind on the server or did they kill it all ?
  • Calculators owned: TI-80, HP 40G, TI-84 Plus rev G (yay 128k RAM), TI-83 Plus Silver Edition (broken LCD), TI-82 Stats.fr (black), TI-Nspire CX rev C (yay Nlaunchy), TI-83+ SE ViewScreen



Offline xlibman

  • Omni founder & CW co-founder
  • Super User
  • Original 5
  • CodeWalrus Supporter
  • *
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 18901
  • Post Rating Ratio: +100/-4
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • DJ Omnimaga music store
  • Gender: Male
A backdoor is possible. I had this happen on TIMGUL in 2008. We used IB 1.3 and got hacked. When we switched to SMF, we still got hacked because a backdoor from the 1.3 days was still hidden in a folder somewhere.


Could it be Islamic State in response to our Paris attack thread? They don't like free speech so...
« Last Edit: December 07, 2015, 10:16:00 pm by DJ Omnimaga »
  • Calculators owned: TI-57, 73, TI-80 (broken), TI-81, TI-82, TI-83, TI-83+ (broken), TI-83+ (broken), TI-83+SE (broken), TI-84+, TI-84+CSE, TI-84+CE, TI-85, TI-86, TI-89T, TI-92, TI-Nspire, TI-Nspire CX (semi-broken), HP 39gII, HP Prime, Casio fx-7000G, fx-7400G+, fx-7700GE, fx-9750G+, fx-9750GII, fx-9860G, cfx-9850G, FX-1.0+, fx-CG10, fx-CP400
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nexus 5, Atari 2600, Lynx, SMS, Game Gear, Genesis, Dreamcast, NES, SNES, N64, GCN, Wii, Wii U, GBA, DS, 3DS, PS2, PS3, PS4, PSP, PSVita, XBox 360, XBOne

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)

Offline KermMart̕ian

  • Full User
  • Join Date: Dec 2014
  • Location:
  • Posts: 29
  • Post Rating Ratio: +4/-7
Could it be Islamic State in response to our Paris attack thread? They don't like free speech so...
What? That seems like a stretch, especially since the Omnimaga staff and I determined that it's a community member performing these attacks (and they've been focused on a few select portions of the community).

Quote from: Streetwalrus
The attacker could have prepared his attack before you guys updated by setting up a backdoor. Did they leave anything behind on the server or did they kill it all ?
The attacker had an administrator's password, and did not use any backdoors or brute force.
« Last Edit: December 09, 2015, 02:09:18 am by KermMartian »

Offline aeTIos

  • Dabbler in C
  • Super User
  • Original 5
  • Join Date: Nov 2014
  • Location: Ede, NL
  • Posts: 1049
  • Post Rating Ratio: +12/-0
  • hi
    • r_vdijk
    • /u/aetios
    • aetios
  • Gender: Male
Could it be Islamic State in response to our Paris attack thread? They don't like free speech so...
Hahahahaha what? Your oddly verbose attempts to find an explanation for this are getting amusingly out-of-hand.
Kerm, if you really have nothing constructive to add to the discussion, please don't post at all. We all know you are salty about CW, and it really looks like you're trying to shove the blame of the attacks on us. I used to think higher of you.
ceci n'est pas une signature

Offline Keoni29

  • Full User
  • Join Date: Nov 2014
  • Location:
  • Posts: 284
  • Post Rating Ratio: +8/-0
    • 8times8
  • Gender: Male
Dun changed my password just to be safe.
If you like my work, why not give me an internet?

Offline aeTIos

  • Dabbler in C
  • Super User
  • Original 5
  • Join Date: Nov 2014
  • Location: Ede, NL
  • Posts: 1049
  • Post Rating Ratio: +12/-0
  • hi
    • r_vdijk
    • /u/aetios
    • aetios
  • Gender: Male
Also, @KermMartian , when is new information about the hacker due? I'd like to see those claims backed up. I also see no point in keeping his information (at least his handle) private.
ceci n'est pas une signature

Offline Streetwalrus

  • Professional slacker
  • Super User
  • Original 5
  • Join Date: Nov 2014
  • Location: Israel
  • Posts: 2903
  • Post Rating Ratio: +20/-0
  • ƎW∀⅁ ƎH⊥
  • Gender: Male
KermM, friendly reminder that


If you have something interesting to say, say it. All your baseless accusations, as implicit as they are, hold no value though. Either post proof of what you're saying or don't post at all.

