| View previous topic :: View next topic ? |
| Author |
Message |
ShelLuser
Joined: 02 Apr 2005
Posts: 38
Location: Amersfoort, Holland
|
 Posted: Mon Nov 14, 2005 1:30 am?? ?Post subject: UnderNet channel services hacked
|
 |
|
Things don't seem to be going in UnderNet's way these days. Apart from the massive netsplits (some of them being caused by DDoS although people prefer not to mention this, other due to running different versions of ircu (the ircd powering UnderNet)) now the channel services themselves got compromised.
Some guy who seemingly has a grudge against #romania, #galati, #barlad and #timisoara utilized this compromise to evade the bans set towards his person and counter acted by setting a ban on *!*@*. I managed to obtain a logfile which indicated the hack being made and judging from the level being used (global X level of 699) it seems the rumours going around about some oper getting his X account compromised may prove to be true.
| Code: |
Session Start: Sun Nov 13 16:35:02 2005
Session Ident: #Romania
[16:35] * Now talking in #Romania
[16:35] * Topic is 'Welcome? ( [website: .www.ro-club.net. | forum: .http://foru
m.ro-club.net. ] )pentru muzica http://radiolive.us:8210/listen.pls.'
[16:35] * Set by gingly on Sun Nov 13 05:41:51
[16:35] -> *x* force #Romania
[16:35] -X- Temporarily increased your access on channel #romania to 699
[16:35] * Joins: Registered (~RWSARAT@RWSARAT.users.undernet.org)
[16:35] * Parts: Ireal` (~Ireal@jamesbond070.users.undernet.org)
[16:35] * Parts: |HaKeRuL| (~RrR@TradesTeaM.users.undernet.org)
[16:35] * Joins: AlinTh3Chaos (Scorp@AlinWebShark.users.undernet.org)
[16:35] * Joins: Alcatraz- (~Alcatraz@Alcatraz.users.undernet.org)
[16:35] * Joins: mihu (~mihuxp@mihuxp.users.undernet.org)
[16:35] * Parts: AlinTh3Chaos (Scorp@AlinWebShark.users.undernet.org)
[16:35] -> *x* ban #Romania LARIS WAS HERE!!!!
[16:35] -X- Added ban *!*Laris@*.ime.cmc.osaka-u.ac.jp to #romania at level 75
[16:35] * Parts: ^IoNuTz^ (~ionut@SuperSteaua1.users.undernet.org)
[16:35] * Joins: SirKiss (~SsikRis@SirKiss.users.undernet.org)
[16:35] * Parts: CrackCocaine (Montana@Eu.Sunt.Tot.Ce-Ai.Visat.Am.Ochii.Verzi.Su
nt.Bun.La.Hack.1sp.us)
[16:35] -> *x* ban #Romania *!*@* LARIS WAS HERE!!!!
[16:35] * X sets mode: -bbbbbb *!*@Icee.users.undernet.org *!*@81.215.* *!*@*.qw
est.net *!*@*.alltel.net *!*@*.earthlink.* *!*@*.hu
[16:35] * X sets mode: -bbbbbb *!*@*.gci.net *!*@*.rr.com *!*@*telus.net *!*@*bl
ueyonder.co.uk *!*@4.* *!*@*covad.net
[16:35] * X sets mode: -bbb+b `?`*!*@* *!*@Planorist.users.undernet.org *!*@ro0o
t.users.undernet.org *!*@*
[16:35] * cycler was kicked by X ((TheLaw) LARIS WAS HERE!!!!.)
[16:35] * danbx was kicked by X ((TheLaw) LARIS WAS HERE!!!!.)
[16:35] * wolfuletz was kicked by X ((TheLaw) LARIS WAS HERE!!!!.)
|
Yes, I am very sceptical by all this but I also immediatly acknowledge that these things can happen. My X account was compromised too some day due to a brute force attack on the cservice website. Pretty amazing too since the password was only 3 characters close to the maximum allowed length (I didn't want to take any risk after becoming 500 on my channel) but the website was the weakest link back then.
And now it seems we have a re-run of this situation. I have no knowledge of how this account got compromised (yet) but I don't think it happened because some oper suddenly believed one of those fishing advertisements you sometimes see popping up in some of the major channels.
I can only hope UnderNet will get its act together. And I truly hope that they won't suspend the oper in question if this was indeed caused by a website compromise. However, personally it wouldn't surprise me if they kicked the entire server off the network "just to be sure".
