Cactus Game Design Message Boards
Redemption® Collectible Trading Card Game HQ => Official Rules & Errata => Ruling Questions => Topic started by: CactusRob on March 15, 2010, 06:33:54 PM
-
Well, we seem to be back "on the air" as it were. Our site was attacked Friday. Everything in our database was deleted. We thought we got it back on Saturday but missed some nasty files and the databases were deleted again. We may have some data loss here on the boards. We restored a database backup from Saturday. Our shopping cart was also down as was my abilitiy to upload files to the server. Hopefully, we have it fixed.
-
rtsmaniac was right. the boards were attacked.i'll pm you my prime suspect.
-
rtsmaniac was right. the boards were attacked.i'll pm you my prime suspect.
I hope you're joking...
-
nope he had a suspect
-
nope he had a suspect
I bet he did... ::)
-
THE MUSHROOMS ATTACKED THE BOARDS!!!
-
Attacking hte boards is probably the dumbest thing someone could do.
-
nope he had a suspect
Lets NOT turn this into the Salem witch hunts.
-
nope he had a suspect
Lets NOT turn this into the Salem witch hunts.
I heard whoever did it left a note that said, "Make Moses a Priest or else!!!!!!!!!!"
That just what I heard.
(Oh yeah, ;) ;) ;) ;) ;) ;) for those suffering from a lack of joke-detection.)
-
nope he had a suspect
Lets NOT turn this into the Salem witch hunts.
good idea RR!!!!!
*brings torches and pitchforks*
-
i heard whoever did it threw carrots at the server.
-
umm...i was just kidding, maybe i shouldn't have said what I said RED!
-
umm...i was just kidding, maybe i shouldn't have said what I said RED!
Way to go dude! :)
-
Looks like a few people are warming up for 4/1. ::)
-
I know, talk about sticking my foot in my mouth- jeez.
-
Looks like a few people are warming up for 4/1. ::)
So says the man who is an expert on databases...
Duhn, duhn, duhn.
-
Who would want to attack a little Christian game company? odd.
-
oops i kinda have a hard time deteming when someone is kidding so i'm sorry.(i still wonder who attacked us)
-
Who would want to attack a little Christian game company? odd.
I"m blaming these guys (http://www.biblebattlestradingcardgame.com/index.htm). ;)
-
*chuckles* Arphaxad and Abraham are Israelites? I know it's just a game, but even Sunday School kids know that Israelites are descendants of Israel (Jacob)!
-
Who would want to attack a little Christian game company? odd.
I"m blaming these guys (http://www.biblebattlestradingcardgame.com/index.htm). ;)
From Bryon's chuckle I believe we can rule out the Mossad or other Israeli intelligence operations. That leaves these guys (http://www.losers.org/) in addition to possibly STAMP (http://www.cactusgamedesign.com/message_boards/index.php?topic=20164.msg315500#msg315500) and/or the MMEF (i.e., Militant Moses Empowerment Front) (http://www.cactusgamedesign.com/message_boards/index.php?topic=20164.msg315456#msg315456).
-
nope he had a suspect
Lets NOT turn this into the Salem witch hunts.
I heard whoever did it left a note that said, "Make Moses a Priest or else!!!!!!!!!!"
That just what I heard.
(Oh yeah, ;) ;) ;) ;) ;) ;) for those suffering from a lack of joke-detection.)
I heard the note said "We've captured your demons. See if you can Redeem them now!" :)
-
i heard whoever did it threw carrots at the server.
I heard whoever did it left an escalator at the scene of the crime.
-
i heard whoever did it threw carrots at the server.
I heard whoever did it left an escalator at the scene of the crime.
Well that rules out MKChief. The escalator would have left him at the scene of the crime. ;)
-
I know who it was!! .... It was that mean ol' SASQUATCH!!! Just the other day, I heard him mentioning something about an imminent attack on the boards. This was after he ate 30 sac lunches from the elementary school kids who were on a field trip to the nature center.
-
Hey Rob,
With the attack, was it simply a brute force attack to shut the boards down, or was there ulterior motive, I.E. gaining access to passwords and such? Just wondering if I should go and change some of my passwords for email accounts and such that used the same as the boards.
Thanks,
John.
-
The odd thing about the attack was that it was not a DDOS, at least on the front end. When we tried to get to the boards, we didn't get a 404, but a SMF error. That means the website was up ut had a database error (files missing.) That would suggest an ulterior motive like database access, not a brute force attack.
-
guys fill me in:what is the diffence why would we be attacked? i'm ???
