| Pages: [1] 2 :: one page |
| Author |
Thread Statistics | Show CCP posts - 1 post(s) |
rubico1337
   |
Posted - 2009.07.31 08:01:00 -
[1]
TL;DR(i tried) - an IP address have been mounting an SQL injection attack, the IP is based out of the US. i highly suspect it is just a shell IP as the whois lookup lists a shell company, loud packet inc. with admins/techs called "chief packeteer" "krypt keeper" and a group called the "Kitty Solutions Group" all being on the admins list. all searches for this company return no websites except for a shell website obviously owned by a URL parker loudpacket.com nor any other information to any other kind of search. there are strong links to shenzhen china for some of the material. these same IP have been used in previous SQL attacks unrelated to eve in the past months(link)
whois link
these are only in relation to the links posted in the threads, the IP of the poster cannot be accurately found only CCP has that data but im sure they were probably behind over 9000 proxies 
i have compounded dates and times of the postings, along with the whois and the server locations of said postings. first post that occurred was at 13:53 eve time 7/18 with the audrey link. the registrar for all of these begins with key-systems.net a german based URL parking/selling broker. from there on a pattern starts to emerge. EVERY post's link IP has been this one:
first thread was at 13:53 7/18
IP: 67.43.151.90
IP Location: Bandon OR, United States
the address for the server however is murretia CA however this might be and probably is an outright forgery
some images have originated from this IP but this is only where the images are hotlinked from, this probably has nothing to do with the attacks themselves:
IP: 61.235.117.164
IP Location: Shenzhen, China
after the audrey copy/paste one which was the first one, new threads began with different templates and with a different set of URLS. the URLs switch to being letters rather than numbers, and the url registrar company changes to ename.com a chinese based URL service. new URL hosting companies are appearing, all based out of china, however the IP if the server however remains the same (based in the US)
|
Esamir
|
Posted - 2009.07.31 09:08:00 -
[2]
It would be great to track these people down and destroy their lives 
|
Lance Fighter
Amarr
|
Posted - 2009.07.31 09:09:00 -
[3]
um thats cool bro.
So, i dont get it. what difference does it really make?
 Originally by: Akita T
Seriously ?
...wow... I'm such a forum ho' !
|
Tiny Tove
|
Posted - 2009.07.31 09:20:00 -
[4]
So the terrorists are winning?
|
Ankhesentapemkah
Gallente
Aliastra
|
Posted - 2009.07.31 09:38:00 -
[5]
Just don't click the stupid links and you're fine.
---
|
Bestofworst Worstofbest
Caldari
Science and Trade Institute
|
Posted - 2009.07.31 09:42:00 -
[6]
I think the external link warning is just fine. The worst I've done is either click on it by accident (usually when I go to use my wheel down the bottom of the page, it's faster to click the wheel and move my mouse down, and for some reason this acts as a right click--> open in new tab), or when I'm really really tired.
________________________________________________
Am I an alt, main, or both? You decide! |
Tiny Tove
|
Posted - 2009.07.31 09:48:00 -
[7]
Originally by: Ankhesentapemkah
Just don't click the stupid links and you're fine.
It's so obvious. Why hasn't your towering intellect been snapped up by the internet security industries, or even the national security agencies? Surely NASA have a place for somebody with such awesome analytical prowess?
|
Tiny Tove
|
Posted - 2009.07.31 09:50:00 -
[8]
Originally by: Bestofworst Worstofbest
I think the external link warning is just fine. The worst I've done is either click on it by accident (usually when I go to use my wheel down the bottom of the page, it's faster to click the wheel and move my mouse down, and for some reason this acts as a right click--> open in new tab), or when I'm really really tired.
If the spammer makes his keylogger install page look like the CCP warning page, he'll get a lot more hits.
|
Bestofworst Worstofbest
Caldari
Science and Trade Institute
|
Posted - 2009.07.31 09:55:00 -
[9]
Originally by: Tiny Tove
Originally by: Bestofworst Worstofbest
I think the external link warning is just fine. The worst I've done is either click on it by accident (usually when I go to use my wheel down the bottom of the page, it's faster to click the wheel and move my mouse down, and for some reason this acts as a right click--> open in new tab), or when I'm really really tired.