That said it looks to me like most of the community is under attack, even our own logs show that the suspicious IPs are trying to access CW with the passwords they stole, as well as ticalc.org and Revsoft.
  • Calculators owned: TI-80, HP 40G, TI-84 Plus rev G (yay 128k RAM), TI-83 Plus Silver Edition (broken LCD), TI-82 Stats.fr (black), TI-Nspire CX rev C (yay Nlaunchy), TI-83+ SE ViewScreen



Offline KermMart̕ian

  • Full User
  • Join Date: Dec 2014
  • Location:
  • Posts: 29
  • Post Rating Ratio: +4/-7
KermM, friendly reminder that [you have no power here]

If you have something interesting to say, say it. All your baseless accusations, as implicit as they are, hold no value though. Either post proof of what you're saying or don't post at all.

That said it looks to me like most of the community is under attack, even our own logs show that the suspicious IPs are trying to access CW with the passwords they stole, as well as ticalc.org and Revsoft.
Don't worry, I'm not blaming CodeWalrus as a whole; I respect almost all of you a great deal, I just wish you hadn't felt that the community needed to be subdivided further (@aeTIos too). Point taken, though; I certainly have no power here, and I wouldn't want anyone to think I was being mean. *doffs hat* A good day to you, ladies and gents. :)

Offline xlibman

  • Omni founder & CW co-founder
  • Super User
  • Original 5
  • CodeWalrus Supporter
  • *
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 18901
  • Post Rating Ratio: +100/-4
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • DJ Omnimaga music store
  • Gender: Male
Could it be Islamic State in response to our Paris attack thread? They don't like free speech so...
Hahahahaha what? That seems like a stretch, especially since the Omnimaga staff and I determined that it's a community member performing these attacks (and they've been focused on a few select portions of the community).

Quote from: Streetwalrus
The attacker could have prepared his attack before you guys updated by setting up a backdoor. Did they leave anything behind on the server or did they kill it all ?
The attacker had an administrator's password, and did not use any backdoors or brute force. The investigation was simplified by what user(s) were known to have that administrator's password.
The Islamic State comment was not really meant to be 100% serious, but given their goals and the fact they hacked sites before and the fact we have an active topic about them here, we never know. There are much bigger chances that it's a community member or a group of members who is fed up with the community and has decided to attack it at large. And it's not just a few select portions of the community, because Revsoft and CodeWalrus were attacked too. The CW attacks targeted my forum account yesterday at 6:20:16 PM GMT-5 (failed login attempt from 80.119.166.103) and Ivoah account at 7:34:23 PM (from 90.11.159.131)

There is also another suspicious IP from which two failed login attempts into Ivoah account happened yesterday, and it's 24.144.160.11. We do not know if it's legit or not, but since Ivoah has never posted a single message from that IP, then perhaps an eye should be kept on that one too.

But we cannot jump to conclusion by insinuating anything and accuse anyone yet, because slander and libel are as much of a crime as the hacking itself. We want to know the culprit as soon as possible and if legal actions have to be taken against him, then be it.
  • Calculators owned: TI-57, 73, TI-80 (broken), TI-81, TI-82, TI-83, TI-83+ (broken), TI-83+ (broken), TI-83+SE (broken), TI-84+, TI-84+CSE, TI-84+CE, TI-85, TI-86, TI-89T, TI-92, TI-Nspire, TI-Nspire CX (semi-broken), HP 39gII, HP Prime, Casio fx-7000G, fx-7400G+, fx-7700GE, fx-9750G+, fx-9750GII, fx-9860G, cfx-9850G, FX-1.0+, fx-CG10, fx-CP400
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nexus 5, Atari 2600, Lynx, SMS, Game Gear, Genesis, Dreamcast, NES, SNES, N64, GCN, Wii, Wii U, GBA, DS, 3DS, PS2, PS3, PS4, PSP, PSVita, XBox 360, XBOne

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)

Offline CVSoft

  • CodeWalrus Staff
  • Full User
  • Server Maintenance
  • Safe-haven access
  • Join Date: May 2015
  • Location:
  • Posts: 105
  • Post Rating Ratio: +5/-0
    • calcvids
    • 100007522540514
    • @CVSoft_
    • notipa
    • @UCj2udNPPnu58d4EgWs6gjhA
    • /u/notipa
    • 10819
    • BosaikNet
  • Gender: Male
I went through the access logs for BosaikNet and was unable to find any suspicious activity; no admin-login attempts were found and activity from IP addresses 90.11.159.131, 80.119.166.103, and 24.144.160.11 were not found in any access log. Whoever did this knew what domains they wanted to target.
  • Calculators owned: TI-73, TI-81, TI-81, TI-81, TI-81, TI-81, TI-81, TI-82, TI-82, TI-82, TI-82, TI-82, TI-82, TI-82, TI-82, TI-82, TI-82, TI-82, TI-83, TI-83, TI-83 Plus, TI-84 Plus, TI-85, TI-86, TI-89 Titanium

Offline xlibman

  • Omni founder & CW co-founder
  • Super User
  • Original 5
  • CodeWalrus Supporter
  • *
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 18901
  • Post Rating Ratio: +100/-4
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • DJ Omnimaga music store
  • Gender: Male
It's always possible that they browsed Omnimaga or other related sites for a while to gain more knowledge about which other related sites from the leaders there are, in order to target more, but the fact that only calculator sites have been targeted convinces me more that the culprit was somebody who is or used to be part of the TI community and hates it.

