Report, edit, etc...Posted by DT_Battlekruser on 2006-08-07 at 14:31:04
QUOTE(Syphon @ Aug 7 2006, 10:40 AM)
You have no idea how old Moose is. For all you know he could be younger than DTBK. (Also LW is 17ish if I remeber correctly.)
[right][snapback]541577[/snapback][/right]
[right][snapback]541577[/snapback][/right]
Haha, more rumors
.To answer a few questions that came up in the topic:
We are not talking about replacing IP, so any sort of coding abilities is not required, nor is being able to pay for the server. IP would be staying here to code v5, code v4, pay for the site, and do whatever else he wants.
There are a few community-related things that Global Mods can't do, but Admins can. Thing like changing member groups (banning people by moving them to the Forbidden group, lifting/making IP bans, access to many logs (moderator activity logs, perhaps login logs, I don't know), and adding/changing people's Post Count and Mineral amounts (Global Moderators and Moderators with access to the Warn Panel can only subtract minerals/posts, not add).
Another admin account may make the site somewhat unsafe; however there is a chance the point of entry to SEN by the hacker was a trojan on Moose's computer. Once you can view the ACP, you can reset (but not view) other member's passwords. Another thing that the hacker did was to warn, subtract minerals/posts, and permanently suspend all warnable Staff (this excludes Global Moderators and Administrators, they cannot be warned).
Moose was not removed from power by the hacker; he did it of his own free will. He may or may not resume being an admin after thouroughly scanning his computer for viruses.
A couple names suggested in this thread would probably never work. As mentioned, it would be best to promote a Global Moderator so there was less shaking up of the power structure (so not Kaboomhahahein). Bolt_Head is way to inactive, and he would refuse the job even if he was offered it. If only BeeR was still active...
There's still a significant chance that Moose is only temporarily stepping down.
Report, edit, etc...Posted by Killer_Kow(MM) on 2006-08-07 at 14:37:56
Look at the poem in his siggy... Sort of disturbing if you ask me.
Report, edit, etc...Posted by KaboomHahahein on 2006-08-07 at 14:50:16
I won't be able to do anything towards the site. Besides I think we should just leave it the way it is right now.
Report, edit, etc...Posted by OverTheBelow on 2006-08-07 at 15:00:11
Yeah and maby ruin the future of SeN...
Report, edit, etc...Posted by FatalException on 2006-08-07 at 15:36:16
But isn't IP the root admin? If he gets hacked, there's no way anyone can help it because the root admin has power over everyone and everything in a forum. He can even ban other admins. Since you can't have more than one root admin, I think that getting more admins wouldn't help very much, if at all.
Report, edit, etc...Posted by Cloud on 2006-08-07 at 16:14:37
QUOTE(KaboomHahahein @ Aug 7 2006, 06:49 PM)
I won't be able to do anything towards the site. Besides I think we should just leave it the way it is right now.
[right][snapback]541639[/snapback][/right]
[right][snapback]541639[/snapback][/right]
Yeah, maybe just trash v4 and go on to v5 then clean up the mess?
Report, edit, etc...Posted by Xx.Doom.xX on 2006-08-07 at 16:16:34
Well, since Moose has hit the showers now, it would be nice to have another admin since IP isnt able to come on much.
Report, edit, etc...Posted by SuperToast on 2006-08-07 at 16:50:11
QUOTE(FatalException @ Aug 7 2006, 02:35 PM)
But isn't IP the root admin? If he gets hacked, there's no way anyone can help it because the root admin has power over everyone and everything in a forum. He can even ban other admins. Since you can't have more than one root admin, I think that getting more admins wouldn't help very much, if at all.
[right][snapback]541694[/snapback][/right]
[right][snapback]541694[/snapback][/right]
Agreed.
If IP gets hacked, it's game over. Reset from the back up and disable the account till the vulnerability is fixed.
Report, edit, etc...Posted by DT_Battlekruser on 2006-08-07 at 16:55:12
QUOTE(FatalException @ Aug 7 2006, 12:35 PM)
But isn't IP the root admin? If he gets hacked, there's no way anyone can help it because the root admin has power over everyone and everything in a forum. He can even ban other admins. Since you can't have more than one root admin, I think that getting more admins wouldn't help very much, if at all.
[right][snapback]541694[/snapback][/right]
[right][snapback]541694[/snapback][/right]
What gives you such a crazy idea? Yoshi is technically the root admin, but any member of the "Adiminstrators" group is a root admin. If I was part of that group, I could get rid of IP. IP could get rid of Moose. etc, etc, etc.
Report, edit, etc...Posted by Mini Moose 2707 on 2006-08-07 at 17:17:26
QUOTE(TERRAINFIGHTER @ Aug 7 2006, 08:31 AM)
What would this accomplish?
Last I saw, when they hacked into moose's account the first time, they temporarily banned all the admin.
