Page 1 of 1 site security breach?

Unread postPosted: Sun 12 Apr 2015, 13:59:32
by Plantagenet
A poster named "MSN Fanboy" who mainly posts on the "news" page is claiming he has accessed the email addresses that posters used when they registered here at MSN Fanboy also claims he can trace the IP address that people are using when they make posts here. Here's what MSN Fanboy just posted in the "Free fall in oil prices could fuel recession" thread on the news page:

MSN Fanboy on Sun, 12th Apr 2015 11:43 am

Well, that’s interesting…
I pinged of Nonys email address thinking it was xxx Plantxx posting under different names and I got Marmico.
xxx Plant, you don’t need to give me your email address now xxxx ;)
Good thing that Email Address (required) is there LOL

Has MSN Fanboy actually breached security at this site and gained access to the email addresses that people used to register here? Can MSN Fanboy actually get other poster's IP addresses when they post at this site?

PS---Thanks mods for maintaining as such a great site.

Re: site security breach?

Unread postPosted: Sun 12 Apr 2015, 21:41:57
by Plantagenet
More on the possible breach----in this post the troll explains how he has hacked the site and claims he can now log in with ADMIN status.

MSN Fanboy on Sun, 12th Apr 2015 12:37 pm

... nothing is private on the internet. ESPECIALLY ON A WORD PRESS COMMENTS BOARD. Every comments ip is tracked via its email link.

....I use a burner email address lol, even so any of you can find my ip address in any comment I make.Unless I reroute through Tor of p2p.
The trick is to have ADMIN status to check accounts, AS THE ADMIN IS THE ONLY ONE WHO CAN SEE EMAIL ADDRESSES.
The next part requires knowledge of HTML and the servers on which this site is based, which again I can ping on the command line to match the servers.
Then I cant tell you the rest (Some call it hacking)
Ill give you a hint, go on view in the toolbar of your browser and click source.
Lets just say that HTML can be temporarily changed if you have the right cracking software.
For example, I can temporarily become ADMIN in an open browser.
But again as I said from the start, nothing is private on the internet.

Re: site security breach?

Unread postPosted: Sun 12 Apr 2015, 21:58:22
by Lore
This is crazy, insane! They're coming for you soon Plant! Get out while you still can!

Re: site security breach?

Unread postPosted: Mon 13 Apr 2015, 11:54:33
by Plantagenet
Lore--- Its common sense to not want trolls hacking into the system here. A hacker could do some real damage to this site, and he could start harassing people via their home emails, or he could post people's personal info here or elsewhere so others could harass them.

Here's the latest from MSN Fanboy

MSN Fanboy on Mon, 13th Apr 2015 7:26 am

davep :P
I said I was traceable lol ive got nothing to hide :D
Im not a hacker, its cracking, for funnsies.
Please send a packet my way, ping pong… you see me… I see you.
Ill make it easy: 19 Windsor drive, solihull b92 8hs England.

Re: site security breach?

Unread postPosted: Mon 13 Apr 2015, 12:08:17
by Plantagenet
Now MSN Fanboy is threatening to crash the site ....

MSN Fanboy on Mon, 13th Apr 2015 7:28 am

Tempted to launch my botnet eDos army…

I'm not a computer guy, but a "botnet army" is a group of computers that have been taken over by a hacker, and eDOS means Denial Of Service----i.e. MSN Fanboy is claiming he can have his zombie computers log in hundreds of times per second or something like that to clog up the system here so people can't access this site.

Its a simple method hackers use to shut down websites.

Re: site security breach?

Unread postPosted: Mon 13 Apr 2015, 16:52:04
by dolanbaker
This site is hosted in a cloud based system, so should be quite resilient to such attacks, DDOS attacks happen daily on multiple sites globally. The worst it would do would be to slow down access to users.

Re: site security breach?

Unread postPosted: Mon 13 Apr 2015, 18:47:42
by Plantagenet
I think DaveP (and perhaps the mods) have now addressed this issue. Dave P has now made a post in the same thread on the "news" page:

davep on Mon, 13th Apr 2015 4:41 am

MSN Fanboy is a troll, not a hacker. He didn’t use TOR (he used a UK Orange IP address to sign up) or a disposable email (he used a UK ISP email for that too), and the IP addresses used to post from the two users he claimed were the same were different. In fact one was IPv4 and the other was IPv6. Pretty hard to confuse them, really.
WordPress is insecure, but MSN Fanboy is just a keyboard warrior. He’s easily traceable from his trail here.

I couldn't tell if MSNFanboy's claim that he had hacked this site was valid -- and then he threatened to shut down this site. That kind of thing is above my pay grade.

Thanks DaveP.