POTENTIALLY A VERY LARGE SECURITY BREACH

[MicroBob]

It should also be noted that I did not post about this in the regular forums.

I got the PM right after I posted in mod-discussion that I had banned the guy.

So I'm wondering if somehow he's able to see the mod-discussion (perhaps having hacked into a mod's account somehow??).


Some of this may sound paranoid. But I found it quite odd that I got a PM from him without having posted in the regular forums about this AT ALL.

[Ed Miller]

Forums brought back up.

Trying to make a post with a link.

[Entity]

KyleB is looking into the causes of the hacking and how widespread it might be on each infected user's systems right now. Look for updates in the Internet forum.

[Mike Haven]

Here's a post from the thread, after kyleb's conclusion, purportedly from Ryan11, but whose account has presumably been hacked, too:

":::yawn::: not bad, bud. Your output would look similar to so:

2006-05-29 12:16:07 AM - 24.22.162.154

Display Name: kyleb
MD5 Hash: 557f387ed69ed2f81ffd4263bd8002b5
E-mail: kyle.boddy@gmail.com
Login: kyleboddy
Session: w3t_myid=18077; w3t_key=fb0a4009e19343790134fbe71f1b28ee; PHPSESSID=fe8fe78dd5aa0fcd0b787cd892e42819; w3t_mysess=a529ea43c249fcbee9685c74d8baa9eb-

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3

Anyhow, these actions are the result of your moderator "jasonb" insulting me. I came to these forums legitimately to report a similar hole with pokerroom.com. The difference is that hole allowed access to dump peoples chips. I got banned for spam and called an idiot. That's rediculous.

Unfortunately, the structure of 2p2 is very poor and it is suseptible to a lot of manipulation. The admins have no technical knowledge and basically you are all vuln. If the admins give an apology for the mods conduct, I'll dissapear. If not, well then I guess we'll just have to see what happens next, won't we?

Much Love,
splices"

[Ryan Beal]

"I came to these forums legitimately to report a similar hole with pokerroom.com. The difference is that hole allowed access to dump peoples chips. I got banned for spam and called an idiot. That's rediculous."

I remember this. Jason was right to ban the guy. He was being very abusive and spamming a link to his site. Rather than simply trying to inform people of a security risk, his goal seemed to be to spread the word about his site and how they could help by being paid for their services.

Haven't read every post in this thread yet, but I'll try to locate the account.

[Sniper]

"Complete Chaos" Member#60545

[Ryan Beal]

Oh, nevermind... sniper found him.

[bobbyi]

Can someone explain what the point was of disabling UBBCode? It is really annoying and seriously hurting the forum experience for everyone. I don't understand what it is supposed to do to stop with hacking. The exploit didn't involve any ubbcode besides trying to get someone to click on the initial link and someone could still make the same link using HTML now anyway.

[Dids]

Agree with bobbyi.

Now that we know what's going on, killing UBB code doesn't do anything.

People just need to know not to click bad links.

[Ryan Beal]

It is my understanding that regular users don't have the ability to use HTML in posts. If I'm completely wrong about that, please don't hesitate to tell me how ignorant I am. I just assumed that was the case after reviewing various panel settings.