Page 1 of 12 1234567891011 ... LastLast
Results 1 to 20 of 227

Thread: [VonC]GrnEyedDvl

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1

    Default [VonC]GrnEyedDvl

    I'm sure your jaw hit the floor when you saw this, as did mine when the evidence was first presented to me. I received an anonymous tip from someone that claimed they had a conversation with a Hex member, who had reported that there was some suspicious activity regarding Hex member's timezones and attitudes. I did a little preliminary investigating and found that there was some truth to the statement. I dug through some old logs with my Tech Staff access, and was pretty shocked by what I found:

    220 ftp.twcenter.net FTP server (sftpd(16) Mo Jun 20 18:32:59 EST 2011) ready.
    USER grneyeddvl
    331 Password required for grneyeddvl
    PASS
    230-Checking disk usage, please wait.
    230- Your disk usage is:
    230- Home/WWW: 1.23 gigabytes
    230 User grneyeddvl@twcenter.net logged in.
    SYST
    215 UNIX Type: L8 Version: BSD-198911
    PWD
    257 "home/grneyeddvl" is current directory.
    CD "/var/www/forums/hash"
    257 MKD command successful.
    TYPE A
    RETR passwd.sha
    LIST
    So why was GrnEyedDvl downloading the password hash on June 20th? Well if you guys will remember, sometime in January it was announced that he had bought the site from Garb, 6 months. It is my belief that he had attempted to brute-force the passwords, so he could take over Hex accounts to ensure that he would get the yes-votes needed. However he was caught by Squid at the time. He was apparently quick enough in covering his tracks though, and made it seem like he had been hacked.

    All that made sense, until I investigated further. Rather than going through the noisy AdminCP, which would leave a trail, he decided to take the lower risk, though still risky, by manually changing their password and email field with a MySQL query. He thought he deleted the relevant logs, but he never commited the Git changes, and I found them by recalling the git and investigating the formerly deleted logs. I found that on July 2nd, GrnEyedDvl ran this query:
    Jul 2 grneyeddvl - mysql> select username from userid (1200) and replace password x3kkWj5;
    Userid 1200 being Trajan
    Jul 2 grneyeddvl - mysql> select username from userid (26684) and replace password x3kkWj5;
    TheFirstONeill
    Jul 2 grneyeddvl - mysql> select username from userid (23386) and replace password x3kkWj5;
    Squid

    It was confirmed by the anonymous Hex member that those were the three members needed to obtain the unanimous vote required for the selling of the site. I also checked the AdminCP logs to find something else.

    GED has been hard deleting accounts under the premise that they are spambots, but he let a couple slip up in the logs:

    July 6 2011 User GrnEyedDvl deleted User Account squid2
    July 6, 2011 User GrnEyedDvl deleted User Account TheSecondONeill
    Most certainly not coincidence. The amount of evidence is most certainly overwhelming, I really don't know what to say, other than that we, as the Curia, need to rise up once again to free the site from the tyranny of it's current administration. It took me a good long two days just to get the guts to post this, but in the end I decided that if we're investing our time into a fake site, I'd rather end up banned than to have this weighing on my conscience.
    Last edited by Magicman2051; March 29, 2012 at 02:24 PM.

  2. #2
    Tribunus
    Join Date
    Jan 2011
    Location
    Ascension, St. Helena
    Posts
    7,336

    Default Re: [VonC]GrnEyedDvl

    This is... whoa.

    I just realised, if you look at this thread you can see a clear pattern in the conversation between GED and Squid, it was staged.
    Last edited by Magicman2051; March 28, 2012 at 09:28 AM.

  3. #3

    Default Re: [VonC]GrnEyedDvl

    Im afraid this news is so very grave, but KILL THE WITCH! Support. On a separate note, where is Gort?

  4. #4
    Augustus Lucifer's Avatar Life = Like a beanstalk
    Patrician Citizen

    Join Date
    Aug 2006
    Location
    Mote of Dust
    Posts
    10,725

    Default Re: [VonC]GrnEyedDvl

    I think now we all know what the green eye is.... it's the eye of an ogre!