Last I saw, when they hacked into moose's account the first time, they temporarily banned all the admin.
Banning me or IP on v4 through v4 wouldn't keep us down.
QUOTE(DEAD @ Aug 7 2006, 01:12 PM)
But as he is rather inactive on v4 we could use an active admin who could fix few bugs here and there and do other admin stuff.
Why is it okay for IP to do this but not me? Because I post on v4?
QUOTE(DevliN @ Aug 7 2006, 01:25 PM)
But at the same time if IP's account is hacked and stolen, no one can stop him because he is the sole administrator. The hacker could then have a field day with SEN, messing up anything he wants.
Banning me or IP on a forum wouldn't stop us.
QUOTE(DT_Battlekruser @ Aug 7 2006, 02:30 PM)
There are a few community-related things that Global Mods can't do, but Admins can. Thing like changing member groups (banning people by moving them to the Forbidden group, lifting/making IP bans, access to many logs (moderator activity logs, perhaps login logs, I don't know), and adding/changing people's Post Count and Mineral amounts (Global Moderators and Moderators with access to the Warn Panel can only subtract minerals/posts, not add).
I disabled the whole Admin CP for security under the advice of IP, should anyone break into me or IP's account. I can use it any time I want, but I have to manually change some things to put it back. Giving access to the Admin CP to another person when there IS no Admin CP won't do much good.
QUOTE(DT_Battlekruser @ Aug 7 2006, 02:30 PM)
Moose was not removed from power by the hacker; he did it of his own free will. He may or may not resume being an admin after thouroughly scanning his computer for viruses.[/color]
True.dat. One thing is for sure... I've given up on v4. If and when I do anything, it's going to be on v5 code.
Report, edit, etc...Posted by DevliN on 2006-08-07 at 17:46:27
QUOTE(Mini Moose 2707 @ Aug 7 2006, 02:17 PM)
Banning me or IP on a forum wouldn't stop us.
[right][snapback]541753[/snapback][/right]
[right][snapback]541753[/snapback][/right]
I wasn't talking about banning either of you, I was talking about the possibility fo the hacker stealing IP's account and changing the passwords. I know nothing of how Invision Power Board works per se, but I assume that some one taking the sole administrator's account away from that sole administrator would be able to get away with murder.
EDIT:
Hmm does this quote...
QUOTE
I disabled the whole Admin CP for security under the advice of IP, should anyone break into me or IP's account. I can use it any time I want, but I have to manually change some things to put it back. Giving access to the Admin CP to another person when there IS no Admin CP won't do much good.
...disprove everything I just said, or does IP's account still have power to do anything he wants? From my experience with IPB, it is my understanding that if the admin's account is taken then whoever takes it controls the entire board without opposition. That's why I ask.
Report, edit, etc...Posted by SuperToast on 2006-08-07 at 17:54:20
I think your making too much out of a single issue. It may happen where IP gets his account hijacked, but adding another admin account won't do anything to help that.
To be perfectly frank, a hacker could possible use one of the various injection or spoofing exploits and simply make a new account as an admin and bypass that whole issue.
After reading around I think this might be what happened to moose in the first place. The hacker just sniffed out moose's various hashes from some accessible file on the forums here then just spoofed his referer/cookies to get into moose's account. No bruteforcing or decoding of hashes involved.
To be perfectly frank, a hacker could possible use one of the various injection or spoofing exploits and simply make a new account as an admin and bypass that whole issue.
After reading around I think this might be what happened to moose in the first place. The hacker just sniffed out moose's various hashes from some accessible file on the forums here then just spoofed his referer/cookies to get into moose's account. No bruteforcing or decoding of hashes involved.
Report, edit, etc...Posted by IsolatedPurity on 2006-08-07 at 18:21:21
Wow... crazy topic...
As far as adding another admin... that's a long road no one probably wants to take. It requires putting a lot more into this website than me and moose generally do. If anyone excells in the 4ish major functions of administration, they'll be made an admin over time.
I was made admin because I was at the right place at the right time when Yoshi got overly frustrated with the situation and I had money to pay for the site (I said I knew PHP, and I somewhat did, but not really to the scope it was required -- however, I learn fast). If Moose left and I decided to leave, it would probably happen the same way. As long as I continue to pay for the website, I will never step down, no matter how much life keeps me away from SEN.
Being an only admin is no less secure than having 5 admins. If someone screws with my invision account, I'll just go directly to the database and fix my account. When Yoshi initially made me an admin, I hacked my account to make me an admin because there was no active administration to make me one. Invision is just a crappy interface to real data... and as long as I am in control over the cpanel, I have the ultimate power over the website. If that's taken away, I just call my host and they'll fix the problem.
Did I fix everyone's line of thinking?
