geekhack hacked again!?

[ripster]

Are you sure it's the name they want? I mean Geekhack.org? Why not Nerdhack.org?

Maybe McAfee put one of the Anon crew in jail and it's retaliation?

I would rename it RipsterGuides.org myself.

Meanwhile I have a feeling GH won't be attracting new users from OCN any more...

url="/t/1247033/geek-hack/30#post_17587982

OK People pay attention. The site has been infected since AT LEAST MID APRIL. Why keep going back? If its infected don't go there anymore.

[itlnstln]

itlnstln missed his cue.

Sorry, trying to start the process of buying a house. We found a place in Southtown we like that is going for dirt cheap. It was built in 1910, so I hope the inspection goes well. Our area of Texas is notorious for foundation problems with dry, rocky soil...

[Input Nirvana]

itlnstln missed his cue.

Sorry, trying to start the process of buying a house. We found a place in Southtown we like that is going for dirt cheap. It was built in 1910, so I hope the inspection goes well. Our area of Texas is notorious for foundation problems with dry, rocky soil...

DON'T DO IT!!! Save yourself !!!! I'm out of the real estate game ($240k loss).

Invest in keyboards.

[net2522]

I'm pretty sure Geekhack.org not event on there list. It should be something else....

[itlnstln]

itlnstln missed his cue.

Sorry, trying to start the process of buying a house. We found a place in Southtown we like that is going for dirt cheap. It was built in 1910, so I hope the inspection goes well. Our area of Texas is notorious for foundation problems with dry, rocky soil...

DON'T DO IT!!! Save yourself !!!! I'm out of the real estate game ($240k loss).

Invest in keyboards.

Our market is a little different. Home prices are rising here (and I'm buying at a low point - I've been learning from a book ripster recommended to me). That said, this is a long term investment .

Don't worry, I've been burned on real estate before. I know a lot more than I did then. If it inspects well, I'll be living there for a long time.

[net2522]

itlnstln missed his cue.

Sorry, trying to start the process of buying a house. We found a place in Southtown we like that is going for dirt cheap. It was built in 1910, so I hope the inspection goes well. Our area of Texas is notorious for foundation problems with dry, rocky soil...

DON'T DO IT!!! Save yourself !!!! I'm out of the real estate game ($240k loss).

Invest in keyboards.

^loss more than ever

[Input Nirvana]

Sorry, trying to start the process of buying a house. We found a place in Southtown we like that is going for dirt cheap. It was built in 1910, so I hope the inspection goes well. Our area of Texas is notorious for foundation problems with dry, rocky soil...

DON'T DO IT!!! Save yourself !!!! I'm out of the real estate game ($240k loss).

Invest in keyboards.

^loss more than ever

Dunno, as Webwit said, my Datahand was an appreciating asset. I just sold it 2 months ago when the trauma hit. So maybe that's not a good example

[domoaligato]

the domain is not expired. the web server was hacked.

geekhack is hosted by someone at http://uhhh.org/

Code: Select all

Host trace to
geekhack.org
14 hops / 2.5 seconds
 
1. dreamhost.com
2. dreamhost.com
3. cogentco.com
4. cogentco.com
5. cogentco.com
6. cogentco.com
7. cogentco.com
8. cogentco.com
9. cogentco.com
10. cogentco.com
11. 38.104.214.178
12. fibertech.com
13. lldc.net
14. uhhh.org

RUNT - access by invitation only


RUNT is a Linux system which provides mail, web, and chat services...at no cost to its users. RUNT has been operational since the summer of 1998.
Currently, RUNT resides on a quad-core, 2.4GHz CPU system with 8GB of ram and a hardware RAID1 configuration; providing 1TB of mirrored storage. Shell access is available via ssh. At any given time, RUNT hosts a dozen or so domains...none of which are for profit.

Access is free, but restricted to those people we know, or who have people we know personally vouch for them. Users are expected to behave themselves and to refrain from illegal activity. We reserve the right to revoke access at any time, without any warning, and without any explanation (although, we have yet to exercise that right).

Over the past decade, we have maintained phenominal uptime and have never experienced data loss due to hardware or OS failure. However, we do not provide any availability guarantees...nor do we backup ANY of your data! Additionally, if we host domains for you, you are responsible for your own DNS management. (we will not provide DNS services for you)

Rack space, connectivity, and power for RUNT is provided by Lifeline Data Centers.

Email spam filtering and anti-virus services are provided by a McAfee Email Gateway appliance.

Perimeter security services are provided by a McAfee Enterprise Firewall appliance.

maybe I should find out if they are hiring at http://uhhh.org/
looks like they are in need of some security engineers.

[Input Nirvana]

Hey, I could earn some extra bucks and get some exercise pounding some hackers into mush.

Gimme an address.

[TexasFlood]

geekhack is hosted by someone at http://uhhh.org/
RUNT - access by invitation only

RUNT is a Linux system which provides mail, web, and chat services...at no cost to its users. RUNT has been operational since the summer of 1998.
...
Email spam filtering and anti-virus services are provided by a McAfee Email Gateway appliance.

Perimeter security services are provided by a McAfee Enterprise Firewall appliance.

maybe I should find out if they are hiring at http://uhhh.org/
looks like they are in need of some security engineers.

