Nexus hacking

[wrinklyninja]

My 2p is that the kid should be reported to the police, his ISP and his parents. It's illegal to do what he did, and he is causing damage, so he needs to learn the lesson that such things are wrong and shall not go unpunished. On that note, if you can take any other legal action that will affect him negatively, that should be explored too.

 

Otherwise, we just risk this child prankster turning into an actual threat as he grows older, and that's something that should be avoided. Nip criminality in the bud, I say.

[Zalpha]

At least you found out about the hacking... I got two spam mails as well from this but it is in my spam filter so I don’t care... Anyway I say take legal action, it is a crime and all/most of your users have been targeted in this attack.

 

What was/is up with the +10,000 downloads on each of the servers? :s

Was it part of the attack or part of new mass advertising of the site?

 

[ertyty222]

I have get five spam mails because of that kid

[metalhead661]

First of all thank you for being honest about this incident which is rather rare these days.

 

As you mention there was full DB access it might be a wise course to enforce a password reset, since there is a possibility the database has been duplicated for password harvesting regardles if they are hashed. (unless acces logs tell otherwise)

 

Further more it is kind of strange/dumb that the cracker used no masking which makes you wonder if the person you traced really is the culprit.

 

Sure there are scriptkiddies who use metasploit stuff etc without thinking, but rarely they get full DB access.

You mention that there has been attempts to adjust the forum skins (possible c99 or similar attempt?) It is hard to rule out that the kid got hit himself by a attacker.

 

It doesn't sound like a simple deface attempt and even the most basic kid knows masking, either he is really dumb overconfident or we got a classic case of scapegoating.

 

Just a take on the situation.

[rodelbanares]

yes, after years of safe emailing using gmail, i recently experienced spams being sent using my email without my knowledge. I guess this post explains a lot. Thanks for the heads up.

[Spaceritual]

Good point on an earlier post is what information did he/she get access to besides email addresses...anyway hang the little blighter...erm..I mean tell him off severely..

[Argomirr]

Oh, got them in my spam folder too.

 

He had access to everything int he database? Time for a password change, then :P

[sicknightdrive]

lol it's all good I never use my email account that's on this site. You keep doing good work

[Maigrets]

I found this thread too late. I can't login to the forum so I can't change my password (fixed), plus my Yahoo Inbox was inundated with 50% more garbage than usual. Thank goodness it wasn't my personal email address.

 

I appreciate the effort that's being made to fix the issue and and hope that "person" is prosecuted to the fullest extent. It's no-one's fault but hishers and no reflection on Tesnexus. It could happen to any site any time.

 

EDIT: I managed to change my password after all and can now login.

Edited December 10, 2010 by Maigrets

[ArmedMonkey]

If he's clever enough to do this, and malicious enough to do something other than send us an e-mail himself or make a naughty post on the front page, script kiddie or not, child or not, I think you should drop the hammer and dispense some indiscriminate justice.

 

That's how people get started on the road to being serious spammer, scammers and malware creators.