No, these are dark times in my opinion 
_________________
With kind regards, Peter
NekoNet
www.neko-net.org / irc.neko-net.org
|
|
| Back to top |
|
|
Asmo
Site Admin
Joined: 26 Oct 2004
Posts: 675
Location: Undernet
|
|
Posted: Mon Nov 14, 2005 10:35 am?? ?Post subject:
|
|
|
Please before you srtart spouting off at Undernet, lets take a look at a few things...
| Quote: |
| [16:35] -X- Temporarily increased your access on channel #romania to 699 |
699? Sorry? I think the max level you could get is 500 on a channel, above is for CService admins, coders, etc.
| Quote: |
| My X account was compromised too some day due to a brute force attack on the cservice website. |
Scuse me? Define 'brute attack'? I dont see in ANY way how a 'brute attack' can compromise a user account. And if that is so, why wouldnt they gop hack a username which they can cause way more damage with?
| Quote: |
| but I don't think it happened because some oper suddenly believed one of those fishing advertisements you sometimes see popping up in some of the major channels. |
'Some oper'? Opers dont even have access to CService's database, I really do not understand your claims here. But maybe you can enlighten me? And even IF this happened this way, why go for an username which network wide isnt all that important if you want to create havoc?
By reading your post, it seems FAR more likely they have bene doing some clever social engineering and gotten the answer to your question like whats your pet's name, fathers bday date, etc, and got your accountt hat way.
Your claims are based on wrong assumptions. But your claim someone's access was raised to 699 makes me seriously doubt your intentions here. And what else did you do in order to solve the issue other then to spout your grief on this forum which is unrelated to Undernet other then the webmaster is an oper there?
_________________
Asmo
webmaster www.IRC-Junkie.org
|
|
| Back to top |
|
|
ShelLuser
Joined: 02 Apr 2005
Posts: 38
Location: Amersfoort, Holland
|
|
Posted: Mon Nov 14, 2005 2:59 pm?? ?Post subject:
|
|
|
| Asmo wrote: |
| 699? Sorry? I think the max level you could get is 500 on a channel, above is for CService admins, coders, etc. |
That is indeed true, up to a maximum level of 1000. Yet certain levels also allow you to gain certain control over individual channels, while normal people login to X and get control over a #channel this deals with #*.
However, when talking about those levels I'm still referring to them as 'opers' since that is what they basicly are in the eyes of the common public like myself.
| Asmo wrote: |
| Quote: |
| My X account was compromised too some day due to a brute force attack on the cservice website. |
Scuse me? Define 'brute attack'? I dont see in ANY way how a 'brute attack' can compromise a user account. And if that is so, why wouldnt they gop hack a username which they can cause way more damage with?
|
I can't define it any better since thats all I was told back then. This happened approx. 2 - 2.5 years ago (I've been 500 for 3 years now) and some kiddie took an interest in our IRC channel (which has a very low tolerance for script kiddies and the likes, and so far managed to succesfully warn several companies and organisations about the use of compromised boxes after having spotted them). I entered the channel one day only to find out that all the management accounts were gone (X400 and up) apart from the 500 (my account). The email adress was changed and there was basicly nothing we could do. Only with the help of Gaia^ (Back then among the opers), Revenger (idem) who could both vouch for my identity and great help of Cavalry and some of his colleages (who were helpfull enough to get control over my account back to where it belonged) was I able to re-gain control. I asked several times about what had transpired and the only thing I was told was that there had been a bug in the website allowing certain people to gain access by brute forcing it. Unfortunatly that was all the information that was being shared.
| Asmo wrote: |
| Quote: |
| but I don't think it happened because some oper suddenly believed one of those fishing advertisements you sometimes see popping up in some of the major channels. |
'Some oper'? Opers dont even have access to CService's database, I really do not understand your claims here. But maybe you can enlighten me? And even IF this happened this way, why go for an username which network wide isnt all that important if you want to create havoc?
|
Well, as I said above when I refer to "opers" I basicly make no exception between "service opers" and "irc opers" because even though the responsibilities may differ, to me they are basicly people who have an o:line and by those means can be seen as 'opers'.
