Second Life Forums Archive - SLX Hacked?

Chrischun Fassbinder

k-rad!

Join date: 19 Feb 2005

Posts: 154

03-15-2006 02:04

Ugh, lots of pages on slexchange.com have been blanked and and tagged with...

-]¦ † ¦[- Owned By Blade -]¦ † ¦[-

Edit: Still going on right now it seems as more pages keep coming up tagged that weren't a minute ago.

Anyone able to get ahold of any SLX staff?

Martin Magpie

Catherine Cotton

Join date: 13 Nov 2004

Posts: 1,826

03-15-2006 02:13

oh snap your right! Yikes. They must of pissed off someone.

_____________________

Laukosargas Svarog

Angel ?

Join date: 18 Aug 2004

Posts: 1,304

03-15-2006 02:17

Certainly looks like it. I've taken my SLex vendors offline until it's sorted.

_____________________

Geometry is music frozen...

Weedy Herbst

Too many parameters

Join date: 5 Aug 2004

Posts: 2,255

03-15-2006 02:20

Looks like the home page for sure, the other pages seem ok though.

_____________________

Moopf Murray

Moopfmerising

Join date: 7 Jan 2004

Posts: 2,448

03-15-2006 02:23

Oh dear, that's really not good at all. I'd suggest everybody take their boxes offline and empty their balances if possible at SLX.

_____________________

Chrischun Fassbinder

k-rad!

Join date: 19 Feb 2005

Posts: 154

03-15-2006 02:25

I tried calling Apotheus but no answer. He's in the EST zone so hopefully he get's up soon. Didn't see any staff inworld but dropped IMs. Beyond that I don't know what else to try to get someone alerted before this hax0r starts really trashing things.

Weedy Herbst

Too many parameters

Join date: 5 Aug 2004

Posts: 2,255

03-15-2006 02:30

It's offline now.

_____________________

Lynnix Muse

Registered User

Join date: 26 Dec 2002

Posts: 156

03-15-2006 02:33

eek. I whent to check my balance and saw the -]¦ † ¦[- Owned By Blade -]¦ † ¦[-, knew right away sle musta been hacked. Really not wanting to take my vendors because of how long it will take to set them back up. Please keep trying to call Apotheus, Chrischun. Hopefully its down now because Apotheus took it down.

Chrischun Fassbinder

k-rad!

Join date: 19 Feb 2005

Posts: 154

03-15-2006 02:35

From: Lynnix Muse

Hopefully its down now because Apotheus took it down.

Yup that's my guess (hope) as well.

Foolish Frost

Grand Technomancer

Join date: 7 Mar 2005

Posts: 1,433

03-15-2006 03:09

Note to all. A common trick is to get a file uploaded called index.html into the root server directory. It does not hurt the sever at all, but some servers will show a HTML file before a PHP file.

That's not to say it does not show a security flaw, but in most cases it's just some ass posting a web page over the top of the site. trying to load http://site/index.php will show you most days if this is the case.

Thank you, and back to your regular schedualed discussion.

_____________________

SLDrama.com: Join the drama that IS Second Life!

The Future of Second Life, thoughts and discussion!

My shop at SLExchange!

Moopf Murray

Moopfmerising

Join date: 7 Jan 2004

Posts: 2,448

03-15-2006 03:14

From: Foolish Frost

Note to all. A common trick is to get a file uploaded called index.html into the root server directory. It does not hurt the sever at all, but some servers will show a HTML file before a PHP file.

That's not to say it does not show a security flaw, but in most cases it's just some ass posting a web page over the top of the site. trying to load http://site/index.php will show you most days if this is the case.

Thank you, and back to your regular schedualed discussion.

I dont believe that was the case in this instance, due to the way the scribblings left by the hackers were appearing on multiple pages. This could be as simple as having been able to access the templates for the site, but once compromised in any way it's always safest to work from the assumption that it is completely compromised.

_____________________

Foolish Frost

Grand Technomancer

Join date: 7 Mar 2005

Posts: 1,433

03-15-2006 03:17

From: Moopf Murray

I dont believe that was the case in this instance, due to the way the scribblings left by the hackers were appearing on multiple pages. This could be as simple as having been able to access the templates for the site, but once compromised in any way it's always safest to work from the assumption that it is completely compromised.