In any case, whoever did this will not win, because Omnimaga, Cemetech, Revsoft, TI-Planet, Ticalc.org and CodeWalrus are still standing today.
  • Calculators owned: TI-57, 73, TI-80 (broken), TI-81, TI-82, TI-83, TI-83+ (broken), TI-83+ (broken), TI-83+SE (broken), TI-84+, TI-84+CSE, TI-84+CE, TI-85, TI-86, TI-89T, TI-92, TI-Nspire, TI-Nspire CX (semi-broken), HP 39gII, HP Prime, Casio fx-7000G, fx-7400G+, fx-7700GE, fx-9750G+, fx-9750GII, fx-9860G, cfx-9850G, FX-1.0+, fx-CG10, fx-CP400
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nexus 5, Atari 2600, Lynx, SMS, Game Gear, Genesis, Dreamcast, NES, SNES, N64, GCN, Wii, Wii U, GBA, DS, 3DS, PS2, PS3, PS4, PSP, PSVita, XBox 360, XBOne

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)

Offline brentmaas

  • Full User
  • Join Date: Jan 2015
  • Location: Netherlands
  • Posts: 172
  • Post Rating Ratio: +2/-0
  • Java > all, fite me
    • brentmaas
  • Gender: Male
  • WalriiPoints: 25
I've noticed that the two IPs 90.11.159.131 and 80.119.166.103 are rather close to eachother, being located in adjacent towns, but the other IP, 24.144.160.11, is all the way in Pennsylvania (Next to a college = probably has a calculator = community member?)
Lel I glitched Omni

Offline xlibman

  • Omni founder & CW co-founder
  • Super User
  • Original 5
  • CodeWalrus Supporter
  • *
  • Join Date: Nov 2014
  • Location: Quebec, Canada
  • Posts: 18901
  • Post Rating Ratio: +100/-4
    • dj_omnimaga
    • DJOmnimaga.music
    • @DJOmnimaga
    • dj_omnimaga
    • @DJOmnimaga
    • /u/DJ_Omnimaga
    • DJOmnimaga
    • 112/11286
    • @djomnimaga
    • @DJOmnimaga
    • DJ Omnimaga music store
  • Gender: Male
I'm definitively thinking that 24.144.160.11 was a legit user (Ivoah most likely). It might be a public internet hotspot from which Ivoah is unable to post, which could explain why he has no single post on record from there. Pennsylvania seems plausible, considering where Ivoah comes from (not too far from Pennsylvania, New York and New Jersey AFAIK, and I heard from New York Rangers/Islanders fans that it doesn't take long to commute between those areas). So his account is safe.

But yeah, from what I recall, the main attacker IP is from Toulouse, Midi-Pyrenées, while the second is from Paris, Ile-de-France, both located in France.
  • Calculators owned: TI-57, 73, TI-80 (broken), TI-81, TI-82, TI-83, TI-83+ (broken), TI-83+ (broken), TI-83+SE (broken), TI-84+, TI-84+CSE, TI-84+CE, TI-85, TI-86, TI-89T, TI-92, TI-Nspire, TI-Nspire CX (semi-broken), HP 39gII, HP Prime, Casio fx-7000G, fx-7400G+, fx-7700GE, fx-9750G+, fx-9750GII, fx-9860G, cfx-9850G, FX-1.0+, fx-CG10, fx-CP400
  • Consoles, mobile devices and vintage computers owned: Samsung i5510, Nexus 5, Atari 2600, Lynx, SMS, Game Gear, Genesis, Dreamcast, NES, SNES, N64, GCN, Wii, Wii U, GBA, DS, 3DS, PS2, PS3, PS4, PSP, PSVita, XBox 360, XBOne

Bandcamp|Reverbnation|Facebook|Youtube|Twitter
Retired Omnimaga admin (2001-11) and editor (2012-14)

 


You can also use the following HTML or bulletin board code to share it on your page or forum signature!


Also do not forget to check our affiliates below.
Planet Casio TI-Planet Calc.news BroniesQC BosaikNet Velocity Games