As to making any claims; that wasn't really my intention. I merely stated that I don't believe that... The reason for the statement is that many people advertise these days claiming that they're from CService and in need of your password in order to.. All the opers I knew who acted against this kind of abuse are now gone. Most of the opers I now know seem to take other measures against this form of misbehaviour. Whether this is succesfull or not is something I can't judge, but solely basing it on personal observation I can't help but worry a lot.
| Asmo wrote: |
| By reading your post, it seems FAR more likely they have bene doing some clever social engineering and gotten the answer to your question like whats your pet's name, fathers bday date, etc, and got your accountt hat way. |
That is also very possible indeed. I don't claim to know how things transpired, all I wrote was that it seems as if we have a re-run of things transpired before. And considering the fact that X had to be taken down for several hours makes me indeed wonder about the extend of these issues.
| Asmo wrote: |
| Your claims are based on wrong assumptions. But your claim someone's access was raised to 699 makes me seriously doubt your intentions here. And what else did you do in order to solve the issue other then to spout your grief on this forum which is unrelated to Undernet other then the webmaster is an oper there? |
I'm not making any claims here. The only thing I did was putting the things down as I've noticed them in a logfile, and I have to admit having added some of my suspicions to all this.
My intentions in all this are solely trying to produce and hopefully also gain some information as to what has transpired here. I know IRC-Junkie isn't related to Undernet, in fact its not related to any specific network at all by my knowledge, which would make it an excellent platform for discussions like these IMO.
However, I have to admit not having given your position in all this a single thought and can see / understand if you're not comfortable with it. If that is true then I'm truly sorry since its not my intention to make trouble of any kind. All I want is to try and get things to open up a little. As I've also stated on the UnderNet forums (which unfortunatly are down again) I strongly believe that if UnderNet would be a little more open in the things they did and the things which transpired they would get rid of all the gossip, all the rumours and hopefully also all of the frustration which is within a lot of people.
This weekend I've witnessed the network split itself up to 6 times within 10 minutes. And most people (users like me) have already gone to a level where they only state "Oh, Undernet is at it again, what else is new?" without even caring about it all that much anymore. Where we used to wonder and worry people have now slipped to "Its not a question if undernet goes down, its when" then I'm worried about the common attitude towards Undernet.
And unless something is being done, one way or the other, it is my greatest fear that this will only increase up to a day where people really don't care anymore. Perhaps this is only a very small portion I see here and a very limited vision, but it worries me nonetheless. So coming back to my intentions: I guess awareness describes it the best; trying to make people aware that there really are certain problems which go beyond the seemingly common belief that things are a mess per facto.
If you feel that this is not the place for issues like these then I respect that and will stick to more common IRC related topics in the future. Like I said before; it is not my intention to cause problems, only stirr the pot a little.
QUICK Edit:
I never answered your question as to what I did in all this. Well, nothing but observing. As to your possible question as to why I'd do nothing:
| Code: |
`DarthVader is Vader@DarthVader.ro * The Dreaded Tormentor
?`DarthVader on @#cservice #StarWars #Dobrogea
?`DarthVader using *.undernet.org The Undernet Underworld
?`DarthVader End of /WHOIS list.
|
Perhaps this is also a wrong assumption because this could be a legitimate #cservice chanop, but seeing this made me think that the opers didn't really need someone to tell them that something fishy might be going on.
_________________
With kind regards, Peter
NekoNet
www.neko-net.org / irc.neko-net.org
Last edited by ShelLuser on Mon Nov 14, 2005 3:12 pm; edited 1 time in total
|
|
| Back to top |
|
|
Asmo
Site Admin
Joined: 26 Oct 2004
Posts: 675
Location: Undernet
|
|
Posted: Mon Nov 14, 2005 3:12 pm?? ?Post subject:
|
|
|
| Quote: |
That is also very possible indeed. I don't claim to know how things transpired
I'm not making any claims here
My intentions in all this are solely trying to produce and hopefully also gain some information as to what has transpired here. |
Yet in your first post you write:
"UnderNet channel services hacked" <-- you make no claim here?
"now the channel services themselves got compromised. " <-- you have proof to back this up, or are you just typing something out of grief?