No argument. Ever. At BEST, pages could have been uploaded and been redirected to for phishing scams. Had it happen to me a few weeks back on an older postnuke site. It's rebuilt now, mostly from the ground up. Problem with such hacks, is that the logs don't tell you HOW they got in in most cases.

Makes you just want to unplug the server when your not there to watch it. Annoying.

_____________________

SLDrama.com: Join the drama that IS Second Life!

The Future of Second Life, thoughts and discussion!

My shop at SLExchange!

Moopf Murray

Moopfmerising

Join date: 7 Jan 2004

Posts: 2,448

03-15-2006 03:21

From: Foolish Frost

No argument. Ever. At BEST, pages could have been uploaded and been redirected to for phishing scams. Had it happen to me a few weeks back on an older postnuke site. It's rebuilt now, mostly from the ground up. Problem with such hacks, is that the logs don't tell you HOW they got in in most cases.

Makes you just want to unplug the server when your not there to watch it. Annoying.

Yes, I agree completely. Often tracing these things can prove difficult and generally leaves you with a constant fear of it happening hanging over your head!

_____________________

splat1 Edison

Registerd Nut

Join date: 6 Sep 2004

Posts: 353

03-15-2006 03:53

My condolences to the slex team, I hope you are back on your feet soon.
(at time of writiing the slex website was offline)

_____________________

Splat Soft - We exsist in the RL to!
Gigas Bunny (Mule)
####
You see, our experts describe you as an appallingly dull fellow, unimaginative, timid, lacking in initiative, spineless, easily dominated, no sense of humour, tedious company and irrepressibly drab and awful. And whereas in most professions these would be considerable drawbacks, in chartered accountancy they are a positive boon.

MadamG Zagato

means business

Join date: 17 Sep 2005

Posts: 1,402

03-15-2006 04:11

Anyone get an email notice that a private message was waiting for them on SLExchange in the past few hours while or just before this happened? Just wondering if it has anything to do with this 'hack' or not.

So anxious to get in and see what the message says.

_____________________

Lasivian Leandros

Hopelessly Obsessed

Join date: 11 Jul 2005

Posts: 238

03-15-2006 05:04

Glad I pulled totally out of slexchange and went to slboutique. SL Exchange has big problems with both software and management, they don't care much about their users.

_____________________

From: someone

"SL is getting to be like a beat up old car with a faulty engine which keeps getting a nice fresh layer of paint added on, while the engine continues to be completely unreliable." - Kex Godel

Keiki Lemieux

I make HUDDLES

Join date: 8 Jul 2005

Posts: 1,490

03-15-2006 05:15

I hope they get this cleared up soon.

It's interesting though when threads pop up about slexchange that invariably we get slboutique fanboi posts. slboutique seems like a well run site, but something about it just doesn't connect with consumers like slexchange does. I do 20 times the business at slexchange that I do at slboutique. Unless slexchange really implodes, I don't see people giving up much higher sales and lowers comissions to move to another site.

_____________________

imakehuddles.com/wordpress/

Merwan Marker

Booring...

Join date: 28 Jan 2004

Posts: 4,706

03-15-2006 05:22

Well - was it or wasn't it?

_____________________

Don't Worry, Be Happy - Meher Baba

Introvert Petunia

over 2 billion posts

Join date: 11 Sep 2004

Posts: 2,065

03-15-2006 05:23

Well, if SLX intentionally shut down the site because of the hack, professionalism would seem to lead one to believe that they'd make an explanatory post here with whatever information they may have at present to quell Fear, Uncertainty, and Doubt, and to give merchants and depositors some indication of whether their deposits are safe.

However, I am not a Web -> SL vendor, so really am not in a position to suggest what they ought do.

Dyne Talamasca

Noneuclidean Love Polygon

Join date: 9 Oct 2005

Posts: 436

03-15-2006 05:26

I expect they'll post something when they get through picking up the pieces.

_____________________

Dyne Talamasca - I hate the word "bling".

Miscellany on MySLShop.com, SLB, and SLEx

Plonk

Lasivian Leandros

Hopelessly Obsessed

Join date: 11 Jul 2005

Posts: 238

03-15-2006 05:28

From: Keiki Lemieux

I hope they get this cleared up soon.

