Mm i was thinking due to the fact of ,jess, getting owned.

Shouldn't habbox have some sort of protection for habbox staff emails.

Such as a new main folder say habboxforum.com/managers instead of /webmail

There the MANAGEMENT would have their emails, and use htaccess or whatever other method to IP filter, so only the selected members of management would be allowed to gain access through their IP.

So they'd have no way to access her email account which would contain her hxf/hxl/hx details and possibly her habbo if she wished.

This way noones gaining access to a managements gmail or whatever, resetting all passwords then redirects/stealing furni/doing shoutouts etc and generally more secure.

just thinking ;P

We are told to register Habboxforum and Habbox accounts separate from our personal accounts and all email addresses are not listed under Joomla or listed on the forum.

What happened to Jess is extremely unfortunate and nobody deserves the level of humiliation they have given her. Hacking the site is one thing but to give away the details they are is despicable. Nobody deserves that.

Security at Habbox is extremely important and this is an unfortunate, and very rare, case.

This wouldnt matter, she downloaded (stupidly?) an istealer therefore showing the passwords and sites she went on so accounts would be comprimised

If Habbox find out the group of people who have done it, they should sue them. It's a shame for Jess, she must be really annoyed and embrassed about it.

I doubt habbox would sue 14 year old kids lol.

And sue = money.

Btw isn't posting someone elses details on their site kinda illegal from like privacy protection acts and such?

No-one deserved what happened to Jess. Its just shocking, just prooves how immature people are these days. Not only that, but they must be pretty sad to sit there "hacking" a forum for teens and kids... How sad can you get?

This wouldnt matter, she downloaded (stupidly?) an istealer therefore showing the passwords and sites she went on so accounts would be comprimised
Firstly, theres no need to make snide comments like that, she made a mistake and i'm sure she could do without abuse right now...
also skot was suggesting something that only lets you sign in if your ip was recognised, so even if they gained passwords, they couldn't steal your ip.

Just as a suggestion a good keyring/password manager would quite easly fix the human error side of things by simply removing the need to actually type passwords in by hand at all? Thus nullifying the effect of key-loggers and removing the need to memorizes your account password leaving the door open to 70 character strings that would add a major security boost "/

Possible standardizing a keyring procedure for habbox staff may be an idea for stopping this kind of thing occurring again, equally since with lower level staff access to the account is not the be all and end all, the worst case of simply loosing your password is really not to bigger deal when higher ups can just reset it, and much less of a nuisance than the risk of the old fashioned method (aka what happened with the hackings)

Ips can change though etc.

Just an unfortunate inncident as indeed security on Habbox is up there.

I believe (and by no means is this a dig at Jess) that this incident can be used as a reminder for personal online security.

Jess fell into a trap that so many people fall into. It could happen to any one of us,

I just think that it's one of those occasions where it highlights the need for security, regular scanning etc.

Jess should not feel embarassed over this issue as it's not her fault it was just a simple mistake.

Originally Posted by Favourtism http://www.habboxforum.com/images/buttons/viewpost.gif (http://www.habboxforum.com/showthread.php?p=5836186#post5836186)
This wouldnt matter, she downloaded (stupidly?) an istealer therefore showing the passwords and sites she went on so accounts would be comprimised


Yeah because she saw someone send it to her on msn under then name iStealer and clicked Accept for the jokes.

Originally Posted by Favourtism http://www.habboxforum.com/images/buttons/viewpost.gif (http://www.habboxforum.com/showthread.php?p=5836186#post5836186)
This wouldnt matter, she downloaded (stupidly?) an istealer therefore showing the passwords and sites she went on so accounts would be comprimised


Yeah because she saw someone send it to her on msn under then name iStealer and clicked Accept for the jokes.
she still downloaded something really stupid, not much difference to what you said and what happened lmao

but surely she knew about basic security ?
i wonder what she accepted blates something like Sam 5 cracked or something

she still downloaded something really stupid, not much difference to what you said and what happened lmaoDidn't you get hacked at one point when you were management?