"I have no knowledge of how this account got compromised (yet) " Oh? I thought it was hacked? At least you said it was so.
| Quote: |
| If you feel that this is not the place for issues like these then I respect that and will stick to more common IRC related topics in the future. Like I said before; it is not my intention to cause problems, only stirr the pot a little. |
If you have a problem, and you genuinly want to have it solved, then you need to go to the correct place to get them fixed. Also, kicking the legs of the people that you need help from is not the smartest way to try and get your problems solved either. It'll' put a certain stamp onto you that you will carry for a loooong time.
| Quote: |
| If you feel that this is not the place for issues like these then I respect that and will stick to more common IRC related topics in the future. Like I said before; it is not my intention to cause problems, only stirr the pot a little. |
It seems you are only after 'stirring the pot', and thus I will refrain from posting again this thread. To me, it seems you are more interested in making unfunded claims and putting weird logs online rather then trying to find a solution for your problem.
_________________
Asmo
webmaster www.IRC-Junkie.org
|
|
| Back to top |
|
|
slk
Joined: 14 Nov 2005
Posts: 3
|
|
Posted: Mon Nov 14, 2005 3:46 pm?? ?Post subject:
|
|
|
CService lied; a guy named Randall exploited it and he gave global accesses to people. You can't deny this. Here's proof:
| Code: |
[16:17:46] -X- D-Man!~Lord@Alungatu.users.undernet.org is an Official CService Administrator and logged in as Alungatu
[16:19:10] -X- Information about: IceKid (494337)
[16:19:10] -X- Currently logged on via:
[16:19:11] -X-? ?IceKid!~IceKid@IceKid.users.undernet.org
[16:19:11] -X- Language: 1
[16:19:11] -X- INVISIBLE is On
[16:19:11] -X- LAST SEEN: 0 days, 01:14:57 ago.
[16:19:11] -X- Account was unsuspended 228 days, 22:06:36 ago (By caitlen)
[16:19:11] -X- EMail: icekid@globalpinoy.com
[16:19:11] -X- Last Hostmask: IceKid!~IceKid@ACB21692.ipt.aol.com
[16:19:11] -X- Max Logins: 1
[16:19:11] -X- Channels: * (599), #curious? (500), #pascani (498), #Radiolive (450), #mirclord (400), #DjK8oard (100)
[16:23:31] -X- Added user Gemenii to * with access level 501
[16:25:06] -X- Channels: * (501), #Konnect (499), #Cerchez (499), #OpTeam (499), #idilis2 (499), #Roadsign (499), #dragoste (499), #scoala.de.hoti (499), #MusicPassion (499), #Complikat (498), #Radiolive (490), #TurkNetWork (489), #uniQue (475), #6+9=69 (468), #FreeKicks (450), #GHelp (450), #Somnorosi (400), #mtb (399), #MALDIVEislands (333), #Segarcea (300), #perverts (300), #IRC (300), #q3 (250), #LiB (250), #HelpChannel (100), #chat.com (100), #mOOnPalace (100)
[16:27:37] -X- Removed user Gemenii from *
[16:28:04] -X- Added user Gemenii to * with access level 501
[16:29:20] -X- Removed user Gemenii from *
[16:33:57] -X- USER: Gte ACCESS: 1000
[16:33:57] -X- CHANNEL: * -- AUTOMODE: None
[16:33:57] -X- LAST SEEN: 353 days, 09:00:18 ago.
[16:33:57] -X- USER: Kev ACCESS: 1000 LU
[16:33:57] -X- CHANNEL: * -- AUTOMODE: None
[16:33:57] -X- LAST SEEN: 0 days, 01:59:58 ago.
[16:33:57] -X- USER: reppir ACCESS: 1000
[16:33:57] -X- CHANNEL: * -- AUTOMODE: None
[16:33:57] -X- LAST SEEN: 653 days, 17:42:07 ago.
[16:33:57] -X- USER: seks ACCESS: 1000 L
[16:33:57] -X- CHANNEL: * -- AUTOMODE: None
[16:33:57] -X- LAST SEEN: 121 days, 13:22:45 ago.
[16:33:57] -X- USER: Isomer ACCESS: 1000 LU
[16:33:57] -X- CHANNEL: * -- AUTOMODE: None
[16:33:57] -X- LAST SEEN: 0 days, 08:38:21 ago.
[16:33:57] -X- USER: nighty ACCESS: 950 LU
[16:33:57] -X- CHANNEL: * -- AUTOMODE: None
[16:33:57] -X- LAST SEEN: 0 days, 01:59:56 ago.
[16:33:57] -X- USER: DinTn ACCESS: 900 L
[16:33:57] -X- CHANNEL: * -- AUTOMODE: None
[16:33:57] -X- LAST SEEN: 0 days, 22:00:15 ago.