It's interesting though when threads pop up about slexchange that invariably we get slboutique fanboi posts. slboutique seems like a well run site, but something about it just doesn't connect with consumers like slexchange does. I do 20 times the business at slexchange that I do at slboutique. Unless slexchange really implodes, I don't see people giving up much higher sales and lowers comissions to move to another site.

I'm not terribly fond of either one, the both have issues. But let's imagine if slexchange doesn't come back up for weeks, people's money that was on the site is not available. a few weeks back I specificially requested a "direct to avatar" linden transfer and slexchange laughed at me.

So i'm laughing now.

_____________________

From: someone

"SL is getting to be like a beat up old car with a faulty engine which keeps getting a nice fresh layer of paint added on, while the engine continues to be completely unreliable." - Kex Godel

nimrod Yaffle

Cavemen are people too...

Join date: 15 Nov 2004

Posts: 3,146

03-15-2006 05:28

I swear I had nothing to do with this! >_>

_____________________

"People can cry much easier than they can change."
-James Baldwin

Introvert Petunia

over 2 billion posts

Join date: 11 Sep 2004

Posts: 2,065

03-15-2006 05:31

From: someone

I expect they'll post something when they get through picking up the pieces.

How long does it take to make a post? Answer: This one took me under thirty seconds, but it is short.

nimrod Yaffle

Cavemen are people too...

Join date: 15 Nov 2004

Posts: 3,146

03-15-2006 05:37

Has anyone gotten inworld to try to withdraw the amount they have?
Edit: They should have wrote "GOMed By Blade."

_____________________

"People can cry much easier than they can change."
-James Baldwin

Lasivian Leandros

Hopelessly Obsessed

Join date: 11 Jul 2005

Posts: 238

03-15-2006 05:44

From: nimrod Yaffle

Has anyone gotten inworld to try to withdraw the amount they have?
Edit: They should have wrote "GOMed By Blade."

They're dead Jim!

In-world terminals are not responding.

_____________________

From: someone

"SL is getting to be like a beat up old car with a faulty engine which keeps getting a nice fresh layer of paint added on, while the engine continues to be completely unreliable." - Kex Godel