Personally I think that management should be treated as normal staff when it comes to hackings. If a news reporter was hacked and caused a fuss they wouldn't get their job back and would probably be permanently banned. Yet management seem to get away with it. One rule for the management another for the staff xD (Things like this have happened loads in the past and I'm pretty sure 6 months don't go by without a management member being hacked).

That's because management are constantly targeted - staff aren't. I was reverted but unlike some I had different pws for everything.

That's because management are constantly targeted - staff aren't. I was reverted but unlike some I had different pws for everything.

same but i was fired. when i was SS and News and Senior DJ but i got my forum back when i proved it was me. :)

Your habbox still got compromised and thrones put down to like 1HC and such.

same but i was fired. when i was SS and News and Senior DJ but i got my forum back when i proved it was me. :)
I remember viewing the ***** thread when it happened and your password was really stupid though. Your email was something like
[email protected] and pass was wildthin1 lol?

I think stupid things such as having **** passes or downloading keyloggers should result in a firing tbh.

If Habbox find out the group of people who have done it, they should sue them. It's a shame for Jess, she must be really annoyed and embrassed about it.

Thats legally impossible.

Thats legally impossible.
Although one hell of alot worse is possible, uk computer misuse lays are ridiculous. Unauthorized access alone is 6months-5 years + up to 10,000 fine (from memory), unauthorized access and damaging content is somewhere in the region of up the 25 years + unlimited fine :)
If habbox wanted, it would be quite easy to prosecute the individual involved too. Only reason people get away with this kind of thing is the fact the victims are generally pretty ignorant of the laws.

Habbox could quite easily just get off its ass and make an example after all, may prevent future hackings :)

Although one hell of alot worse is possible, uk computer misuse lays are ridiculous. Unauthorized access alone is 6months-5 years + up to 10,000 fine (from memory), unauthorized access and damaging content is somewhere in the region of up the 25 years + unlimited fine :)
If habbox wanted, it would be quite easy to prosecute the individual involved too. Only reason people get away with this kind of thing is the fact the victims are generally pretty ignorant of the laws.

Habbox could quite easily just get off its ass and make an example after all, may prevent future hackings :)

Yes but you've got to remember all the hoops Habbox would have to jump through, IF they could. These guys aren't stupid, they are using TOR, Web proxies etc and were smart enough to not leave any traces.

Wheres the proof to backup the claims? It's Habbox's word against theirs.

She downloaded a file from someone she probably didn't even know, she deserves everything she gets, I will say the same to anyone on this forum that's stupid enough to accept "LOL DOG PHOTOS.JPG.exe (ohoho)". Myself included if that should ever happen to me (it wont).

If you can't keep your computer secure, buy a goddamn mac or use linux. It's very simple, don't ever click on links without taking 5 seconds to look and see if they're taking you to a site that looks fishy or an executable file.

Tips for not being owndizzled:
don't ever visit a .ru site, nothing good ever comes from there, ever.
don't accept any executable files at all, this includes:
ADE - Microsoft Access Project Extension
ADP - Microsoft Access Project
BAS - Visual Basic Class Module
BAT - Batch File
CHM - Compiled HTML Help File
CMD - Windows NT Command Script
COM - MS-DOS Application
CPL - Control Panel Extension
CRT - Security Certificate
DLL - Dynamic Link Library
DO* - Word Documents and Templates
EXE - Application
HLP - Windows Help File
HTA - HTML Applications
INF - Setup Information File
INS - Internet Communication Settings
ISP - Internet Communication Settings
JS - JScript File
JSE - JScript Encoded Script File
LNK - Shortcut
MDB - Microsoft Access Application
MDE - Microsoft Access MDE Database
MSC - Microsoft Common Console Document
MSI - Windows Installer Package
MSP - Windows Installer Patch
MST - Visual Test Source File
OCX - ActiveX Objects
PCD - Photo CD Image
PIF - Shortcut to MS-DOS Program
POT - PowerPoint Templates
PPT - PowerPoint Files
REG - Registration Entries
SCR - Screen Saver
SCT - Windows Script Component
SHB - Document Shortcut File
SHS - Shell Scrap Object
SYS - System Config/Driver
URL - Internet Shortcut (Uniform Resource Locator)
VB - VBScript File
VBE - VBScript Encoded Script File
VBS - VBScript Script File
WSC - Windows Script Component
WSF - Windows Script File
WSH - Windows Scripting Host Settings File
XL* - Excel Files and Templates