If the spammer makes his keylogger install page look like the CCP warning page, he'll get a lot more hits.
So wait, the keylogger would post a link, which would take you to a warning page, which you click the link at the warning page, which takes you to another warning page, that has a different link and.. wait, what?
I can see if keyloggers completely bypass the warning page to supplement their own.
I still seriously find it hard to imagine a person who would sit at a computer, and purposely hack computers, steal money and all sorts of stuff that basically would ruin someones next fear months. And how this is not illegal.
________________________________________________
Am I an alt, main, or both? You decide! |
Tiny Tove
|
Posted - 2009.07.31 10:29:00 -
[10]
Edited by: Tiny Tove on 31/07/2009 10:28:44
Originally by: Bestofworst Worstofbest
So wait, the keylogger would post a link, which would take you to a warning page, which you click the link at the warning page, which takes you to another warning page, that has a different link and.. wait, what?
I can see if keyloggers completely bypass the warning page to supplement their own.
I still seriously find it hard to imagine a person who would sit at a computer, and purposely hack computers, steal money and all sorts of stuff that basically would ruin someones next fear months. And how this is not illegal.
I don't really have the vocabulary skills to make it clearer.
If you click the warning page, and it gives you another warning page (only this one is faked and set up by the spammer) only this page's link is the keylogger installer, then they will get their keylogger onto a lot more computers.
Also, if they pretend to post Eve related items, as opposed to obvious spam, they will get a lot more hits.
Eve customers are protected by the ineptitude of the spammer. CCP's response with the warning page exonerates them, but gives the spammer another avenue of attack if only they were smart enough to exploit it.
They could also post actual real content, and have the keylogger lure hanging on that page too, completely bypassing CCP's ability to warn you.
And yes people steal money. Also it's illegal. And no, the police are in no position to do anything about it.
|
|
CCP Capslock
Amarr
C C P
|
Posted - 2009.07.31 10:40:00 -
[11]
Originally by: Tiny Tove
Edited by: Tiny Tove on 31/07/2009 10:28:44
Originally by: Bestofworst Worstofbest
So wait, the keylogger would post a link, which would take you to a warning page, which you click the link at the warning page, which takes you to another warning page, that has a different link and.. wait, what?
I can see if keyloggers completely bypass the warning page to supplement their own.
I still seriously find it hard to imagine a person who would sit at a computer, and purposely hack computers, steal money and all sorts of stuff that basically would ruin someones next fear months. And how this is not illegal.
I don't really have the vocabulary skills to make it clearer.
If you click the warning page, and it gives you another warning page (only this one is faked and set up by the spammer) only this page's link is the keylogger installer, then they will get their keylogger onto a lot more computers.
Also, if they pretend to post Eve related items, as opposed to obvious spam, they will get a lot more hits.
Eve customers are protected by the ineptitude of the spammer. CCP's response with the warning page exonerates them, but gives the spammer another avenue of attack if only they were smart enough to exploit it.
They could also post actual real content, and have the keylogger lure hanging on that page too, completely bypassing CCP's ability to warn you.
And yes people steal money. Also it's illegal. And no, the police are in no position to do anything about it.
No system is 100% perfect but if any exploits are found in the new system they will be fixed ASAP.
At the moment any offsite link to a none CCP controlled site is forced through the warning page. I am a little confused by what your saying but I think its one of two things.
Firstly the spammers figure out how to bypass the system and make their link 'safe' in that the forums don't force it through the warning page, they then fake the warning page in an effort to get more users to press the link and download their malware. Whilst I'm not saying that this could never happen, if it did we would fix the exploit asap. Secondly the fake warning page would be hosted on a different URL than eveonline.com and the link on the page would also have to be different. I would surmise that an issue like this would be reported and fixed asap, all the while still leaving users more protected than they are now as it would still require multiple clicks and page navigations on their part to accidently download the same malware payload.