SLX Hacked?
Chrischun Fassbinder k-rad! Join date: 19 Feb 2005 Posts: 154	03-15-2006 02:04 Ugh, lots of pages on slexchange.com have been blanked and and tagged with... -]¦ † ¦[- Owned By Blade -]¦ † ¦[- Edit: Still going on right now it seems as more pages keep coming up tagged that weren't a minute ago. Anyone able to get ahold of any SLX staff?
Martin Magpie Catherine Cotton Join date: 13 Nov 2004 Posts: 1,826	03-15-2006 02:13 oh snap your right! Yikes. They must of pissed off someone. _____________________
Laukosargas Svarog Angel ? Join date: 18 Aug 2004 Posts: 1,304	03-15-2006 02:17 Certainly looks like it. I've taken my SLex vendors offline until it's sorted. _____________________ *Geometry is music frozen...*
Weedy Herbst Too many parameters Join date: 5 Aug 2004 Posts: 2,255	03-15-2006 02:20 Looks like the home page for sure, the other pages seem ok though. _____________________
Moopf Murray Moopfmerising Join date: 7 Jan 2004 Posts: 2,448	03-15-2006 02:23 Oh dear, that's really not good at all. I'd suggest everybody take their boxes offline and empty their balances if possible at SLX. _____________________
Chrischun Fassbinder k-rad! Join date: 19 Feb 2005 Posts: 154	03-15-2006 02:25 I tried calling Apotheus but no answer. He's in the EST zone so hopefully he get's up soon. Didn't see any staff inworld but dropped IMs. Beyond that I don't know what else to try to get someone alerted before this hax0r starts really trashing things.
Weedy Herbst Too many parameters Join date: 5 Aug 2004 Posts: 2,255	03-15-2006 02:30 It's offline now. _____________________
Lynnix Muse Registered User Join date: 26 Dec 2002 Posts: 156	03-15-2006 02:33 eek. I whent to check my balance and saw the -]¦ † ¦[- Owned By Blade -]¦ † ¦[-, knew right away sle musta been hacked. Really not wanting to take my vendors because of how long it will take to set them back up. Please keep trying to call Apotheus, Chrischun. Hopefully its down now because Apotheus took it down.
Chrischun Fassbinder k-rad! Join date: 19 Feb 2005 Posts: 154	03-15-2006 02:35 From: Lynnix Muse Hopefully its down now because Apotheus took it down. Yup that's my guess (hope) as well.
Foolish Frost Grand Technomancer Join date: 7 Mar 2005 Posts: 1,433	03-15-2006 03:09 Note to all. A common trick is to get a file uploaded called index.html into the root server directory. It does not hurt the sever at all, but some servers will show a HTML file before a PHP file. That's not to say it does not show a security flaw, but in most cases it's just some ass posting a web page over the top of the site. trying to load http://site/index.php will show you most days if this is the case. Thank you, and back to your regular schedualed discussion. _____________________ SLDrama.com: Join the drama that IS Second Life! The Future of Second Life, thoughts and discussion! My shop at SLExchange!
Moopf Murray Moopfmerising Join date: 7 Jan 2004 Posts: 2,448	03-15-2006 03:14 From: Foolish Frost Note to all. A common trick is to get a file uploaded called index.html into the root server directory. It does not hurt the sever at all, but some servers will show a HTML file before a PHP file. That's not to say it does not show a security flaw, but in most cases it's just some ass posting a web page over the top of the site. trying to load http://site/index.php will show you most days if this is the case. Thank you, and back to your regular schedualed discussion. I dont believe that was the case in this instance, due to the way the scribblings left by the hackers were appearing on multiple pages. This could be as simple as having been able to access the templates for the site, but once compromised in any way it's always safest to work from the assumption that it is completely compromised. _____________________
Foolish Frost Grand Technomancer Join date: 7 Mar 2005 Posts: 1,433	03-15-2006 03:17 From: Moopf Murray I dont believe that was the case in this instance, due to the way the scribblings left by the hackers were appearing on multiple pages. This could be as simple as having been able to access the templates for the site, but once compromised in any way it's always safest to work from the assumption that it is completely compromised. No argument. Ever. At BEST, pages could have been uploaded and been redirected to for phishing scams. Had it happen to me a few weeks back on an older postnuke site. It's rebuilt now, mostly from the ground up. Problem with such hacks, is that the logs don't tell you HOW they got in in most cases. Makes you just want to unplug the server when your not there to watch it. Annoying. _____________________ SLDrama.com: Join the drama that IS Second Life! The Future of Second Life, thoughts and discussion! My shop at SLExchange!
Moopf Murray Moopfmerising Join date: 7 Jan 2004 Posts: 2,448	03-15-2006 03:21 From: Foolish Frost No argument. Ever. At BEST, pages could have been uploaded and been redirected to for phishing scams. Had it happen to me a few weeks back on an older postnuke site. It's rebuilt now, mostly from the ground up. Problem with such hacks, is that the logs don't tell you HOW they got in in most cases. Makes you just want to unplug the server when your not there to watch it. Annoying. Yes, I agree completely. Often tracing these things can prove difficult and generally leaves you with a constant fear of it happening hanging over your head! _____________________