Thanks for playing, it is indeed sad what happened but if you're silly enough to click .exe links then you're the only one to blame.

Habbox could quite easily just get off its ass and make an example after all, may prevent future hackings :)
it deffo would

Yes but you've got to remember all the hoops Habbox would have to jump through, IF they could. These guys aren't stupid, they are using TOR, Web proxies etc and were smart enough to not leave any traces.

Wheres the proof to backup the claims? It's Habbox's word against theirs.
Hoops? Firstly i doubt the script kiddies would even of been smart enough to take such meager precautions, that said even if they did most the added security is an illusion. Even if its enough to stop the average web user tracking you down, the cyber crimes division, the people who would actually do all the "jumping through hoops" were the crime reported, are significant more skilled and capable of subpoenaing companies like hushmail to get them to hand all the relevant info straight over :)

Anonymity on the Internet is just in your head :)

Also, raw access logs, sever logs and the results of the actions tend to work quite well.

After all they are a Habbo fansite, ran by teenagers and a few older members. ALTHOUGH they are a Habbo fansite they still hold thousands of peoples data.

Hoops? Firstly i doubt the script kiddies would even of been smart enough to take such meager precautions, that said even if they did most the added security is an illusion. Even if its enough to stop the average web user tracking you down, the cyber crimes division, the people who would actually do all the "jumping through hoops" were the crime reported, are significant more skilled and capable of subpoenaing companies like hushmail to get them to hand all the relevant info straight over :)

Anonymity on the Internet is just in your head :)

Also, raw access logs, sever logs and the results of the actions tend to work quite well.

You also have to remember:

After all they are a Habbo fansite, ran by teenagers and a few older members. ALTHOUGH they are a Habbo fansite they still hold thousands of peoples data.

You also have to remember:
That stops them reporting a hacking to the police?? o.0

Why is this still going on? Hardly any damage was done and it's no big deal, maybe for Jess but everyone else should just get over it, you're giving the hackers the attention they want even though they shouldn't be proud of it as it was hardly an "owning"

That stops them reporting a hacking to the police?? o.0
No, however this isn't their real life job. Sierk is obviously busy, Jin has exams and what not to worry about and nvrspk4 has a life to run. Reporting it probably isn't worth the hassle. The best thing they can do which is what they will do is take measures to ensure it isn't as likely to happen again.

Plus its police your talking about...

No, however this isn't their real life job. Sierk is obviously busy, Jin has exams and what not to worry about and nvrspk4 has a life to run. Reporting it probably isn't worth the hassle. The best thing they can do which is what they will do is take measures to ensure it isn't as likely to happen again.
So someone gets mugged your advice is it not worth the hassle or reporting it, you have exams/other stuff to do/a life to run ect?? The best thing to do is just let them get away with it and never go outside again (a measure to stop it happening again) ...

Sounds logical to me o.0 Chances are its little more than a phone call and few forms, but its not my site, i don't have to fix anything so up to habbox in the end..

its dlox we are talking about, it will be front page news him walking outside yet alone being arrested for hacking a habbo fansite.

So someone gets mugged your advice is it not worth the hassle or reporting it, you have exams/other stuff to do/a life to run ect?? The best thing to do is just let them get away with it and never go outside again (a measure to stop it happening again) ...