[16:33:57] -X- USER: DrCkTaiL ACCESS: 800 LU
[16:33:57] -X- CHANNEL: * -- AUTOMODE: None
[16:33:57] -X- LAST SEEN: 0 days, 03:00:02 ago.
[16:33:57] -X- USER: duck ACCESS: 800
[16:33:57] -X- CHANNEL: * -- AUTOMODE: None
[16:33:57] -X- LAST SEEN: 16 days, 12:56:48 ago.
[16:33:57] -X- USER: LordLuke ACCESS: 800 L
[16:33:57] -X- CHANNEL: * -- AUTOMODE: None
[16:33:57] -X- LAST SEEN: 0 days, 00:18:43 ago.
[16:33:57] -X- USER: DaveB ACCESS: 750
[16:33:57] -X- CHANNEL: * -- AUTOMODE: None
[16:33:57] -X- LAST SEEN: 598 days, 06:14:13 ago.
[16:33:58] -X- USER: crip ACCESS: 750
[16:33:58] -X- CHANNEL: * -- AUTOMODE: None
[16:33:58] -X- LAST SEEN: 209 days, 16:34:31 ago.
[16:33:58] -X- USER: Hodari ACCESS: 750
[16:33:58] -X- CHANNEL: * -- AUTOMODE: None
[16:33:58] -X- LAST SEEN: 85 days, 12:53:10 ago.
[16:33:58] -X- USER: `Voodoo ACCESS: 750 LU
[16:33:58] -X- CHANNEL: * -- AUTOMODE: None
[16:33:58] -X- LAST SEEN: 3 days, 00:01:44 ago.
[16:33:58] -X- USER: MarkT ACCESS: 750 LU
[16:33:58] -X- CHANNEL: * -- AUTOMODE: None
[16:33:58] -X- LAST SEEN: 0 days, 08:54:51 ago.
[16:33:58] -X- There are more than 15 matching entries.
[16:33:58] -X- Please restrict your query.
[16:34:16] -X- Removed user Laris from *
[16:34:41] -X- The channel thelaw doesn't appear to be registered
[16:34:47] -X- Added user TheLaw to * with access level 501
[16:35:53] -X- Information about: Laris (1084314)
[16:35:53] -X- Currently logged on via:
[16:35:53] -X-? ?Laris-!Laris@Laris.cjb.net
[16:35:53] -X- Language: 8
[16:35:53] -X- INVISIBLE is On
[16:35:53] -X- LAST SEEN: 0 days, 23:02:12 ago.
[16:35:53] -X- EMail: larishk@from.ro
[16:35:53] -X- Last Hostmask: Laris-!Laris@Laris.cjb.net
[16:35:53] -X- Max Logins: 1
[16:35:53] -X- Channels: #USB (499), #Falticeni (499), #gura-humorului (100)
[16:35:57] -X- Information about: TheLaw (618167)
[16:35:57] -X- Currently logged on via:
[16:35:57] -X-? ?Laris_!Laris@TheLaw.users.undernet.org
[16:35:57] -X- Language: 1
[16:35:57] -X- INVISIBLE is On
[16:35:57] -X- LAST SEEN: 0 days, 00:01:33 ago.
[16:35:57] -X- EMail: thelaw@blowitup.com
[16:35:57] -X- Last Hostmask: Larismp3!Laris@194.116.140.39
[16:35:57] -X- Max Logins: 1
[16:35:57] -X- Channels: * (501)
[16:35:57] -X- Information about: IceKid (494337)
[16:35:57] -X- Currently logged on via:
[16:35:57] -X-? ?IceKid!~IceKid@IceKid.users.undernet.org
[16:35:57] -X- Language: 1
[16:35:57] -X- INVISIBLE is On
[16:35:57] -X- LAST SEEN: 0 days, 01:31:43 ago.
[16:35:57] -X- Account was unsuspended 228 days, 22:23:22 ago (By caitlen)
[16:35:57] -X- EMail: icekid@globalpinoy.com
[16:35:57] -X- Last Hostmask: IceKid!~IceKid@ACB21692.ipt.aol.com
[16:35:57] -X- Max Logins: 1
[16:35:57] -X- Channels: * (599), #curious? (500), #pascani (498), #Radiolive (450), #mirclord (400), #DjK8oard (100)
[16:38:08] -X- Added user Gemenii to * with access level 501
[16:40:07] -X- fLLuFFy!crazyone@nakedsanta.users.undernet.org is logged in as nakedsanta
[16:41:06] -X- Added user toolz to * with access level 100
[16:41:45] -X- Invalid option.