splat1 Edison Registerd Nut Join date: 6 Sep 2004 Posts: 353	03-15-2006 03:53 My condolences to the slex team, I hope you are back on your feet soon. (at time of writiing the slex website was offline) _____________________ Splat Soft - We exsist in the RL to! Gigas Bunny (Mule) #### You see, our experts describe you as an appallingly dull fellow, unimaginative, timid, lacking in initiative, spineless, easily dominated, no sense of humour, tedious company and irrepressibly drab and awful. And whereas in most professions these would be considerable drawbacks, in chartered accountancy they are a positive boon.
MadamG Zagato means business Join date: 17 Sep 2005 Posts: 1,402	03-15-2006 04:11 Anyone get an email notice that a private message was waiting for them on SLExchange in the past few hours while or just before this happened? Just wondering if it has anything to do with this 'hack' or not. So anxious to get in and see what the message says. _____________________
Lasivian Leandros Hopelessly Obsessed Join date: 11 Jul 2005 Posts: 238	03-15-2006 05:04 Glad I pulled totally out of slexchange and went to slboutique. SL Exchange has big problems with both software and management, they don't care much about their users. _____________________ From: someone "SL is getting to be like a beat up old car with a faulty engine which keeps getting a nice fresh layer of paint added on, while the engine continues to be completely unreliable." - Kex Godel
Keiki Lemieux I make HUDDLES Join date: 8 Jul 2005 Posts: 1,490	03-15-2006 05:15 I hope they get this cleared up soon. It's interesting though when threads pop up about slexchange that invariably we get slboutique fanboi posts. slboutique seems like a well run site, but something about it just doesn't connect with consumers like slexchange does. I do 20 times the business at slexchange that I do at slboutique. Unless slexchange really implodes, I don't see people giving up much higher sales and lowers comissions to move to another site. _____________________ imakehuddles.com/wordpress/
Merwan Marker Booring... Join date: 28 Jan 2004 Posts: 4,706	03-15-2006 05:22 Well - was it or wasn't it? _____________________ Don't Worry, Be Happy - Meher Baba
Introvert Petunia over 2 billion posts Join date: 11 Sep 2004 Posts: 2,065	03-15-2006 05:23 Well, if SLX intentionally shut down the site because of the hack, professionalism would seem to lead one to believe that they'd make an explanatory post here with whatever information they may have at present to quell Fear, Uncertainty, and Doubt, and to give merchants and depositors some indication of whether their deposits are safe. However, I am not a Web -> SL vendor, so really am not in a position to suggest what they ought do.
Dyne Talamasca Noneuclidean Love Polygon Join date: 9 Oct 2005 Posts: 436	03-15-2006 05:26 I expect they'll post something when they get through picking up the pieces. _____________________ Dyne Talamasca - I hate the word "bling". Miscellany on MySLShop.com, SLB, and SLEx Plonk
Lasivian Leandros Hopelessly Obsessed Join date: 11 Jul 2005 Posts: 238	03-15-2006 05:28 From: Keiki Lemieux I hope they get this cleared up soon. It's interesting though when threads pop up about slexchange that invariably we get slboutique fanboi posts. slboutique seems like a well run site, but something about it just doesn't connect with consumers like slexchange does. I do 20 times the business at slexchange that I do at slboutique. Unless slexchange really implodes, I don't see people giving up much higher sales and lowers comissions to move to another site. I'm not terribly fond of either one, the both have issues. But let's imagine if slexchange doesn't come back up for weeks, people's money that was on the site is not available. a few weeks back I specificially requested a "direct to avatar" linden transfer and slexchange laughed at me. So i'm laughing now. _____________________ From: someone "SL is getting to be like a beat up old car with a faulty engine which keeps getting a nice fresh layer of paint added on, while the engine continues to be completely unreliable." - Kex Godel
nimrod Yaffle Cavemen are people too... Join date: 15 Nov 2004 Posts: 3,146	03-15-2006 05:28 I swear I had nothing to do with this! >_> _____________________ "People can cry much easier than they can change." -James Baldwin
Introvert Petunia over 2 billion posts Join date: 11 Sep 2004 Posts: 2,065	03-15-2006 05:31 From: someone I expect they'll post something when they get through picking up the pieces. How long does it take to make a post? Answer: This one took me under thirty seconds, but it is short.
nimrod Yaffle Cavemen are people too... Join date: 15 Nov 2004 Posts: 3,146	03-15-2006 05:37 Has anyone gotten inworld to try to withdraw the amount they have? Edit: They should have wrote "GOMed By Blade." _____________________ "People can cry much easier than they can change." -James Baldwin
Lasivian Leandros Hopelessly Obsessed Join date: 11 Jul 2005 Posts: 238	03-15-2006 05:44 From: nimrod Yaffle Has anyone gotten inworld to try to withdraw the amount they have? Edit: They should have wrote "GOMed By Blade." They're dead Jim! In-world terminals are not responding. _____________________ From: someone "SL is getting to be like a beat up old car with a faulty engine which keeps getting a nice fresh layer of paint added on, while the engine continues to be completely unreliable." - Kex Godel

Welcome to the Second Life Forums Archive

SLX Hacked?