Security, hmmm, security, where would one find a security engineer?

[domoaligato]

iMav is a "Security Engineer"? lol
I am sorry I am having fun with this now.


runt-3.uhhh.org [65.111.241.205]

whois for UHHH.org

go whois uhhh.org yourself

[domoaligato]

when I was banned from geekhack after my first and only post after being a lurker(name removed do whois geekhack.org) is the email reply I got after emailing imav (me@imav.org) to get unbanned.

nevermind going to imav.org takes me to his blogger page
(link removed do a whois and google his name. I am not trying to harm the guy.)
Occupation:IT Security

I hope he is better at his day job!

Code: Select all

R00TW0RM

Expiration Date: 2012-08-18 00:47:23

[ripster]

Now be nice.

Just because you were banned is not a reason to make fun of iMav working for McAfee/Intel.

[domoaligato]

see below. oops doublepost

[Input Nirvana]

when I was banned from geekhack after my first and only post after being a lurker Larry Herzog Jr. herzog@uhhh.org is the email reply I got after emailing imav (me@imav.org) to get unbanned.

nevermind going to imav.org takes me to his blogger page
http://www.blogger.com/profile/08839045434629913188
Occupation:IT Security

I hope he is better at his day job!

Code: Select all

R00TW0RM

Expiration Date: 2012-08-18 00:47:23

Funny stuff.

[ripster]

IIRC you were banned for being in the Lego thread.

lol.

[TexasFlood]

Risky to like lego over there it seems...

[domoaligato]

I was unbanned from geekhack.
Yes I am laughing because I used to do hosting support. I do not miss it at all.

And he is a Sales Engineer @ mcafee. (link removed. not trying to be harmful)
I do not care if he is the leading blackhat at mcafee.
He has been hacked.... again, and again, and again.

[GH1391401]

sales engineer is typically not a technical role but the situation is somewhat ironic

[TexasFlood]

Depends sometimes pre-sales guys have to be very good, capable of flying in to a customer site and proving a product by themselves with maybe some remote support. So I guess my point is that one can't assume too much from a title.

[didja]

sales engineer is typically not a technical role but the situation is somewhat ironic

On the contrary, sales engineers are often the best technical people a company has... that are capable of talking to people.
I've bought countless things where we wished we could keep working with the sales engineers once we purchased it but you get moved to a support team/professional services to get the install done and to get trained.

Domo, I would consider editing your post. Regardless of what you think of Geekhack and Imav, you shouldn't post people's real names or personal information even if it is publicly available elsewhere. That's bad form.

[Input Nirvana]

iMavs info isn't a closely guarded secret...I don't think. For some reason I've had that info and I wasn't looking for it...so I don't think who posted it was being malicious.....I don't think.

[Input Nirvana]

An interesting point through all of this.....all the info on GH is vulnerable....and isn't adequately protected. There should be a community effort to put the info into another location for safety. Are you following my thought train on this? Is there a way for this to happen? I have no idea of the mechanics or what's involved or whatever.

Just slap me if I'm being stupid.

Of course...that action carries risks....

[metafour]

I never said the domain was expired. I said if it expires the registrar usually locks it down for a 30 day period to prevent customers losing their domain because they forgot to renew.

The info that domoaligato found regarding iMav's occupation is very interesting. I'm constantly amazed at the response to the security breaches on geekhack and this just adds more disappointment. I'm sorry but as I said before, as soon as you know a site you are responsible for has been exploited, especially where there is even the hint of malware being spread to visitors, you should take it down ASAP.

[net2522]

Did anyone have been infected yet?

[thegunner100]

Oh the irony...

[riffraff]

His info is publicly listed in the geekhack.org domain registration. Also, that info is a bit outdated from the hardware specs listed.

On a side note, mcafee/intel/iMav didn't write the vBulletin software. Geekhack appears to have been hit with a new vuln that affects the vBulletin 4.x software or some add on. From what I hear the site is current on security updates, but I was reading about a new vuln affecting the forum "activity stream" that was announced about a week ago. I'd be interested to hear what happened and see if a CVE is ever released on this.

I wish iMav the best.

[riffraff]

An interesting point through all of this.....all the info on GH is vulnerable....and isn't adequately protected. There should be a community effort to put the info into another location for safety. Are you following my thought train on this? Is there a way for this to happen? I have no idea of the mechanics or what's involved or whatever.

Just slap me if I'm being stupid.

Of course...that action carries risks....

I agree, my fear with site rollbacks is lost content. I'm not sure what the best methods are though for online vBulletin forums.

[didja]

Rollback assistance is available.

[mkawa]

yes, we got hit by at least one 0-day vuln in vB 4.2. we don't know if it will ever be patched and after the complete lack of response from the vB developers we don't particularly care. the attackers want our domain, but we will not be giving them the satisfaction.

we have been regrouping and will be re-architecting geekhack to be even more secure (ie, not vB based), stable and robust. we'll update folks as often as we can as we get things back online.

finally, for those doubting, gh did _not_ go down easily, despite the utter garbage that is vBulletin 4. i have no doubt that the attackers will not be disturbing us again, now that we have a chance to redesign gh properly for scale.