  5. #5
    Harry Lime's Avatar Not a ToS violation
    Artifex Moderator Emeritus

    Join Date
    Feb 2005
    Location
    Kent, England
    Posts
    15,771

    Default Re: [VonC]GrnEyedDvl

    I'm sorry but technical logs mean nothing to me and I don't know what a hash is for, except eating or smoking. Are you saying that GED has access to all our passwords now? Has he replaced the aforementioned Hex members with his own presence? I thought I hadn't seen TFON around but put that down to Man City's haltering form. Squid, however I spoke to the other day although he didn't seem as friendly as usual, I still can't believe it was GED incognito, if that's what you're saying.
    Last edited by Harry Lime; March 28, 2012 at 09:33 AM.
    Proud Patron of derdrakken, dave scarface, J@mes & irishron
    Indulging in the insight & intelligence of imb39

  6. #6
    Augustus Lucifer's Avatar Life = Like a beanstalk
    Patrician Citizen

    Join Date
    Aug 2006
    Location
    Mote of Dust
    Posts
    10,725

    Default Re: [VonC]GrnEyedDvl

    Quote Originally Posted by Harry Lime View Post
    I'm sorry but technical logs mean nothing to mean and I don't know what a hash is for, except eating or smoking. Are you saying that GED has access to all our passwords now? Has he replaced the aforementioned Hex members with his own presence? I thought I hadn't seen TFON around but put that down to Man City's haltering form. Squid, however I spoke to the other day although he didn't seem as friendly as usual, I still can't believe it was GED incognito, if that's what you're saying.
    The database doesn't store passwords in plain text format, it "hashes" them by running them through a hashing algorithm and adding a salt value, which makes them look like they're stored as gibberish. It uses that value to transform your text input when you login to what the database recognizes, so that if someone did get their hands on a password file somewhere it'd require them to do some cracking of the hash algorithm.

    I believe vBulletin currently uses SHA-1 hashing, which isn't the most secure due to the fact it produces a code with less bits, and may be vulnerable to collision attacks. vBulletin 4 did upgrade the hash to SHA-2, which is a couple of orders of magnitude more difficult to crack (nobody has even suggested a viable disturbance vector to my knowledge). Makes you wonder why the vB4 upgrade has been taking so long.......

  7. #7

    Default Re: [VonC]GrnEyedDvl

    I think this runs far deeper Harry, I think GED may even have infiltrated the Council that cannot be named

  8. #8

    Default Re: [VonC]GrnEyedDvl

    It's possible to change the passwords via the ACP or MySQL Query (which is what he ended up doing) but cracking their passwords, and logging directly into their accounts to change them would leave far less of a trail.
    Under the Patronage of Leonidas the Lion|Patron of Imperator of Rome - Dewy - Crazyeyesreaper|American and Proud

  9. #9

    Default Re: [VonC]GrnEyedDvl

    When will Martial Law be coming into effect? As I need to hide some stuff

  10. #10
    Harry Lime's Avatar Not a ToS violation
    Artifex Moderator Emeritus

    Join Date
    Feb 2005
    Location
    Kent, England
    Posts
    15,771

    Default Re: [VonC]GrnEyedDvl

    Quote Originally Posted by Major Darling View Post
    I think this runs far deeper Harry, I think GED may even have infiltrated the Council that cannot be named
    You mean the Sanhedrin? Yes, I named it and now I'm damned but it doesn't matter any more. It went when he went.

    Quote Originally Posted by Augustus Lucifer View Post
    The database doesn't store passwords in plain text format, it "hashes" them by running them through a hashing algorithm and adding a salt value, which makes them look like they're stored as gibberish. It uses that value to transform your text input when you login to what the database recognizes, so that if someone did get their hands on a password file somewhere it'd require them to do some cracking of the hash algorithm.

    I believe vBulletin currently uses SHA-1 hashing, which isn't the most secure due to the fact it produces a code with less bits, and may be vulnerable to collision attacks. vBulletin 4 did upgrade the hash to SHA-2, which is a couple of orders of magnitude more difficult to crack (nobody has even suggested a viable disturbance vector to my knowledge). Makes you wonder why the vB4 upgrade has been taking so long.......
    Yes, that is suspicious but I'm holding back on jumping to assumptions until....

    a) I hear some corroborating evidence. Bolk could be covering up for something he did.

    b) If the allegations are true, an explanation from GED. There may well be a rational, uncorrupted reason for this.
    Proud Patron of derdrakken, dave scarface, J@mes & irishron
    Indulging in the insight & intelligence of imb39

  11. #11
    GrnEyedDvl's Avatar Liberalism is a Socially Transmitted Disease
    Artifex Technical Staff

    Join Date
    Jan 2007
    Location
    Denver CO
    Posts
    23,851
    Blog Entries
    10

    Default Re: [VonC]GrnEyedDvl

    Quote Originally Posted by Harry Lime View Post
    b) If the allegations are true, an explanation from GED. There may well be a rational, uncorrupted reason for this.
    I dont have to explain a god damned thing.