Secondly the users just fake a warning page that looks like the forum one, then expect the user to click on two consecutive warning pages without really noticing and thusly download their malware package. There isn't really much we could do about this one, but hopefully users would notice that they were clicking the same page twice with a different URL etc and not be cought by the malware.
The warning page is something to try and help our users from making accidental mistakes (we've all done it) and clicking on malware loaded links. It is a new feature and as such is one we will continue to work on and evolve.
Cheers
CCP CAPSLOCK
|
|
Tiny Tove
|
Posted - 2009.07.31 10:51:00 -
[12]
Edited by: Tiny Tove on 31/07/2009 10:50:50
Originally by: CCP Capslock
No system is 100% perfect but if any exploits are found in the new system they will be fixed ASAP.
I'm just glad it's not my job. You know, if you become an actual real fireman instead of a virtual one, you get a lot more chicks
All I need to do now is take my own advice. And lost 8 stone.
|
Bestofworst Worstofbest
Caldari
Science and Trade Institute
|
Posted - 2009.07.31 10:57:00 -
[13]
It's not as bad as WoW. I was playing it with a friend when two lvl1 warlocks came into town and actually used a cheat engine to kill themselves where they stood, and made an add out of the dead bodies (spawning without making the skeletons coming, or just not showing up at all).
________________________________________________
Am I an alt, main, or both? You decide! |
Mistral Sud
Minmatar
Black Box Corp.
|
Posted - 2009.07.31 11:02:00 -
[14]
Has anyone analysed the malware itself?
that would be much more interresting, especially the link where the userinfo is sent!
we could write a program wich mimics the malware and spam the guys!
with millions of autogenerated nonsense userinfo they cant get to the real ones anymore !
muhahahaha
|
Tiny Tove
|
Posted - 2009.07.31 11:14:00 -
[15]
Edited by: Tiny Tove on 31/07/2009 11:14:30
Originally by: Mistral Sud
Has anyone analysed the malware itself?
that would be much more interresting, especially the link where the userinfo is sent!
we could write a program wich mimics the malware and spam the guys!
with millions of autogenerated nonsense userinfo they cant get to the real ones anymore !
muhahahaha
And you know what? It's illegal to do it. And since it would be a conserted effort by a single person, it could be easily traced and prosecuted as a crime against binary digits.
|
Mutnin
Mutineers
|
Posted - 2009.07.31 11:23:00 -
[16]
Originally by: Ankhesentapemkah
Just don't click the stupid links and you're fine.
Do you not understand the fact, that if they can steal some people's accounts, they can turn around and post links on the forums with the stolen accounts. Meaning you never know which link might be unsafe.
|
Mistral Sud
Minmatar
Black Box Corp.
|
Posted - 2009.07.31 11:25:00 -
[17]
Originally by: Tiny Tove
Edited by: Tiny Tove on 31/07/2009 11:14:30
And you know what? It's illegal to do it. And since it would be a conserted effort by a single person, it could be easily traced and prosecuted as a crime against binary digits.
yeah they will sue u come on mate, its just a method of beating them with their own methods!
& i can use proxies too!
|
Bestofworst Worstofbest
Caldari
Science and Trade Institute
|
Posted - 2009.07.31 11:26:00 -
[18]
Originally by: Tiny Tove
Edited by: Tiny Tove on 31/07/2009 11:14:30
Originally by: Mistral Sud
Has anyone analysed the malware itself?
that would be much more interresting, especially the link where the userinfo is sent!
we could write a program wich mimics the malware and spam the guys!
with millions of autogenerated nonsense userinfo they cant get to the real ones anymore !
muhahahaha
And you know what? It's illegal to do it. And since it would be a conserted effort by a single person, it could be easily traced and prosecuted as a crime against binary digits.
I remember a post a long time ago during my WoW addiction days where someone explained a plan on having several computers purpousely house keyloggers and let them fester to see what they exactly do or how they work and how you can stop them from working.