As far as adding another admin... that's a long road no one probably wants to take. It requires putting a lot more into this website than me and moose generally do. If anyone excells in the 4ish major functions of administration, they'll be made an admin over time.
I was made admin because I was at the right place at the right time when Yoshi got overly frustrated with the situation and I had money to pay for the site (I said I knew PHP, and I somewhat did, but not really to the scope it was required -- however, I learn fast). If Moose left and I decided to leave, it would probably happen the same way. As long as I continue to pay for the website, I will never step down, no matter how much life keeps me away from SEN.
Being an only admin is no less secure than having 5 admins. If someone screws with my invision account, I'll just go directly to the database and fix my account. When Yoshi initially made me an admin, I hacked my account to make me an admin because there was no active administration to make me one. Invision is just a crappy interface to real data... and as long as I am in control over the cpanel, I have the ultimate power over the website. If that's taken away, I just call my host and they'll fix the problem.
Did I fix everyone's line of thinking?
Report, edit, etc...Posted by FatalException on 2006-08-07 at 18:22:42
QUOTE(DT_Battlekruser @ Aug 7 2006, 01:54 PM)
What gives you such a crazy idea? Yoshi is technically the root admin, but any member of the "Adiminstrators" group is a root admin. If I was part of that group, I could get rid of IP. IP could get rid of Moose. etc, etc, etc.
[right][snapback]541747[/snapback][/right]
[right][snapback]541747[/snapback][/right]
Hmm... On the forums that I own(ed), the root admin account cannot be banned/changed by another admin. Maybe I was using a different version of IPB...
Report, edit, etc...Posted by DevliN on 2006-08-07 at 18:36:41
QUOTE(IsolatedPurity @ Aug 7 2006, 03:20 PM)
Did I fix everyone's line of thinking?
[right][snapback]541771[/snapback][/right]
[right][snapback]541771[/snapback][/right]
Yeah, that about answers all queries I had. Thanks a lot.
I just wanted to be sure that what happened to Moose didn't happen to you, or if it did I would hope there was a way to stop the perpetrator. Well good to know. Thanks again.Report, edit, etc...Posted by SuperToast on 2006-08-07 at 18:39:23
Have you gotten any better idea of what they did to gain access originally?
Report, edit, etc...Posted by IsolatedPurity on 2006-08-07 at 18:50:27
Possibly a cookie hack.
Report, edit, etc...Posted by Cloud on 2006-08-07 at 19:27:50
QUOTE(IsolatedPurity @ Aug 7 2006, 10:20 PM)
Wow... crazy topic...
As far as adding another admin... that's a long road no one probably wants to take. It requires putting a lot more into this website than me and moose generally do. If anyone excells in the 4ish major functions of administration, they'll be made an admin over time.
I was made admin because I was at the right place at the right time when Yoshi got overly frustrated with the situation and I had money to pay for the site (I said I knew PHP, and I somewhat did, but not really to the scope it was required -- however, I learn fast). If Moose left and I decided to leave, it would probably happen the same way. As long as I continue to pay for the website, I will never step down, no matter how much life keeps me away from SEN.
Being an only admin is no less secure than having 5 admins. If someone screws with my invision account, I'll just go directly to the database and fix my account. When Yoshi initially made me an admin, I hacked my account to make me an admin because there was no active administration to make me one. Invision is just a crappy interface to real data... and as long as I am in control over the cpanel, I have the ultimate power over the website. If that's taken away, I just call my host and they'll fix the problem.
Did I fix everyone's line of thinking?
[right][snapback]541771[/snapback][/right]
As far as adding another admin... that's a long road no one probably wants to take. It requires putting a lot more into this website than me and moose generally do. If anyone excells in the 4ish major functions of administration, they'll be made an admin over time.
I was made admin because I was at the right place at the right time when Yoshi got overly frustrated with the situation and I had money to pay for the site (I said I knew PHP, and I somewhat did, but not really to the scope it was required -- however, I learn fast). If Moose left and I decided to leave, it would probably happen the same way. As long as I continue to pay for the website, I will never step down, no matter how much life keeps me away from SEN.
Being an only admin is no less secure than having 5 admins. If someone screws with my invision account, I'll just go directly to the database and fix my account. When Yoshi initially made me an admin, I hacked my account to make me an admin because there was no active administration to make me one. Invision is just a crappy interface to real data... and as long as I am in control over the cpanel, I have the ultimate power over the website. If that's taken away, I just call my host and they'll fix the problem.
Did I fix everyone's line of thinking?
[right][snapback]541771[/snapback][/right]
I'd like to say that I feel the site realy is secure but its still all screwed up and I'm wondering if you guys are planning on restoring it?
Report, edit, etc...Posted by KABOOM on 2006-08-07 at 20:06:38
QUOTE(DEAD @ Aug 7 2006, 07:29 AM)
Same here, I vote for Will. But he would need to be a bit more active and I don't know can he code. Bolt could be an admit too but he is too inactive. I dunno about BOOM2 though.