  12. #12

    Default Re: [VonC]GrnEyedDvl

    Quote Originally Posted by GrnEyedDvl View Post
    I dont have to explain a god damned thing.
    Except you do. You've said it yourself multiple times that this is just as much everyone else's site as it is yours. We're the people that make it up, the people that keep it running. If it weren't for us, you would have a ing site to buy, let alone explain! I'll be honest, I would have supported you buying the site regardless, but if you're gonna go around sneaking and changing stuff like that, you can forget it, I don't want to be a part of it.
    Under the Patronage of Leonidas the Lion|Patron of Imperator of Rome - Dewy - Crazyeyesreaper|American and Proud

  13. #13
    Hobbes's Avatar Vicarius Provinciae
    Join Date
    May 2008
    Location
    Hobs Crk
    Posts
    10,684

    Default Re: [VonC]GrnEyedDvl

    Quote Originally Posted by GrnEyedDvl View Post
    I dont have to explain a god damned thing.
    Is that because you can't or because you want appear superior? Please GED, you must have something to say, I mean you are being accused of manipulation, you can't just ignore it.

    BLM - ANTIFA - A.C.A.B. - ANARCHY - ANTI-NATIONALISM

  14. #14
    Harry Lime's Avatar Not a ToS violation
    Artifex Moderator Emeritus

    Join Date
    Feb 2005
    Location
    Kent, England
    Posts
    15,771

    Default Re: [VonC]GrnEyedDvl

    Quote Originally Posted by GrnEyedDvl View Post
    I dont have to explain a god damned thing.
    Excuse me? As one of the members who brought you into Hex in the first place I would expect at least a modicum of respect and a great deal more accountability in explaining your actions. I was willing to give you the benefit of the doubt but your removal of the Tech staff is damning enough evidence. If you really wanted to cover stuff up you should have permabanned them and then we would be right back to Ogre again, wouldn't we? Which, and I'm assuming here, would be what you wanted all along. A not so benevolent dictatorship. I can't see any other explanation here......unless you can give one?

    If this isn't sorted out quickly and to everyone's satisfaction (probably not yours) I can see mass resignations from staff, some very dodgy moderators being appointed, well-respected members of this house banned for stating their opposition and hurried phone-calls in airports. It's funny how history repeats itself.
    Proud Patron of derdrakken, dave scarface, J@mes & irishron
    Indulging in the insight & intelligence of imb39

  15. #15
    Aikanár's Avatar no vaseline
    Join Date
    Mar 2009
    Location
    Sanctuary
    Posts
    12,516
    Blog Entries
    3

    Default Re: [VonC]GrnEyedDvl

    So this it was, what Aradan was talking about on msn...


    Son of Louis Lux, brother of MaxMazi, father of Squeaks, Makrell, Kaiser Leonidas, Iskar, Neadal, Sheridan, Bercor and HigoChumbo, house of Siblesz

    Not everything that counts can be counted, and not everything that can be counted counts.

  16. #16

    Default Re: [VonC]GrnEyedDvl



    Ill have none of that in here please GED..

  17. #17
    GrnEyedDvl's Avatar Liberalism is a Socially Transmitted Disease
    Artifex Technical Staff

    Join Date
    Jan 2007
    Location
    Denver CO
    Posts
    23,851
    Blog Entries
    10

    Default Re: [VonC]GrnEyedDvl

    You are right MD. Maybe I should just close this useless section of the site.

  18. #18
    Acco's Avatar Дијана
    Join Date
    Nov 2008
    Location
    Minsk, Belarus
    Posts
    3,500

    Default Re: [VonC]GrnEyedDvl

    Quote Originally Posted by GrnEyedDvl View Post
    You are right MD. Maybe I should just close this useless section of the site.
    This is a pretty serious allegation and I'd like an answer to it.
    На Запад масивно сиви облаци
    Од Исток сонце и вистина излези
    Macedonia

  19. #19

    Default Re: [VonC]GrnEyedDvl

    Quote Originally Posted by Acco View Post
    This is a pretty serious allegation and I'd like an answer to it.
    You'll probably be waiting a long time.

  20. #20
    Tribunus
    Join Date
    Jan 2011
    Location
    Ascension, St. Helena
    Posts
    7,336

    Default Re: [VonC]GrnEyedDvl

    I don't think you're being particularly reasonable, at least address the matter with a "yes" or "no".

Page 1 of 12 1234567891011 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •