I just noticed that cfs new web site has been hacked. for what its worth, I've noticed that there seem to be a lot of ftp bot attacks against my machines lately. don't know if that's how they got in, but lock down your ftp and (if possible) set firewall to block intruders after 10 or more bad passwords.
I've spent countless hours over many many years on computers and the internet... of those... I've spent 0 seconds attempting to hack someone elses computer or site.
I'm sorry for CFS... I hope they had backups.
Thanks for the thoughts! I've not written in here much, but this time I feel you should know what we have been up against.
We have been under constant (daily) attack, by the same two individuals (you know who they are), for many months. They continue to try to get in to our game server thru our server company, thru our IP's, and thru other means. Some of that "activity" was the reason we moved the server from Dallas to Chicago. Security Issues
A couple of weeks ago, after a long review of the server shots and other info, we decided to make the information public and to make them the "Hack Stars" they want to be. We sent notices to the teams we maintain contact with, and then listed their names on the front page (of our web page) for all to see... and to get them the "attention" they so deserve (LOL). Shortly after that, we were hacked! Imagine that! Coincidence had nothing to do with it! They are hackers, they are a threat to all teams out there, and to every home and commercial server they can get IP's for. You (all) need to watch your equipment, it's not safe anymore.
Actually Rotor, no I don't... but I don't really mean that much to the community anymore. However, I am a bit concerned with the way these fellas are treating people I've seen and trusted in this community for years...Originally Posted by Rotor6
I think to join this site now, you are going to have to know someone here... and get them to vouch for you. (like a current member)..
Rotor you need to delete your web page and every thing you have on your ftp site. the longer it stays like that the beter they feel. Over the years they have gotten use a total of 5 times. As far as your game server goes if its a commerial game server you are paying for you should not have to worrry much about them hacking it. If its one that someone has up and running c4 on then install Black Ice on it, should take care of them there. Like Wiper said more then likely your ftp site lock, it down use looong passwords and change it often. The last 2 times we got hacked it was thru the mail program. We don't use one any more, shame a lot of sorry people in this word.
Thanks for the advice RB. We're working to get it back up, and I'll pass the info on to our Web Guys.
We really angry to see such practices in our community .
The words are not strong enough to say what we feel; if french players can help you we will do so with pleasure
Thats actualy a good defacement, i liked the " 'wtf? why are you right clicking?! ty' " bit. was much better than the garbage one someone did to my squads site.
Anyway have your webmaster go over the history part in the control panel on the site and look for any refferals from HTTP ://site.team-ma.net/ they will get the IP and can report the hack to their ISP and the authorities where they are.
For passwords use random numbers and letters(random caps in it) such as nQy934tuV8, also do the same for usernames. 8 to 10 characters should suffice if random.
ONLY the webmaster and owner should have complete FTP and host control panel access, all others should only have what they need. Take Blue for an example, he has root access here as owner/webmaster but if he gave me super admin rights and FTP I would only have the forums/website control panel and not the site hosts control panel, and my FTP would be limited to a few non essential folders. for lesser admins what they can do in the control panels would be restricted further. but Always keep the main site control panel to webmaster and owner only.
Another issue is, and this is exampled here on CPD for what not to do. dont show version numbers for portals and forums in the footer. change it to something like: Powered by vBulletin® Version x.x.x . this way a script kiddie must use different scripts for each version rather than know exactly what version they are hacking, and they will stand out like a sore thumb in the error/access logs. Blue, ya may want to fix that lol....
Last bit of advice, backup often, the more the site gets updated the more times you back it up. best you judge for yourself on how long to backup, if you dont mind losing a weeks worth of posts, backup weekly, 2 weeks worth of posts.... anytime the site is updated you should imediatly backup that part as well. most of the time you will need to backup the database, but you should have a backup of the site itself on hand and ready for upload.
I'm not sure that doesn't violate their license agreement.
Thanks for all the advice and input. I'm passing it on for review and implementation. We appreciate the responses we have recieved from the community and appreciate your concerns. We hope the information shared here will prevent future attacks and will strengthen the resolve of what's left of the C4 Community to fight back.
Rotor6 *CFS*
We are back up and although not 100%, we are still back up... Thanks for the help and support!
Rotor6 *CFS*
I'm getting an error...
Not Found
The requested document was not found on this server.
Web Server at c4cfs.com
If they distribute it with the version number removed then it would be a violation of the EULA. you are allowed to modify the php, but not allowed to distribute again unless in its original format. ofcourse the footer requires the creators name in it, but the version number is changeable, such as if you do a mod for vBulletin and include a footer such as:
Powered by vBulletin® CPD© Version 1.1.1
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
© 2001-2008, Checkpointdelta.net
would be legal. look at PHP Nuke and see there is RavenNuke but it is PHP Nuke 7.6 with some extra addons and more secure.
anyway as long as the original info on the footer is available such as who made it, no lawyer is going to touch it because it was free to begin with And EULA's are a legal joke for freeware and free web portals, most are in a readme file and not part of an install package.
Oh another thing is these web portals and forums that are free, use the open source license(GNU), if you modify it, a notation in the file's header is there with the original makers name and other info. this must be left there but can have more added, such as example and index for vBulletin:
Code:/*************************************************************************** * index.php * ------------------- * begin : Saturday, Feb 13, 2001 * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * * Id: index.php,v 1.99.2.3 2004/07/11 16:46:15 acydburn Exp * * modified by 1 drunk guy * version 1.1.1 * email: 1drunkguy@drunkguys.com. ***************************************************************************/ /*************************************************************************** * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * ***************************************************************************
It's back down for work.. It was up, but some of the pages within weren't ready. I'm getting the WEB Guys to read up on the info here...
Thanks!
Rotor6 *CFS*
Posting Permissions
