|
On September 07 2006 07:35 Holmen wrote:
Too bad something like this happen ....but I would hope that Pat or someone else can give us some information soon.
And to answer about the paypal accounts, imo he can most likely have got the mentioned 32 accounts no doubt about that but honestly if he wanted the money he would have stayed quiet and kept going thru the complete database and noone would have noticed it.
I'm not sure what our remaining logs show, but it would be nice if it logged SQL activity. If he didn't make a backup before taking it down, it would have been impossible for him to get the passwords. In addition to that, he had already claimed to gain access to those accounts so soon, which is highly unlikely, borederline impossible.
|
United States4991 Posts
On September 07 2006 02:07 superjoppe wrote:seems down. any mirror or info about what was on it?
It was a mini-forum thing where people could submit stuff and it said WGT IS NEXT and the title was CRY MORE or something like that.
I found it because he wrote on WGT a post trying to get people to go there via javascript, presumably to try to get passwords. It was encoded in String.fromCharCode.
|
On September 06 2006 13:26 IntoTheWow wrote:AND MY AXE!!!
bahahahahahahahahahhaa
|
On September 07 2006 07:46 HnR)Insane wrote:Show nested quote +On September 07 2006 02:07 superjoppe wrote:seems down. any mirror or info about what was on it? It was a mini-forum thing where people could submit stuff and it said WGT IS NEXT and the title was CRY MORE or something like that. I found it because he wrote on WGT a post trying to get people to go there via javascript, presumably to try to get passwords. It was encoded in String.fromCharCode.
Isn't String.fromCharCode just converting unicode values into String?+_+
|
Like a few other people have said, let's just be grateful that Pat is bothered to repair this for us, never mind bitching about when it will come on... or what will happen.. about mexicans being idiots.. etc etc. Especially since 99.9% of PGT users don't donate, the vast majority have little to be complaining about. Sure, it's inconvenient, and it's irritating, but unless you want to go and make your own ladder, it's tough luck.
Pat would probably appreciate a bit of support from users, not people bitching over what will happen now. I doubt very much that even 5% of users are bothered to say thank you before logging back into bnet-x and bitching over an unreported game not being dealt with quick enough.
Have some gratitude.
|
i dont think pat should take all the bitching as a bash, i mean its not like were bitching about pat not getting the site up right now. everyone more or less seems to be pissed at the mexicano that was able to cross the border, steal a comuter from usa citizen, run back, and teach himself how to be elite h4x0rz(obviously alliteration and a joke settle down kiddies). but i think people are more bitching about this faggot who had nothing to gain by hacking pgtour.net but just to be a dickhead. i think pat should almost be happy to see how many people are outraged by the idiot who did this.
|
United States4991 Posts
On September 07 2006 08:14 FreeZEternal wrote:Show nested quote +On September 07 2006 07:46 HnR)Insane wrote:On September 07 2006 02:07 superjoppe wrote:seems down. any mirror or info about what was on it? It was a mini-forum thing where people could submit stuff and it said WGT IS NEXT and the title was CRY MORE or something like that. I found it because he wrote on WGT a post trying to get people to go there via javascript, presumably to try to get passwords. It was encoded in String.fromCharCode. Isn't String.fromCharCode just converting unicode values into String?+_+
Yes, by encoded I just meant you couldn't see what it was just by glancing at it, it was a huge string of numbers  I guess maybe obscured would be a better word.
|
On September 07 2006 08:04 ToT)Testie( wrote:bahahahahahahahahahhaa
LOL
|
is it possible that Blizzard did that?
|
On September 07 2006 11:19 zir_green wrote:
is it possible that Blizzard did that?
Heh
|
i am so bored. :/ i don't have a valid cd key so i can't go to bnet.
|
Russian Federation28 Posts
For some reason I can't enter europe since pgt got down though I have licensed sc and I can enter west, east and asia.
|
ares yes i agree that we can be upset or frustrated, but we shouldnt be nearly as pissed off as pat or the admins are, and its not like its pat or any admins fault that all of this happened.
|
On September 07 2006 11:19 zir_green wrote:
is it possible that Blizzard did that?
Nope.
If Blizzard would do anything, they would just email me or any webmaster.
|
On September 07 2006 12:46 Pat wrote:Show nested quote +On September 07 2006 11:19 zir_green wrote:
is it possible that Blizzard did that?
Nope. If Blizzard would do anything, they would just email me or any webmaster.
hey my hero, how is it going? any news?
|
why PGT is not up yet 2 days past  pgt have or they dont have back up ? this season will be restarted or what is simple questions we all want some answers ;/
|
I'm sure we will find out sooner or later... be it that PGT comes online, or Pat tells us, or whatever. We will know eventually.... just keep your patience =)
Pat said all BNet-X stats and forum posts are gone, which means the season will definitely have to be restarted, as i assume this means everyone's stats have been deleted (ie. everyone is now back at D rank).
According to pat, he's still got the source code and the BNet-X software wasn't affected, so pgt will be back up.. I hope... but the forum posts and the BNet-X stats will be missing.
|
On September 07 2006 11:31 new_construct wrote:
i am so bored. :/ i don't have a valid cd key so i can't go to bnet. you know it's strictly restricted to go to PGT withouth a valid CDKey? =-^.^-=
|
lol, i wonder what will happen to him ^^
|
If he really was able to access our passwords on that server, that means that they were completely unencrypted. That is BAD, and it's very simple to prevent.
First, run a basic update on all of the tables so that all of the passwords are encrypted. The encryption algorithm is generally not reversible. If it is a reversible algorithm, you just need to use the 'crypt' perl function or its php equivalent, but that takes more coding. It is more important to protect your users than keep the site running, IMHO. Thus, use this little statement, (changing table names)
update user_info set user_password = password(user_password)
commit
and all of the passwords are now encrypted (in mysql, unreversible).
Then, all you need to do is setup your login scripts to check the tables against password(passed_password) instead of the straight value.
In addition, it is not necessary to make a complete copy of the tables in order to get the data out. All you need to do is have a client open to the database, turn on output, then do select * from ... and you have the data in a text file that can be easily parsed by anything. The only reason I mention this is because people say that the hacker didn't make a database backup, but that is simply overcome with ONE select statement.
I don't like it when my passwords are saved unencrypted, but knowing this, I have modified all of my financial account passwords that weren't different from the one at pgtour.
|
|
|
|
|
|
EPT![[image loading]](http://www.warofthering.net/quintessential/24sept01trailer/fotr_trailer02_059_tn.jpg)