[right][snapback]541358[/snapback][/right]
[right][snapback]541358[/snapback][/right]
um would that be me? since i came after hahahein? and what u mean...
Report, edit, etc...Posted by Mp)7-7 on 2006-08-07 at 20:22:55
I think if we need to do something I think we should bring Yoshi back for a couple days. Maybe just give i=him temprorary control just to get things back in order. He may know a little about backup too, hopefully there is some because we lost good threads and a lot of minerals and posts for some of us like me!
Report, edit, etc...Posted by KaboomHahahein on 2006-08-07 at 20:25:12
He probably won't want to have admin powers again and I believe he is on vacation right now?
Report, edit, etc...Posted by DevliN on 2006-08-07 at 20:27:30
QUOTE(KABOOM @ Aug 7 2006, 05:06 PM)
um would that be me? since i came after hahahein? and what u mean...
[right][snapback]541870[/snapback][/right]
[right][snapback]541870[/snapback][/right]
I think he meant "Boom, too" but I may be wrong.
QUOTE(7-7 @ Aug 7 2006, 05:22 PM)
I think if we need to do something I think we should bring Yoshi back for a couple days. Maybe just give i=him temprorary control just to get things back in order. He may know a little about backup too, hopefully there is some because we lost good threads and a lot of minerals and posts for some of us like me!
[right][snapback]541881[/snapback][/right]
[right][snapback]541881[/snapback][/right]
I'm not sure Yoshi would be able to do much more that what IP is doing now. I think they have no problems with the backup, its just that the most recent backup replaced the one you all want back. I'm sure IP is doing all he can to try to restore this.
Report, edit, etc...Posted by IsolatedPurity on 2006-08-07 at 20:31:19
We haven't been good admins... we should be backing the database up more frequently . I believe there is an automatic daily backup... but since I couldn't access the cpanel, I had no way of getting it and it probably got overwritten by a new backup.
. I believe there is an automatic daily backup... but since I couldn't access the cpanel, I had no way of getting it and it probably got overwritten by a new backup.Report, edit, etc...Posted by DevliN on 2006-08-07 at 20:34:38
Its ironic that Moose hid the administration cpanel for the safety of SEN but at the same time it causes SEN to go into a panic over a serious lack of posts and minerals.
And yeah, if its a daily back up then going back to it would do nothing since it has been a few days already. Lovelyness.
And yeah, if its a daily back up then going back to it would do nothing since it has been a few days already. Lovelyness.
Report, edit, etc...Posted by ImPoSs-JeEp2 on 2006-08-07 at 21:26:59
QUOTE(IsolatedPurity @ Aug 7 2006, 05:20 PM)
Wow... crazy topic...
As far as adding another admin... that's a long road no one probably wants to take. It requires putting a lot more into this website than me and moose generally do. If anyone excells in the 4ish major functions of administration, they'll be made an admin over time.
I was made admin because I was at the right place at the right time when Yoshi got overly frustrated with the situation and I had money to pay for the site (I said I knew PHP, and I somewhat did, but not really to the scope it was required -- however, I learn fast). If Moose left and I decided to leave, it would probably happen the same way. As long as I continue to pay for the website, I will never step down, no matter how much life keeps me away from SEN.
Being an only admin is no less secure than having 5 admins. If someone screws with my invision account, I'll just go directly to the database and fix my account. When Yoshi initially made me an admin, I hacked my account to make me an admin because there was no active administration to make me one. Invision is just a crappy interface to real data... and as long as I am in control over the cpanel, I have the ultimate power over the website. If that's taken away, I just call my host and they'll fix the problem.
Did I fix everyone's line of thinking?
[right][snapback]541771[/snapback][/right]
As far as adding another admin... that's a long road no one probably wants to take. It requires putting a lot more into this website than me and moose generally do. If anyone excells in the 4ish major functions of administration, they'll be made an admin over time.
I was made admin because I was at the right place at the right time when Yoshi got overly frustrated with the situation and I had money to pay for the site (I said I knew PHP, and I somewhat did, but not really to the scope it was required -- however, I learn fast). If Moose left and I decided to leave, it would probably happen the same way. As long as I continue to pay for the website, I will never step down, no matter how much life keeps me away from SEN.
Being an only admin is no less secure than having 5 admins. If someone screws with my invision account, I'll just go directly to the database and fix my account. When Yoshi initially made me an admin, I hacked my account to make me an admin because there was no active administration to make me one. Invision is just a crappy interface to real data... and as long as I am in control over the cpanel, I have the ultimate power over the website. If that's taken away, I just call my host and they'll fix the problem.
Did I fix everyone's line of thinking?
[right][snapback]541771[/snapback][/right]
I like your speech.
