Baxil (baxil) wrote,
Baxil
baxil

  • Location:
  • Mood:
  • Music:

Shit has, as they say, gotten meta.

Hey, folks! Life goes on, and after a long week at work (and a scare with my car -- which was resolved by an unexpected act of generosity on my bosses' part), I'm trying to get back into the swing of things. And meanwhile, things have been more eventful than usual out in the land of:

[Ponies and Pegasi]


First of all, due to RL time concerns, bossgoji has withdrawn as player liaison/co-organizer for the D&D portion of the board. I would still like to make the Pony/D&D4e game occur, though; I've already ordered a 4th Edition PHB so I can chew through the rules conversion in my away-from-computer time (which will help a lot). I'll post a new timeline for game start on the board itself.

Assuming that the forum's not destroyed by a vengeful goddess in the meantime.

That sounds like a joke, I know. But I think the joke's on me.

I happened to have the OOC board index up today when my browser crashed. So I had to reopen the page, and I wasn't logged in when it did. A thread by "Princess Luna" appeared out of nowhere:



I didn't realize the significance of that right away. (My first reaction was, "Huh, who registered that? Everybody should be making original characters - we've discouraged direct use of show canon.")

But then I logged in to my account ... and the thread vanished again. I'm a board administrator. I should be seeing everything.

I took screenshots:

what everyone else sees | what I see


Check them out side by side. The more you look, the more disturbing it gets.

My immediate thought at that point was -- okay, as cool as this is (it's kind of a compliment for someone to go through so much effort for me, you know?), I've been hacked and I need to do damage control.

I started my info-gathering by cross-referencing the post date against the Apache logs, which is when I discovered: There are no HTTP requests corresponding to "Luna's" edits. Even my own board access shows up in the Apache logs, and to scrub them would require rooting the box. In layman's terms -- someone appears to have hacked our entire server, in a very precise and subtle way, just to register a forum account behind my back.

They've been remarkably thorough. Just for one example: I can't even see their user profile (and it appears to be encrypted in the database files). Can someone who has already registered a Pony4e account go to tomorrowlands.org/pony/YaBB.pl?action=viewprofile;username=luna and tell me what shows up? Be careful -- the profile data is small enough (<1kb) that I doubt there are any viruses, but I can't assume anything at this point.

At this point, I have no idea what "Luna" wants, and I'm kind of afraid to let them know that I've spotted them (hence only discussing it in my locked LJ post). Clearly they outclass me in the cracking department. This person's motives seem innocent so far, but if they get angry, they undoubtedly have the capability to take my whole website down -- and about 60 others with it.

For now, I think I need to play dumb and do some info-gathering. Any suggestions?

UPDATE, 2 a.m.: Tlands is currently down. OH GOD SHE'S HACKED IN HERE TOO. ... Except Inaki says it looks like an unrelated network issue (we've had a few in the last couple weeks), site should be fine, and is talking to the data center. In hindsight, I'm starting to wonder ...

(Update, 5/2012: Entry made public for posterity.)
Tags: infohazard, tlands, transcendent masculinity
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 27 comments