Sounds logical to me o.0 Chances are its little more than a phone call and few forms, but its not my site, i don't have to fix anything so up to habbox in the end..
That would be personal damage, that isn't. You don't have to exaggerate to attempt to prove a point that I've already acknowledged. There was very little damage done, unlike a mugging where you could lose hundreds. Nothing too major happened. It'd be more beneficial for them to spend the time they had to ensure that other managers were aware of said dangers.

That would be personal damage, that isn't. You don't have to exaggerate to attempt to prove a point that I've already acknowledged. There was very little damage done, unlike a mugging where you could lose hundreds. Nothing too major happened. It'd be more beneficial for them to spend the time they had to ensure that other managers were aware of said dangers.

Crimes a crime, but your choice. We pay tax's in order to have the police, so seems to make scene to me to make use of em. Equally you could also loose £2.99 in a mugging depending on what you had on you. Just because damage was minimal this time, doesn't mean it will be next time.

we pay tax for police who do nothing wooo

Crimes a crime, but your choice. We pay tax's in order to have the police, so seems to make scene to me to make use of em. Equally you could also loose £2.99 in a mugging depending on what you had on you. Just because damage was minimal this time, doesn't mean it will be next time.
I've totally ignored the essential point that the police aren't going to take the complaint should one be issued all that serious.

I think [the hacking site that is filtered] itself should be closed down. Someone should contact their host as they're promoting criminal acts

The host is offshore, im sure its hosted by Don aswel so ye. no chance you will just get your ip and email leaked on ***** to be laughed at.

Yeah, I actually got banned on Habbo for telling ludus to do something about it, lol. I assume Habbo have tried... and failed.

I've totally ignored the essential point that the police aren't going to take the complaint should one be issued all that serious.
Shall i take it this is from experience? :rolleyes:

Shall i take it this is from experience? :rolleyes:
Yeah because sierk did so when he was hacked and was told nothing could be done so in fact yes you should ;):rolleyes:

We have, as we usually do with serious cases, been in contact with a member of the British Police and in this case charges will not go forward, for very solid reasons which will remain private, but don't think we didn't seriously consider the option.

As far as the webring you suggested Mentor, not all of the passes that were taken were typed in, about half were actually saved, for example access (try going to www.habboxforum.com/admincp.php? there is that box which we usually save the PW for then you have to login with a forum pass). I'm not tech savvy enough to know if the iStealer would have gotten the webring, but it did get the saved passwords even though they weren't typed in.

IP specific logins would not be doable, I know many staff with dynamic IPs, myself included.

We have, as we usually do with serious cases, been in contact with a member of the British Police and in this case charges will not go forward, for very solid reasons which will remain private, but don't think we didn't seriously consider the option.

As far as the webring you suggested Mentor, not all of the passes that were taken were typed in, about half were actually saved, for example access (try going to www.habboxforum.com/admincp.php? there is that box which we usually save the PW for then you have to login with a forum pass). I'm not tech savvy enough to know if the iStealer would have gotten the webring, but it did get the saved passwords even though they weren't typed in.

IP specific logins would not be doable, I know many staff with dynamic IPs, myself included.
Generally keyrings require a pass to access + are pretty heavily encrypted so are pretty secure :p
Though all depends on what you use, firefox's own is plain text and not all that secure, so chances are whatever this istealer is, managed to nick that with little trouble.

Yeh they got it off her firefox 3

Master Password stops iStealer from jackin' FF passes y0.

Thing is, it would cost habbox a lot of money to sue the people responsible and quite frankly we wouldn't be able to afford it.

About the police thing: (this is me talking to dlox on MSN)

K F U - DLOX OWND HFFM 2K9 LUL says:
*I got contacted today by the western union police station of Leominster.
IMMENSE jake! 8-| says:
*looooooooool
K F U - DLOX OWND HFFM 2K9 LUL says:
*Asking me to stop the misuse of my computer or they will be around to arrest me
*assume thats because of habbox due to *****'s datacenter *removed* a brick over a lawsuit or some *removed*
*so thread had to be deleted.
IMMENSE jake! 8-| says:
*good
*habbox owns dlox!!!