[16:41:57] -X- Added user wark to * with access level 100
[16:42:18] -X- Added user 0Laris to * with access level 501
[16:42:39] -X- Added user nnew to * with access level 501
[16:43:40] -X- Information about: IceKid (494337)
[16:43:41] -X- Currently logged on via:
[16:43:41] -X-? ?IceKid!~IceKid@IceKid.users.undernet.org
[16:43:41] -X- Language: 1
[16:43:41] -X- INVISIBLE is On
[16:43:41] -X- LAST SEEN: 0 days, 01:39:28 ago.
[16:43:41] -X- EMail: icekid@globalpinoy.com
[16:43:41] -X- Last Hostmask: IceKid!~IceKid@ACB21692.ipt.aol.com
[16:43:41] -X- Max Logins: 1
[16:43:41] -X- Channels: #curious? (500), #pascani (498), #Radiolive (450), #mirclord (400), #DjK8oard (100)
[16:45:15] -X- Information about: IceKid (494337)
[16:45:15] -X- Currently logged on via:
[16:45:15] -X-? ?IceKid!~IceKid@IceKid.users.undernet.org
[16:45:15] -X- Language: 1
[16:45:15] -X- INVISIBLE is On
[16:45:15] -X- LAST SEEN: 0 days, 01:41:03 ago.
[16:45:15] -X- ** This account has been suspended **
[16:45:15] -X- EMail: icekid@globalpinoy.com
[16:45:15] -X- Last Hostmask: IceKid!~IceKid@ACB21692.ipt.aol.com
[16:45:15] -X- Max Logins: 1
[16:45:15] -X- Channels: * (500), #curious? (500), #pascani (498), #Radiolive (450), #mirclord (400), #DjK8oard (100)
[16:45:46] -X- Sorry, you have insufficient access to perform that command
[16:47:00] -X- Information about: IceKid (494337)
[16:47:00] -X- Currently logged on via:
[16:47:00] -X-? ?IceKid!~IceKid@IceKid.users.undernet.org
[16:47:00] -X- Language: 1
[16:47:00] -X- INVISIBLE is On
[16:47:00] -X- LAST SEEN: 0 days, 01:42:47 ago.
[16:47:00] -X- ** This account has been suspended **
[16:47:00] -X- EMail: icekid@globalpinoy.com
[16:47:00] -X- Last Hostmask: IceKid!~IceKid@ACB21692.ipt.aol.com
[16:47:00] -X- Max Logins: 1
[16:47:00] -X- Channels: #curious? (500), #pascani (498), #Radiolive (450), #mirclord (400), #DjK8oard (100)
[16:47:50] -X- Your account has been suspended.
[16:47:50] -X- Sorry, you have insufficient access to perform that command
[16:48:26] -X- Information about: IceKid (494337)
[16:48:26] -X- Currently logged on via:
[16:48:26] -X-? ?IceKid!~IceKid@IceKid.users.undernet.org
[16:48:26] -X- Language: 1
[16:48:26] -X- INVISIBLE is On
[16:48:26] -X- LAST SEEN: 0 days, 01:44:13 ago.
[16:48:26] -X- ** This account has been suspended **
[16:48:26] -X- EMail: icekid@globalpinoy.com
[16:48:26] -X- Last Hostmask: IceKid!~IceKid@ACB21692.ipt.aol.com
[16:48:26] -X- Max Logins: 1
[16:48:26] -X- Channels: #curious? (500), #pascani (498), #Radiolive (450), #mirclord (400), #DjK8oard (100)
[16:48:46] -X- Your account has been suspended.
[16:48:46] -X- Sorry, you have insufficient access to perform that command
[16:49:12] -X- Information about: IceKid (494337)
[16:49:12] -X- Currently logged on via:
[16:49:12] -X-? ?IceKid!~IceKid@IceKid.users.undernet.org
[16:49:12] -X- Language: 1
[16:49:12] -X- INVISIBLE is On
[16:49:12] -X- LAST SEEN: 0 days, 01:44:58 ago.