Apparently it failed if noone has mentioned any of it, but not sure.
________________________________________________
Am I an alt, main, or both? You decide! |
Tiny Tove
|
Posted - 2009.07.31 11:28:00 -
[19]
Originally by: Mistral Sud
yeah they will sue u come on mate, its just a method of beating them with their own methods!
& i can use proxies too!
Don't let me stop you.
|
Sun Ra
Culture Breach
|
Posted - 2009.07.31 11:29:00 -
[20]
Macro's get banned, the guys behind it lose income, keyloggers start to appear on the eve-o forums.... go figure 
|
voogru
Gallente
Massive Damage
United Corporations Against Macros
|
Posted - 2009.07.31 11:34:00 -
[21]
Originally by: CCP Capslock
No system is 100% perfect but if any exploits are found in the new system they will be fixed ASAP.
At the moment any offsite link to a none CCP controlled site is forced through the warning page. I am a little confused by what your saying but I think its one of two things.
Firstly the spammers figure out how to bypass the system and make their link 'safe' in that the forums don't force it through the warning page, they then fake the warning page in an effort to get more users to press the link and download their malware. Whilst I'm not saying that this could never happen, if it did we would fix the exploit asap. Secondly the fake warning page would be hosted on a different URL than eveonline.com and the link on the page would also have to be different. I would surmise that an issue like this would be reported and fixed asap, all the while still leaving users more protected than they are now as it would still require multiple clicks and page navigations on their part to accidently download the same malware payload.
Secondly the users just fake a warning page that looks like the forum one, then expect the user to click on two consecutive warning pages without really noticing and thusly download their malware package. There isn't really much we could do about this one, but hopefully users would notice that they were clicking the same page twice with a different URL etc and not be cought by the malware.
The warning page is something to try and help our users from making accidental mistakes (we've all done it) and clicking on malware loaded links. It is a new feature and as such is one we will continue to work on and evolve.
Cheers
CCP CAPSLOCK
CAPSLOCK,
The external links is a decent idea, but the problem is very simple: Every link on the EVE forums will go through this system, users will get used to clicking through it without reading the consequences. You basically have an "Are you sure?" dialog popping up with the external link. People get so used to hitting yes, they don't even read it anymore.
End result: Some players become victims, end up losing everything, and quit EVE since they do not feel like rebuilding.
Which means, every one of these "spam attacks" will cost CCP subscriptions.
You need to prevent them from posting in the first place.
How? Well if I told you here then they'd know exactly how to counter it. Plus, I don't know everything (I'm still training Omnipotent to 1) So I'm not terribly sure what applies or does not apply in this situation. I just know that the most important thing is that these posts need to be prevented outright.
Hate Farmers? Click Here |
Mistral Sud
Minmatar
Black Box Corp.
|
Posted - 2009.07.31 11:36:00 -
[22]
Originally by: Bestofworst Worstofbest
Originally by: Tiny Tove
Edited by: Tiny Tove on 31/07/2009 11:14:30
Originally by: Mistral Sud
Has anyone analysed the malware itself?
that would be much more interresting, especially the link where the userinfo is sent!
we could write a program wich mimics the malware and spam the guys!
with millions of autogenerated nonsense userinfo they cant get to the real ones anymore !
muhahahaha
And you know what? It's illegal to do it. And since it would be a conserted effort by a single person, it could be easily traced and prosecuted as a crime against binary digits.
I remember a post a long time ago during my WoW addiction days where someone explained a plan on having several computers purpousely house keyloggers and let them fester to see what they exactly do or how they work and how you can stop them from working.
Apparently it failed if noone has mentioned any of it, but not sure.
yip u dont even have to fire up IDApro to do it! (wich btw is effort cause u can be sure the code uses packing and obfuscation back and forth)
just a infected rig with some trial accounts and a good traffic analyzer will do the job!
|
Bestofworst Worstofbest
Caldari
Science and Trade Institute
|
Posted - 2009.07.31 11:39:00 -
[23]
Originally by: voogru
Originally by: CCP Capslock
No system is 100% perfect but if any exploits are found in the new system they will be fixed ASAP.