About the police thing: (this is me talking to dlox on MSN)

K F U - DLOX OWND HFFM 2K9 LUL says:
*I got contacted today by the western union police station of Leominster.
IMMENSE jake! 8-| says:
*looooooooool
K F U - DLOX OWND HFFM 2K9 LUL says:
*Asking me to stop the misuse of my computer or they will be around to arrest me
*assume thats because of habbox due to *****'s datacenter *removed* a brick over a lawsuit or some *removed*
*so thread had to be deleted.
IMMENSE jake! 8-| says:
*good
*habbox owns dlox!!!

Fabulous! Great result.

Thing is, it would cost habbox a lot of money to sue the people responsible and quite frankly we wouldn't be able to afford it.

And if Habbox win the hacker would have to pay Habbox's legal fees ;)

How they did humiliate Jess? Did they post her personal details :S if so what kind of personal details?

Posted her address, home fone number, mobile numbers

Did sharedlayer get them to remove the thread then?

i think so, its not there anymore. its most likely in the vip section tho

Did sharedlayer get them to remove the thread then?
Yeah, the hosting was suspended for a few hours then the thread was removedddddd

i am guessing this is about *****?

i am guessing this is about *****?
Yeahhh :P

they are filled with kids (literally kids) who love to swear and hack paypal.
its funny because they think they are leet hacking paypal, but if the person reports them, then paypal will follow up on it and try their best to get the police involved.

i am sure they will be all leet and sick, and their parents will be pleased to know they rob people.

they are no worse than a theif robbing someones house and robbing peoples money online is just as bad. they think its peoples fault for not being secure, but not everyone knows about the dangers of the internet. and its them who create dangers anyway.

so to sum it up, they are theives and when they get caught they will realise how serious it all is and I am sure their parents will be over the moon.

I posted this on there months ago and they think robbing someone in real life is different to robbing someones paypal. shows how clever they really are.

Lack of education due to them skipping school for Hacking 101 on the tinternetz.

Funny thing is, you have to be quite smart to not get caught, which these guys are managing not to do (r.e. that PayPal comment)

Funny thing is, you have to be quite smart to not get caught, which these guys are managing not to do (r.e. that PayPal comment)

That's poor education of the law on our part and also lack of interest of the police. I know if someone hacked me I would've call the police, I'd be far to embarassed.

"Mrs.McCall you say? MRS?"
"It's a long story..."

Actually you dont have to be smart not to get caught, paypal can catch you easily, but they never get police involved.

Funny thing is, you have to be quite smart to not get caught, which these guys are managing not to do (r.e. that PayPal comment)

paypal just get the money back. in the case they cant get the money back they can get the police involved.

i seriously would love to see them arrested and going to the police Y0 LEAVE ME ALONE OR I WILL SEND U A KEYLOGGA

paypal just get the money back. in the case they cant get the money back they can get the police involved.

i seriously would love to see them arrested and going to the police Y0 LEAVE ME ALONE OR I WILL SEND U A KEYLOGGA

In three seperate cases I have had constables sent to erebel's houses :P Their parents were thrilled to hear about it.

About the police thing: (this is me talking to dlox on MSN)

K F U - DLOX OWND HFFM 2K9 LUL says:
*I got contacted today by the western union police station of Leominster.
IMMENSE jake! 8-| says:
*looooooooool
K F U - DLOX OWND HFFM 2K9 LUL says:
*Asking me to stop the misuse of my computer or they will be around to arrest me
*assume thats because of habbox due to *****'s datacenter *removed* a brick over a lawsuit or some *removed*
*so thread had to be deleted.
IMMENSE jake! 8-| says:
*good
*habbox owns dlox!!!
How come you always seem to have them on msn? :S ;) :D :)

In three seperate cases I have had constables sent to erebel's houses :P Their parents were thrilled to hear about it.Are you being serious?