[16:49:12] -X- ** This account has been suspended **
[16:49:12] -X- EMail: icekid@globalpinoy.com
[16:49:12] -X- Last Hostmask: IceKid!~IceKid@ACB21692.ipt.aol.com
[16:49:12] -X- Max Logins: 1
[16:49:12] -X- Channels: #curious? (500), #pascani (498), #Radiolive (450), #mirclord (400), #DjK8oard (100)
[16:50:25] -X- SYNTAX: UNSUSPEND <#channel>
[16:51:25] -X- Information about: IceKid (494337)
[16:51:25] -X- Currently logged on via:
[16:51:25] -X-? ?IceKid!~IceKid@IceKid.users.undernet.org
[16:51:25] -X- Language: 1
[16:51:25] -X- INVISIBLE is On
[16:51:25] -X- LAST SEEN: 0 days, 01:47:12 ago.
[16:51:25] -X- ** This account has been suspended **
[16:51:25] -X- EMail: icekid@globalpinoy.com
[16:51:25] -X- Last Hostmask: IceKid!~IceKid@ACB21692.ipt.aol.com
[16:51:25] -X- Max Logins: 1
[16:51:25] -X- Channels: * (500), #curious? (500), #pascani (498), #Radiolive (450), #mirclord (400), #DjK8oard (100)
[16:59:54] * Quits: @X (cservice@undernet.org) (*.net *.split)
|
As you can see, here are the first 15 users with global access. Also, you can look here for more info:
http://www.lariscjb.go.ro/takeuri.txt
And, CService was hacked before, in 2004, by the same guy:
http://www.services-exposed.co.nr
http://cserv.xhost.ro
Enjoy. 
|
|
| Back to top |
|
|
Asmo
Site Admin
Joined: 26 Oct 2004
Posts: 675
Location: Undernet
|
|
Posted: Mon Nov 14, 2005 3:54 pm?? ?Post subject:
|
|
|
I have no knowledge of any 'hack', and I generally need way more proof then a small snippet from a log to believe anything. Simply being tricked too often by certain type of people I guess.
But even IF this is true, I still stick to what I said before: you are just trying to stir things up rather then try and get your problem fixed. Kicking any legs in the meantime wont do anything else then putting a certain stamp on your forehead.
And thats all I have to say about it :)
_________________
Asmo
webmaster www.IRC-Junkie.org
|
|
| Back to top |
|
|
dood
Joined: 06 Oct 2005
Posts: 7
|
|
Posted: Mon Nov 14, 2005 4:34 pm?? ?Post subject: Alleged UnderNet Hacks
|
|
|
My confidence in UnderNet doesn't waver; I still regard it as one of the best IRC networks in operation.
Admitedly, the network splits are particularly frequent, incovenient and even frustrating.
|
|
| Back to top |
|
|
Asmo
Site Admin
Joined: 26 Oct 2004
Posts: 675
Location: Undernet
|
|
Posted: Mon Nov 14, 2005 4:52 pm?? ?Post subject:
|
|
|
Splits are a pain in the ass indeed :\
From time to time there are waves of splits that have several sources that cause them. Unfortunally, it is not always in your own hands to solve the issue and you need to wait from actions form others in order to fix the situation.
Ofcourse there are always ways you can help minimize the problems from splits. If a certain server is for example attacked, then simply dont use it. After a few splits you know you better go connect to another server ;)
Also, you would be suprised to see how users choose servers. EU users using US servers and vice versa even. There is a lot of choice of EU servers that are geographically close to you, so all users from a local channel (like many channels are...) could all agree and use a single server and thus minimize the effects.
It *is* still a service held up by volunteers on hardware and connections that are donated by companies. That should also not be forgotten.
But I agree, splits are a PITA and users shouldn't be too bothered about it. Maybe you find it pleasing to hear that server administration (opers) are just as annoyed to be interupted by splits as you ! ;)
_________________
Asmo
webmaster www.IRC-Junkie.org
|
|
| Back to top |
|
|
ShelLuser
Joined: 02 Apr 2005
Posts: 38
Location: Amersfoort, Holland
|
|
Posted: Mon Nov 14, 2005 6:02 pm?? ?Post subject:
|
|
|
| Asmo wrote: |
Ofcourse there are always ways you can help minimize the problems from splits. If a certain server is for example attacked, then simply dont use it. After a few splits you know you better go connect to another server 
|
But how can we do that ?