At the moment any offsite link to a none CCP controlled site is forced through the warning page. I am a little confused by what your saying but I think its one of two things.
Firstly the spammers figure out how to bypass the system and make their link 'safe' in that the forums don't force it through the warning page, they then fake the warning page in an effort to get more users to press the link and download their malware. Whilst I'm not saying that this could never happen, if it did we would fix the exploit asap. Secondly the fake warning page would be hosted on a different URL than eveonline.com and the link on the page would also have to be different. I would surmise that an issue like this would be reported and fixed asap, all the while still leaving users more protected than they are now as it would still require multiple clicks and page navigations on their part to accidently download the same malware payload.
Secondly the users just fake a warning page that looks like the forum one, then expect the user to click on two consecutive warning pages without really noticing and thusly download their malware package. There isn't really much we could do about this one, but hopefully users would notice that they were clicking the same page twice with a different URL etc and not be cought by the malware.
The warning page is something to try and help our users from making accidental mistakes (we've all done it) and clicking on malware loaded links. It is a new feature and as such is one we will continue to work on and evolve.
Cheers
CCP CAPSLOCK
CAPSLOCK,
The external links is a decent idea, but the problem is very simple: Every link on the EVE forums will go through this system, users will get used to clicking through it without reading the consequences. You basically have an "Are you sure?" dialog popping up with the external link. People get so used to hitting yes, they don't even read it anymore.
End result: Some players become victims, end up losing everything, and quit EVE since they do not feel like rebuilding.
Which means, every one of these "spam attacks" will cost CCP subscriptions.
You need to prevent them from posting in the first place.
How? Well if I told you here then they'd know exactly how to counter it. Plus, I don't know everything (I'm still training Omnipotent to 1) So I'm not terribly sure what applies or does not apply in this situation. I just know that the most important thing is that these posts need to be prevented outright.
How about a huge Whitelist of sites that don't receive the block. And have a thread where players can submit sites to be added on the whitelist.
So when a keylogger comes up and someone clicks on it would say "This link has not been verified as a safe link, if you want to add this, please submit the url to this thread" blah blah blah.
Of course, have the thread have disabled links. But I'm not sure how CCP can go about checking each one to make sure they are safe.
________________________________________________
Am I an alt, main, or both? You decide! |
voogru
Gallente
Massive Damage
United Corporations Against Macros
|
Posted - 2009.07.31 11:45:00 -
[24]
Originally by: Bestofworst Worstofbest
How about a huge Whitelist of sites that don't receive the block. And have a thread where players can submit sites to be added on the whitelist.
So when a keylogger comes up and someone clicks on it would say "This link has not been verified as a safe link, if you want to add this, please submit the url to this thread" blah blah blah.
Of course, have the thread have disabled links. But I'm not sure how CCP can go about checking each one to make sure they are safe.
I don't really want to say too much in these threads so that my ideas may not be used against CCP in case the people spamming the forum read these threads which they probably do. So any discussions of ideas here is pretty much at risk of them figuring out how to counter them.
You'll probably see them working around the URL restriction eventually, as well as posts that blend in better.
The only thing I can stress is these people need to be prevented from posting in the first place.
Hate Farmers? Click Here |
Bestofworst Worstofbest
Caldari
Science and Trade Institute
|
Posted - 2009.07.31 11:50:00 -
[25]
Originally by: voogru
Originally by: Bestofworst Worstofbest
How about a huge Whitelist of sites that don't receive the block. And have a thread where players can submit sites to be added on the whitelist.
So when a keylogger comes up and someone clicks on it would say "This link has not been verified as a safe link, if you want to add this, please submit the url to this thread" blah blah blah.
Of course, have the thread have disabled links. But I'm not sure how CCP can go about checking each one to make sure they are safe.
I don't really want to say too much in these threads so that my ideas may not be used against CCP in case the people spamming the forum read these threads which they probably do. So any discussions of ideas here is pretty much at risk of them figuring out how to counter them.