-
I think you guys might be right about the attack, I think changing all passwords that are the same as this one would be a wise precaution.
-
good cuz my password on the email is deffent.
-
guys fill me in:what is the diffence why would we be attacked? i'm ???
A DDOS (brute force) attack is basically where a botnet (collection of virus controlled computers) all ping (visit) a website at the same time. It overloads the server, causing a web site to go down. When this happens, loading times will be either REALLY long or you will get a 404 (http://www.yourhtmlsource.com/sitemanagement/media/ie404error.png). In another type, someone could try to guess the password or exploit a hole in the server, gain access to the root directory, and simply delete the files. That would result (most often) in an error message similar to the one we saw in this case.
-
i think we'v been DDOS'd before, like last week.(i think)
-
i think we'v been DDOS'd before, like last week.(i think)
The boards didn't crash last week did they?
-
They were experiencing some troubles, but I would not see that as a DDOS attack, but instead the hacker figuring out the way the boards work.
In an unofficial answer to RDT's question, it depends how the boards are set up. Some systems allow admins to access passwords. Some encrypt them so the admin cannot assess them (to prevent this problem.) I don't know how SMF does it; you'll need an admin's knowledge on that.
-
If I understand you correctly, as long as the password I use for this site is not used for anything else, I should be okay?
Should I change my password for this site?
Thanks for the advice Cam.
-
If I understand you correctly, as long as the password I use for this site is not used for anything else, I should be okay?
Should I change my password for this site?
Thanks for the advice Cam.
It's probably never a bad idea to change your password for everything once in awhile, as long as you don't forget it. Fortunately, my password for my University account was just changed recently from the one I have on here.
And since the only thing that could be done with the password for this site is posting/changing your account, I'm not sure if I'd worry too much. But it still couldn't hurt.
-
If I understand you correctly, as long as the password I use for this site is not used for anything else, I should be okay?
Should I change my password for this site?
Thanks for the advice Cam.
Well, I don't know if there was a security breach as I don't know what was compromised/how SMF works.
I would probably recommend changing your password anyway, but it isn't a big deal if that password is unique to these forums.
-
Personally, I would be more worried for people that Cactus had the credit card information of, as he said the shopping cart was down as well.
-
That information is almost always encrypted, but hackers like this can often break it. I would be worried about that too.
-
SMF, the forum software for this website, converts passwords to an MD5 hash. I can reset a user's password but I do not have the ability to read the information, because it is encrypted.
The shopping cart is probably more secure, as most programs worth their salt (pun to be intended momentarily) add a "salt" to the password, usually one or more numbers or characters, at some point in the password (usually the end), and then generate an MD5 hash of THAT. So even if someone could hack the MD5, which is difficult but not impossible, the salted password adds an extra layer of protection for sensitive information.
-
SMF, the forum software for this website, converts passwords to an MD5 hash. I can reset a user's password but I do not have the ability to read the information, because it is encrypted.
The shopping cart is probably more secure, as most programs worth their salt (pun to be intended momentarily) add a "salt" to the password, usually one or more numbers or characters, at some point in the password (usually the end), and then generate an MD5 hash of THAT. So even if someone could hack the MD5, which is difficult but not impossible, the salted password adds an extra layer of protection for sensitive information.
so thats a yes or a no to ppl stealing info?
-
That's a no. I'd say that's safe enough. Not impossible to hack like Schaef said, but very difficult and time consuming.
-
and who has more time...than a hacker. :)
better safe than sorry, i say.
-
Well, I don't even use this password for anything else anyway.
(Pssst, everyone say this so that the hacker will leave us alone. ;))
-
possibly a follow up to the xCaLeBx and Redemption Rulez deletings? and now Clarinet is gone... maybe the hacker is gonna hack and delete your account! :o
anyway, I don't care if my account is hacked, the password I use on this is simple and only used for my internet gaming sites that I know I won't continue using...
-
Ive paid for tournaments with credit before. Do i need to be worried?
-
Ive paid for tournaments with credit before. Do i need to be worried?
Nope! I'm only going to use your credit card number every once in a while! ;) :P
-
I don't use this password for anything else, thankfully. However... almost everything else uses the same password. ;D I also don't have a credit card or anything worth hacking. I think I'm safe.
...Unless it's me. ;)
-
(https://www.cactusforums.com/proxy.php?request=http%3A%2F%2Fprotos.dk%2Fpublic%2Fpictures%2Fprotos05%2Fall_your_base.jpg&hash=e5db71bf1e00ba4a19f212c94436b774395c6d1a)