It's a legit breach. The intruder claiming to be "anonymous" (what a joke) is actually some noob who is in effect using gosensations to generate money using a bitcoin javascript miner.
edit: effectively > in effect
| Life In 19x19 http://www.lifein19x19.com/ |
|
| Go Sensations website hacked http://www.lifein19x19.com/viewtopic.php?f=10&t=5667 |
Page 1 of 1 |
| Author: | badukJr [ Wed Mar 14, 2012 9:27 pm ] |
| Post subject: | Go Sensations website hacked |
The website got completely defaced today... |
|
| Author: | hermitek [ Thu Mar 15, 2012 1:00 am ] |
| Post subject: | Re: Go Sensations website hacked |
It was already hacked on 21. february. I guess they don't care about security much. |
|
| Author: | Kaya.gs [ Thu Mar 15, 2012 12:02 pm ] |
| Post subject: | Re: Go Sensations website hacked |
Im actually quite surprised at this. Go4Go was affected the same way which can say this was pretty targeted. Specially because there is really no motivation whatsoever to "hack" a site like GoSensations, which has absolutely no security value whatsoever. |
|
| Author: | uPWarrior [ Thu Mar 15, 2012 12:11 pm ] |
| Post subject: | Re: Go Sensations website hacked |
hermitek wrote: It was already hacked on 21. february. I guess they don't care about security much. That's likely not the issue here. This are go websites after all, so they are not run by professional web developers and big companies. I wouldn't be surprised if they didn't know how the attackers got those privileges on the first place. |
|
| Author: | badukJr [ Thu Mar 15, 2012 12:14 pm ] |
| Post subject: | Re: Go Sensations website hacked |
Kaya.gs wrote: Im actually quite surprised at this. Go4Go was affected the same way which can say this was pretty targeted. Specially because there is really no motivation whatsoever to "hack" a site like GoSensations, which has absolutely no security value whatsoever. That's why security by obscurity is a failed idea. I hope that is considered for your website. |
|
| Author: | RBerenguel [ Thu Mar 15, 2012 12:18 pm ] |
| Post subject: | Re: Go Sensations website hacked |
Security by obscurity is not the issue here (and usually in most web attacks): any web page online can be hacked. My Google account could be compromised, my VPS server could be compromised. And there's no obscurity roaming around: I have a Google account (obviously), and my VPS runs Arch Linux (although I use a high entropy, long passphrase) |
|
| Author: | brodie [ Mon Mar 19, 2012 1:14 am ] |
| Post subject: | Re: Go Sensations website hacked |
For those that have said that x is likely not the issue here, what do you suppose the issue was? A hacker practicing, goofing off, or a kid that lost his last game on kgs by a half moku and was pissed at the go world? |
|
| Author: | RBerenguel [ Mon Mar 19, 2012 2:45 am ] |
| Post subject: | Re: Go Sensations website hacked |
Brodie, it was probably someone running an automated server scanner probably tied to an automated hacking tool. If the server is unprotected, bam. No need for it to be a go player, know the site or anything: you just run it against a list of IPs and a bell rings when one server can be hacked. Security by obscurity is a way to secure a site (or something) just not telling how it was done. For example, if you use a custom built operating system or webserver stack (one you did in your spare time), it is only secure because no-one has cared to look at how to crack it, not because it is top-notch secure. |
|
| Author: | daal [ Mon Mar 19, 2012 3:15 pm ] |
| Post subject: | Re: Go Sensations website hacked |
RBerenguel wrote: ...No need for it to be a go player... 'Cept that his hack included a message that he had also hacked a series of go-related websites. |
|
| Author: | RBerenguel [ Mon Mar 19, 2012 4:06 pm ] |
| Post subject: | Re: Go Sensations website hacked |
It was a message in the RSS feeds/subsections. I thought that "hacked" was referring to these parts. Also afaik KGS has never been hacked. |
|
| Author: | brodie [ Sun Apr 01, 2012 12:02 pm ] |
| Post subject: | Re: Go Sensations website hacked |
Seems to have happened again, but under the Tygem section, and this time with the signature of Anonymous. Unless, of course, this is an April Fool's joke by Go Sensations lampooning their security problems a little while back. I'm not sure, neither of them quite seem to make sense... |
|
| Author: | balistic [ Sun Apr 01, 2012 6:55 pm ] |
| Post subject: | Re: Go Sensations website hacked |
It's a legit breach. The intruder claiming to be "anonymous" (what a joke) is actually some noob who is in effect using gosensations to generate money using a bitcoin javascript miner. edit: effectively > in effect |
|
| Author: | Grisalger [ Sun Apr 01, 2012 11:19 pm ] |
| Post subject: | Re: Go Sensations website hacked |
balistic wrote: It's a legit breach. The intruder claiming to be "anonymous" (what a joke) is actually some noob who is effectivly using gosensations to generate money using a bitcoin javascript miner. Noob question: what does this mean? How can those "anonymus we are legion"-posts make money? |
|
| Author: | cata [ Mon Apr 02, 2012 1:24 am ] |
| Post subject: | Re: Go Sensations website hacked |
They can't make money, it's FUD. This strategy would be less effective than changing the homepage to a Paypal link that says "please send me money, thanks." |
|
| Author: | Grisalger [ Mon Apr 02, 2012 2:02 am ] |
| Post subject: | Re: Go Sensations website hacked |
So it is not effectively generating any money then? I am still curious about what the strategy is. How does someone believe he will make money by posting on gosensations, I can't come up with a strategy that would work even in the imagination of the most delusional. I have no idea about any of this. It's as mysterious to me like ko to a 30 kyu. |
|
| Author: | cata [ Mon Apr 02, 2012 2:14 am ] |
| Post subject: | Re: Go Sensations website hacked |
The strategy is running code on your browser to slowly mine bitcoins, but if you don't already understand the idea of Bitcoin, be prepared to spend some time figuring it out. It's ineffective because the processing power of all the computers visiting the hacked page isn't likely to amount to a penny worth of bitcoins. |
|
| Author: | Grisalger [ Mon Apr 02, 2012 2:35 am ] |
| Post subject: | Re: Go Sensations website hacked |
I see, thanks for the explanation. This thing got me wondering enough to actually make a post here, even though discussing go was of course my original intention when I first registered. |
|
| Author: | Phelan [ Fri Sep 07, 2012 6:42 am ] |
| Post subject: | Re: Go Sensations website hacked |
Kaya.gs wrote: Im actually quite surprised at this. Go4Go was affected the same way which can say this was pretty targeted. Specially because there is really no motivation whatsoever to "hack" a site like GoSensations, which has absolutely no security value whatsoever. Just went to go4go, and found a spam post there, but found no way to report it. |
|
| Page 1 of 1 | All times are UTC - 8 hours [ DST ] |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|