May 4, 2005

As all of the regular C&A forum-goers already know, the C&A forums got hacked yesterday. All 16,000 or so posts were deleted, and various humorous references to homosexuality were scattered throughout the page.

The hacker posted that he'd return things to the way they were if I paid him $10 through PayPal. I said "Sure! What's your PayPal info!" but he didn't fall for it.

However, he neglected to demote all the admin accounts. I found one that worked and looked at his posts. More accurately, I used the admin option to get the IP those posts were posted from.

Yes. Now it gets interesting. All of his posts came from the same IP. I pinged it. It didn't reply. This means it's less likely to be a compromized (Zombie) system, and more likely to be his actual home system. I reverse-DNSed it and it belonged to an ISP in Canada. I called them and talked to a lot of people who liked to say "eh" at the end of sentances until I got to the right department. They confirmed it was an IP of theirs and took my complaint against the user.

This gets better. That specific ISP encodes their user's MAC addresses in their reverse DNS lookups. So just by looking at the reverse-DNS, I have his MAC id. So now I easily have all the information I need to actually identify and prosecute him.

I posted that on the forum and said I wouldn't press charges if he returned the forum to the way it was. He got pretty worried. His posts from that point on implied he was pretty scared. He apologized and even told me how to fix the exploit he used. Unfortunately, he didn't back up the data, so that's all gone. Also (though who knows if he's telling the truth) his ISP called his home and his parents got the call. So he's in pretty deep shit (if he's to be believed).

Anyway, I won't be pursuing any legal action against him, cause he's (probably) just a kid and I never could hold a grudge for very long. But I admit I took a little pleasure in him squirming for a few hours before I told everyone I wouldn't pursue criminal charges. :)

Oh, and I implemented the change he suggested, on the logic that if you can't trust a pre-teen mindlessly destructive hacker with a demonstrated desire to mangle and mutilate your data, who can you trust? (Well ok. I confirmed on that it was the fix before I did it. But the first statement is funnier.)

So, the forums are reset. People are posting merrily away in them, and you're all welcome to continue. But I won't be able to upgrade to the latest phpBB for a few days (no time), so there won't be any forum ranks, everything will be in one forum instead of the traditional five for C&A, etc.

I'll be able to keep the member data and post counts, so that's something.