Its not possible these days to see an overview of Undernet servers. The /map command is the only command for that as far as I know and has been disabled. The website to which the response of the /map command points doesn't work. Then you have the /stats command (c, h and l come to my mind) but those are not available to common users.
When a server splits all we see is *.net & *.split thus making it impossible for us to determine where the problem might be located. Granted, the moment you're left with only 10 people in a channel which normally houses over one hundred it is a safe bet that you're on a splitted server. But unfortunatly it doesn't allways work this way. 
I'd be happy to do my share, but I don't see how I can in this case.
_________________
With kind regards, Peter
NekoNet
www.neko-net.org / irc.neko-net.org
|
|
| Back to top |
|
|
slk
Joined: 14 Nov 2005
Posts: 3
|
|
Posted: Mon Nov 14, 2005 7:01 pm?? ?Post subject:
|
|
|
well...that guy didnt actually 'hack' X...he tricked an ISP to give him the password from a 750 cservice admin email account...
Then he added, along with his friends almost 4000 global accesses(to X).
And Asmo...dont pretend that you dont know this.
|
|
| Back to top |
|
|
Asmo
Site Admin
Joined: 26 Oct 2004
Posts: 675
Location: Undernet
|
|
Posted: Tue Nov 15, 2005 3:48 pm?? ?Post subject:
|
|
|
OK I was able to ask around a bit and find out what really happened and am able to post a news item about it, as you mightve seen already. I hope that also solves some of the cowboy & indian stories going around right now :)
PS, afaik levels only go up to 1000, so 4k is impossible, and 1000 is only reserved for a very selected few who really need to have that kind of access. And I can asure you no level 1k account was hacked either ;)
_________________
Asmo
webmaster www.IRC-Junkie.org
|
|
| Back to top |
|
|
slk
Joined: 14 Nov 2005
Posts: 3
|
|
Posted: Tue Nov 15, 2005 4:07 pm?? ?Post subject:
|
|
|
yep...my mistake.
I wanted to tell that over 4000 users were added to X with global access.
Where do you think they got this:
Also, you're an oper on Undernet, so you can see global accesses to X. You know this is true.
admin edit: I would appreciate it if you guys leave personal information out of the public. It is really not necessary to affect people like that.
|
|
| Back to top |
|
|
Asmo
Site Admin
Joined: 26 Oct 2004
Posts: 675
Location: Undernet
|
|
Posted: Tue Nov 15, 2005 4:18 pm?? ?Post subject:
|
|
|
Well I was able to post about it now, and I dont see anything new I should comment on in your post. Hope you appreciate my efforts in informing you, and the rest of the IRC community now of what really happened. I hope the ISP in question learned form it as well, although I'm sure we'll hear again form some company thats being tricked into releasing some information someday ...
_________________
Asmo
webmaster www.IRC-Junkie.org
|
|
| Back to top |
|
|
romiir
Joined: 17 Feb 2005
Posts: 12
Location: P2PChat & Freenode
|
|
Posted: Fri Dec 30, 2005 5:08 am?? ?Post subject: Bashing Undernet dosen't work on IRC-Junkie..
|
|
|
This isn't the best place to bash undernet in any way shape or form, I made an innocent comment once about undernet services and asmo jumped down my throat, (which made me pretty inactive around here lol) just give it up guys, post it in a place which isn't bias 
My 2 cents,
Romiir
P.S. I don't care/know if they were hacked or not and as little of a problem this has been for them, it seems the services they have are coded pretty well, I mean.. Look at microsofts track record.. lmao
|
|
| Back to top |
|
|
Asmo
Site Admin
Joined: 26 Oct 2004
Posts: 675
Location: Undernet
|
|
Posted: Fri Dec 30, 2005 10:07 am?? ?Post subject: Re: Bashing Undernet dosen't work on IRC-Junkie..
|
|
|
| romiir wrote: |
| This isn't the best place to bash undernet in any way shape or form, |
No indeed, if you have compalints towards undernet, try www.undernet.org :)
And thanks for passing through :)
_________________
Asmo
webmaster www.IRC-Junkie.org
|
|
| Back to top |
|
|
|
|
?
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB ? 2001, 2002 phpBB Group
Cingular Ringtones | Hotels in Frankfurt | Tatoos | Chihuahua | Ordenadores de sobremesa
|
???
