Please guys, I was hacked. This guy told me to reg @ his forum. He tricked me into it, I'm not going into details atm.

Anyways he got my pass and decrypted it and almsot deleted TRH!! Other admins realized what was going on and fixed it.

http://xhforums.com <-- he's the one who did it all. IPB is illegal. He might have a dedicated so I'm not usre if you can take him down.

TYGOD he didn't get my PP or anything else.

TAKE HIM DOWN PLEASE!!!!!

Good graduation present eh? lol I wasn't home all day celebrating.

Hello,

Please report the details of the board on the piracy report form: http://www.invisionpower.com/piracytracker/piracy.php From there our team will be able to verify if it is a legal board or not

Having a dedicated server does not mean we will not be able to take action - will just be alot more for someone to loose if they choose not to comply

FWIW, your password could not have been de-crypted. The only thing I can think of is he has modified the user registration system on his board to store a plain text copy of the password somewhere. Would always recommend using a totally different password to your usual one on sites that you do not know very well - I know that I always do.

Also, congratulations on graduating!

First why are using your pass on your forum at others?

2nd. Its not hacking, maybe cracking. prolly used your cookies to obtain it.

Thanks. Ok.

But he did not have phpmyadmin access to TRH. How? Man I'm so pissed off atm.

That is not possible since 2.0 - you no longer have just your password hash has stored in the cookie, you will have a unique login key for just that board - that and your password hash are combined together to create your cookie.

There is multiple ways of getting passwords, but with patches and stuff that gets fixed. Most ways people can take your pass is using some type of decryption or cookies.

Edit: nice Alex, i knew it was an issue in 1.3

My friend I knew he did something with the FTP account and when someone registered he got the password. It was some program he used I forgot the name of it.

Not quite. IPB Passwords are 16 salt encrypted MD5 hashes. Because of the salt they are "uncrackable", most methods of decryption are using rainbow tables (premade 40GB+ database of decrypted hashes) which then compares to the one you are trying to decrypt. Which are all of course regular MD5 hashes, when they are salted they are so much more secure. Don't know for sure, but practically impossible to crack.

The script kiddie "hacking" that is commonly seen today method of obtaining passwords is by guess, keylogger/trojan on victim PC or another sort of local attack, or has your email password and they then use the "Forgot Password" feature, etc...

But it's rare that a board is actually hacked by exploit or another malicious method as they are immediately patched by IPS.

can u remember it ?, i know of these programs.

No it was over 2 years ago. It was some program that was used to get porn passwords from websites.

One of the sites I admin on got hacked today too. All they did was change the passwords in the config file. I reset it and the phpmyadmin password to some Hebrew words and numbers. This should keep them busy. Moving that site to IPS next month, so hopefully they stay outt ill then.I've been using a mix of French and Hebrew words on my other sites for passwords and have not had any problems.

I wasnt asking for a tutorial, Alex corrected me.

How do you (IPS) take forums down without actual access to the FTP

i know you probably wont tell me, just wondering if thats the way you do it, or do you just email them threatening them with charges?

If a board is found to be illegal we would contact the board owner requesting they remove the board. If they choose not to we send out cease and desist notices to the board owner and hosting provider, explaining the legal concequences of not complying. If they do not comply we move further up the chain, to data center, upstream bandwith provider until someone does. We are also well within our rights to persue legal action through the courts in the most serious of cases.

ah right, i thought thats what happens but have never thought about it (never needed to)

Thanks

99.995% of legitimate hosts will suspend a site that is found to be using illegal software.

Some hosts just delete the site as a violation of their AUP/TOS.

but The Problem is if the Site was hosted in the Cauntry that do not have any law it will be a problem i know alot of board that use IPB/vB Illagel that hosted in the offshore server and the cauntry that do not have any law ..

Usually there is always someone who will listen, we just keep going up the levels until someone will as Alex said.

Hello Phil

maybe you dont understand me .. correct but the person who know about this stuff can explain better with good english ..

i have copy some part from other site it is very larg site i'am not sure they run Illagel or not .. but they have more Illagel stuff in their site it is P2P site... i only copy a small part it was a very big story ... but i take the Importen part..




so what do u think about this .. when they say there is no one can do anything .?

pfft. uou only want ipb to take them down becasue your site was "hacked" by them. *removed*, tale a look at that,
no thats fuunyy. it will be months, no , years, maybe even decade before ips tkae that site down

Well duh, that's a good reason for wanting IPB to take them down don't you think?

And the link you posted to is a hacked forum. Why would IPb be taking the forum down? It's not that that's the problem, it's the hacker.

Would you be bothered if you'd spent a lot of time on something only to have it defaced? Err... yes?!

There is no reason to take down a board that has been hacked by someone.

Provide support and assistance in getting the board back up - certainly, but not taking it down