How come you always seem to have them on msn? :S ;) :D :)

Primarily because I've known him for years but in that instance because I had a friend called Amber who works for HFFM on there and he had compromised her account and if I'm right he has caused some disruption on HFFM. Nothing major just spamming announcements and random infractions, I think anyway.

Are you being serious?

i highly doubt it
if it was then voides kid owners will shut it down asap

never the less you cant really blame the "hackers" for all this, Jess had a huge part in it by accepting any sort of file through msn, she should have known the risks.

Well suposidly she downloaded something advertised on habbo according to the person who hacked her, I know she aint stupid enough to do that but still no idea how or who sent her it.

thats even worse, downloading something advertised on habbo.
wow

She didn't :rolleyes: That's what i said lol.
Just like they said she had 40 hcs, and she had 12 :rolleyes:

o
ryt
well they are little wanabe pr0s
like i mean dlox, he cant even go on the pull irl, he has to on Habbo rofl.

They always exaggerate what they compromise to make them look more bad ass than they already are!

Are you being serious?

Absolutely ;) Their crimes fit the punishment though. And I did get one person a warning from his IP for phishing I think, he had phished several Habbox members with his site so when I had his site take it down I also had them provide IP and email the form information was sent to (it was a fake HaboxForum login). People don't realize how easy it is to get them in trouble, you just need to be able to write a cohesive formal email and things get done pretty quickly.

When we got DDOSd long long ago I remember JackHB reported all the IPs to the police. Also the police got involved the time someone stole our domain a while back if anyone remembers when sierk got hacked and everything.

So we do involve the police when necessary. In this case we have specific reasons we aren't going to press charges else we could easily get the police involved as this breaks a lot of rules.

nvr

Justin did fairly well to get that Habbox domain tbh, that was one of the only 'own' i would call a proper own, the rest like giving a istealer to staff is crap

Which people got police visits haha

Which people got police visits haha

THAT would be telling ;)

Can somene just not report ***** for being on a stolen domain?????????

Can somene just not report ***** for being on a stolen domain?????????

Even if it is on a stolen domain, which I believe it isn't, they will just use the backup files from ***** and use another domain, so reporting ***** wont get anyone anywhere

Even if it is on a stolen domain, which I believe it isn't, they will just use the backup files from ***** and use another domain, so reporting ***** wont get anyone anywhere

It is it got admitted by don, the original owner got it stolen by "finch-HIMself"

and it would get somewhere? they would have to use a new domain which would make it **** and they couldn't call it ***** anymore.. and everyone would just think it another **** hack site..

No staff accounts should have any emails linked to them either on Hxf or on the Hx site. Obviously you have to register with one but then they are removed, it came around last year when me and Jake were both hacked on the same day. The Staff editor should remove emails when someone becomes a member of staff so that access cant be gained to there account through email.

Other than that, they should be careful enough not to get keyloggers.

Unfortunate events will always happen though Joe. I think Habbox is safe enough. Originally I thought they needed a new site Admin but after replies from nvr, jin and tom I realised that would actually make things more vulnerable.

Although one hell of alot worse is possible, uk computer misuse lays are ridiculous. Unauthorized access alone is 6months-5 years + up to 10,000 fine (from memory), unauthorized access and damaging content is somewhere in the region of up the 25 years + unlimited fine :)
If habbox wanted, it would be quite easy to prosecute the individual involved too. Only reason people get away with this kind of thing is the fact the victims are generally pretty ignorant of the laws.

Habbox could quite easily just get off its ass and make an example after all, may prevent future hackings :)
I know this post was early on in the thread, but hey ho :P

Habbo are guaranteed to want 99.9% of the earnings, and technically Habbo will claim they own the content.

What Jess needs to do, if possible, is to have different passwords for each website, and to make them completely random, aswell as different emails (3 mininmum) and maybe have password managers deal with the logging in too. I suspect someone already suggested all of these too :P