Donate Bitcoin

Donate Paypal


PeakOil is You

PeakOil is You

PeakOil.com site security breach?

Having trouble? Is the forum having trouble?

Moderator: admin

PeakOil.com site security breach?

Unread postby Plantagenet » Sun 12 Apr 2015, 13:59:32

A poster named "MSN Fanboy" who mainly posts on the "news" page is claiming he has accessed the email addresses that posters used when they registered here at PeakOil.com. MSN Fanboy also claims he can trace the IP address that people are using when they make posts here. Here's what MSN Fanboy just posted in the "Free fall in oil prices could fuel recession" thread on the news page:


MSN Fanboy on Sun, 12th Apr 2015 11:43 am

Well, that’s interesting…
I pinged of Nonys email address thinking it was xxx Plantxx posting under different names and I got Marmico.
MARMICO & NONY HAVE THE SAME IP ADDRESS…
ALMOST AS IF THE COMMENTS ARE COMING FROM THE SAME PERSON.
xxx Plant, you don’t need to give me your email address now xxxx ;)
Good thing that Email Address (required) is there LOL

-----------------------------------------------------------------------
So.....
Has MSN Fanboy actually breached security at this site and gained access to the email addresses that people used to register here? Can MSN Fanboy actually get other poster's IP addresses when they post at this site?

PS---Thanks mods for maintaining PeakOil.com as such a great site.
User avatar
Plantagenet
Expert
Expert
 
Posts: 26616
Joined: Mon 09 Apr 2007, 03:00:00
Location: Alaska (its much bigger than Texas).

Re: PeakOil.com site security breach?

Unread postby Plantagenet » Sun 12 Apr 2015, 21:41:57

More on the possible breach----in this post the troll explains how he has hacked the PeakOil.com site and claims he can now log in with ADMIN status.

MSN Fanboy on Sun, 12th Apr 2015 12:37 pm

... nothing is private on the internet. ESPECIALLY ON A WORD PRESS COMMENTS BOARD. Every comments ip is tracked via its email link.

....I use a burner email address lol, even so any of you can find my ip address in any comment I make.Unless I reroute through Tor of p2p.
The trick is to have ADMIN status to check accounts, AS THE ADMIN IS THE ONLY ONE WHO CAN SEE EMAIL ADDRESSES.
The next part requires knowledge of HTML and the servers on which this site is based, which again I can ping on the command line to match the servers.
Then I cant tell you the rest (Some call it hacking)
Ill give you a hint, go on view in the toolbar of your browser and click source.
Lets just say that HTML can be temporarily changed if you have the right cracking software.
For example, I can temporarily become ADMIN in an open browser.
But again as I said from the start, nothing is private on the internet.
User avatar
Plantagenet
Expert
Expert
 
Posts: 26616
Joined: Mon 09 Apr 2007, 03:00:00
Location: Alaska (its much bigger than Texas).

Re: PeakOil.com site security breach?

Unread postby Lore » Sun 12 Apr 2015, 21:58:22

This is crazy, insane! They're coming for you soon Plant! Get out while you still can!
The things that will destroy America are prosperity-at-any-price, peace-at-any-price, safety-first instead of duty-first, the love of soft living, and the get-rich-quick theory of life.
... Theodore Roosevelt
User avatar
Lore
Fission
Fission
 
Posts: 9021
Joined: Fri 26 Aug 2005, 03:00:00
Location: Fear Of A Blank Planet

Re: PeakOil.com site security breach?

Unread postby Plantagenet » Mon 13 Apr 2015, 11:54:33

Lore--- Its common sense to not want trolls hacking into the system here. A hacker could do some real damage to this site, and he could start harassing people via their home emails, or he could post people's personal info here or elsewhere so others could harass them.

Here's the latest from MSN Fanboy

MSN Fanboy on Mon, 13th Apr 2015 7:26 am

davep :P
I said I was traceable lol ive got nothing to hide :D
Im not a hacker, its cracking, for funnsies.
Please send a packet my way, ping pong… you see me… I see you.
Ill make it easy: 19 Windsor drive, solihull b92 8hs England.
User avatar
Plantagenet
Expert
Expert
 
Posts: 26616
Joined: Mon 09 Apr 2007, 03:00:00
Location: Alaska (its much bigger than Texas).

Re: PeakOil.com site security breach?

Unread postby Plantagenet » Mon 13 Apr 2015, 12:08:17

Now MSN Fanboy is threatening to crash the PeakOil.com site ....

MSN Fanboy on Mon, 13th Apr 2015 7:28 am

Tempted to launch my botnet eDos army…


-------------------------------
I'm not a computer guy, but a "botnet army" is a group of computers that have been taken over by a hacker, and eDOS means Denial Of Service----i.e. MSN Fanboy is claiming he can have his zombie computers log in hundreds of times per second or something like that to clog up the system here so people can't access this site.

Its a simple method hackers use to shut down websites.
User avatar
Plantagenet
Expert
Expert
 
Posts: 26616
Joined: Mon 09 Apr 2007, 03:00:00
Location: Alaska (its much bigger than Texas).

Re: PeakOil.com site security breach?

Unread postby dolanbaker » Mon 13 Apr 2015, 16:52:04

This site is hosted in a cloud based system, so should be quite resilient to such attacks, DDOS attacks happen daily on multiple sites globally. The worst it would do would be to slow down access to users.
Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.:Anonymous
Our whole economy is based on planned obsolescence.
Hungrymoggy "I am now predicting that Europe will NUKE ITSELF sometime in the first week of January"
User avatar
dolanbaker
Intermediate Crude
Intermediate Crude
 
Posts: 3855
Joined: Wed 14 Apr 2010, 10:38:47
Location: Éire

Re: PeakOil.com site security breach?

Unread postby Plantagenet » Mon 13 Apr 2015, 18:47:42

I think DaveP (and perhaps the mods) have now addressed this issue. Dave P has now made a post in the same thread on the "news" page:

davep on Mon, 13th Apr 2015 4:41 am

MSN Fanboy is a troll, not a hacker. He didn’t use TOR (he used a UK Orange IP address to sign up) or a disposable email (he used a UK ISP email for that too), and the IP addresses used to post from the two users he claimed were the same were different. In fact one was IPv4 and the other was IPv6. Pretty hard to confuse them, really.
WordPress is insecure, but MSN Fanboy is just a keyboard warrior. He’s easily traceable from his trail here.

------------------------------------------------------------------------------------
I couldn't tell if MSNFanboy's claim that he had hacked this site was valid -- and then he threatened to shut down this site. That kind of thing is above my pay grade.

Thanks DaveP.
User avatar
Plantagenet
Expert
Expert
 
Posts: 26616
Joined: Mon 09 Apr 2007, 03:00:00
Location: Alaska (its much bigger than Texas).


Return to Technical Support

Who is online

Users browsing this forum: No registered users and 56 guests

cron