You'll probably see them working around the URL restriction eventually, as well as posts that blend in better.
The only thing I can stress is these people need to be prevented from posting in the first place.
Well that's impossible to due without doing something illegal I would guess. Submit a petition with your ideas though, I hope they are good.
________________________________________________
Am I an alt, main, or both? You decide! |
voogru
Gallente
Massive Damage
United Corporations Against Macros
|
Posted - 2009.07.31 12:10:00 -
[26]
Edited by: voogru on 31/07/2009 12:12:55
Originally by: Bestofworst Worstofbest
Submit a petition with your ideas though, I hope they are good.
A petition?
"Thanks for the suggestion." Petition closed.
Unfortunately, I have been down that road before. I have past experiences with bug reports and the petition system, where critical information never got to where it needed to go. So my confidence in the 'petition' system is very low unfortunately.
Quote:
Well that's impossible to due without doing something illegal I would guess. Submit a petition with your ideas though, I hope they are good.
And whats impossible without doing something illegal? None of my ideas are illegal, unless it's illegal to secure your own forum from spammers, and in case that's illegal, I doubt it's illegal in Iceland
Hate Farmers? Click Here |
Rhinanna
Minmatar
Volition Cult
The Volition Cult
|
Posted - 2009.07.31 12:57:00 -
[27]
Whitelist implemented....
Site on the whitelist gets hacked.
Lots of people get keyloggers thinking the site is safe....
Bad plan!
-The sword is only as sharp as the one who wields it.
Drenzul (My normal internet tag) |
Bestofworst Worstofbest
Caldari
Science and Trade Institute
|
Posted - 2009.07.31 13:04:00 -
[28]
Originally by: Rhinanna
Whitelist implemented....
Site on the whitelist gets hacked.
Lots of people get keyloggers thinking the site is safe....
Bad plan!
Site gets reported and temporarily moved off the whitelist. I've had it happen where malicious content would be inside adds of the WoW-Radio site.
But it was just an idea. But what we really need to do is have Ingame adds at login and forum stickies explaining saftey, don't buy from isk sellers blah blah blah.
________________________________________________
Am I an alt, main, or both? You decide! |
Kaylan Jahlar
Minmatar Industrial Limited
|
Posted - 2009.07.31 14:33:00 -
[29]
I said it before and I will say it again: CCP can't be held responsible for the stupidity and recklessness of its users.
They already show a warning page, and they show the link you're about to click in full text (the full URL) in big bold yellow text. If someone is stupid enough to click it anyway despite the warning and get infected by a keylogger, then I call this natural selection. It's sad, and CCP might be losing a subscription from that user, but it's nothing they can control, and suing them will not win anything because they are not liable.
I think this thread is going too far. CCP can ban the account of known keylogger and spam sources and lock their credit card, they can blacklist some sites so they are never being linked, and they can show warnings when you're about to click an external link, but they can't control every move the users make.
Anyone could post a link to a keylogger, there's no way for CCP to know in advance who will be an offender until someone clicks the link and reports it, so they can't possibly prevent those users from posting in the first place. They could always implement a bigger system that virus-checks every link posted, but that would require a lot of processing power and probably a 3rd party provider. Either way, it's not something they can do on the fly like this, but it would be the ultimate solution.
It's time the users assume their responsibilities and stop blaming CCP for their stupidity.
----
Advanced combat probing guide: A clever use of the directional scanner |
Tiny Tove
|
Posted - 2009.07.31 15:13:00 -
[30]
Originally by: Kaylan Jahlar
I said it before and I will say it again: CCP can't be held responsible for the stupidity and recklessness of its users.
Ok, thanks, but, It's irrelevant. They are responsible for the contents of their website.
lol, unless of course, I've just posted a view opposing somebody who happens to have a friend in the forum moderation brigade. In which case, I meant to agree with you lol |
| |
|
| Pages: [1] 2 :: one page |
| First page | Previous page | Next page | Last page |