FlyHabbo, ThisHabbo,HabboHeights hacked, ThisHabbo's DB has been leaked.

THE GERMANS ARE HACKING AGAIN, LOCK YOUR HABBO HOTEL ROOMS (WITH PASSWORDS) SO NO ONE CAN GET IN

Recursion is rampaging.

Recursion told me that the server password was hunter2.

I hope habbox has locked the back door

Any idea on how its happening / how we can secure?

Any idea on how its happening / how we can secure?
Some are on vb3

Some are on vb3

Any more info on that haha, what is the vulnerability? ThisHabbo is a VB4 as well.

They probably don't block external MySQL connections.

vBulletin released a security patch a week or so ago, maybe they didn't patch their installs? Could be a release to patch up that Heartbleed exploit.

everyone report them and have them removed from official

lets hope some more are hacked habbox gna be on top again :)

http://blog.vh1.com/files/2010/12/252_bball2_gif1.gif

habbohut was hacked as well.

I have db's for all of them :o

rest in peace habbo fansites 28/4/14

I have db's for all of them :o
any pws not encrypted?

bloody dutch hackers i have locked my tubmaster in my room hopefully will be ok

any pws not encrypted?

bloody dutch hackers i have locked my tubmaster in my room hopefully will be ok

All encrypted. Although you'd be silly not to use a total random password on those sites :P

I can confirm breaches are being attempted on HFFM, however we don't believe it has been breached as of yet.

habbohut was hacked as well.

Beat me too it :P

I can confirm breaches are being attempted on HFFM, however we don't believe it has been breached as of yet.
"as of yet" sound very confident :P

anybody have any clue as to who is doing this? is it sierk?

I can confirm breaches are being attempted on HFFM, however we don't believe it has been breached as of yet.


"as of yet" sound very confident :P

anybody have any clue as to who is doing this? is it sierk?
hffm will go down fast, Wonder what breach they are using...
Either way thanks for the emails hackers, I will use these for educational purposes only.
kyle expect an email x

there should be a warning on HXF to change your password if you use it ... elsewhere

looks like almost every site has been hacked apart from Habbox and hffm

there should be a warning on HXF to change your password if you use it ... elsewhere

looks like almost every site has been hacked apart from Habbox and hffm

no lol, maybe official but unofficial theres hundreds :P

hffm will go down fast, Wonder what breach they are using...
Either way thanks for the emails hackers, I will use these for educational purposes only.
kyle expect an email x
if only I knew what email I used for habbohut... probably my habboforum 1 that I can no longer access lol!!

yeah I meant the official sites oops

Has Habhome been breached?

if only I knew what email I used for habbohut... probably my habboforum 1 that I can no longer access lol!!

is that the only one your registered to? :(

Accipiter; who is in charge of the backend of hffm forum?

- - - Updated - - -


is that the only one your registered to? :(
yes I make a point of not registering to other fansites because I know that if their security isn't awful then they're just as susceptible to socially engineered 'hacks' when they have like 20 admins per site. I'm only registered to habbohut cos I was events manager there way back when!

hffm will go down fast, Wonder what breach they are using...
Either way thanks for the emails hackers, I will use these for educational purposes only.
kyle expect an email x

What makes you say this?

What makes you say this?

Lots of admins, Lots of risks. You also have a ton of plugins. Can just see a injection or how ever they are doing it, taking place in the next hr or so.

Aside from poor management and terrible security, does anybody know what plugins these forums had in common?

Aside from poor management and terrible security, does anybody know what plugins these forums had in common?

Potentially ajax thread update (which habbox were going to install on here)

Does anyone know if it was the thread ignore plugin, if it was then that'd be grand.

Does anyone know if it was the thread ignore plugin, if it was then that'd be grand.

chippie u aint staff no more, I want to see ChippieJin become the boss on habbo

chippie u aint staff no more, I want to see ChippieJin become the boss on habbo

wat

Lots of admins, Lots of risks. You also have a ton of plugins. Can just see a injection or how ever they are doing it, taking place in the next hr or so.

From what we have seen we are just being attacked by other database leaks at the moment

Close down your forums! The hacker might be targeting you next!

From what we have seen we are just being attacked by other database leaks at the moment
Id put this in the top of your config, Until the rough sea's are over and potentially vBulletin show some light to the matter;

// define('DISABLE_HOOKS', true);

Close down your forums! The hacker might be targeting you next!
er that aint gonna help no one

Close down your forums! The hacker might be targeting you next!
love how you made an account just to post this, so cute

Id put this in the top of your config, Until the rough sea's are over and potentially vBulletin show some light to the matter;

// define('DISABLE_HOOKS', true);

er that aint gonna help no one

Cheers I've fed it back!

They seem to be hacking the forum databases through the 'Like' plug-in feature. It seems they're searching through forums to find things to do with thanks and likes.

They seem to be hacking the forum databases through the 'Like' plug-in feature. It seems they're searching through forums to find things to do with thanks and likes.

DragonByte Tech: Advanced Post Thanks / Like (Pro)

By any chance?

DragonByte Tech: Advanced Post Thanks / Like (Pro)

By any chance?

not sure they're scanning the files:
thankyoulike.php
tylsearch.php

I aint no expert, I'm not the brains.

not sure they're scanning the files:
thankyoulike.php
tylsearch.php

I aint no expert, I'm not the brains.
tylsearch? Whats that

tylsearch? Whats that
thank you likes?

What exactly does it mean when a database is leaked/hacked?

Okay just downloaded;
http://www.vbulletin.org/forum/showthread.php?t=231666&highlight=thank+you+likes

Its not that one.
http://www.vbulletin.org/forum/showthread.php?t=243510&highlight=thank+you+likes

Nor that one, They don't have the stuff you guys have searched for.

God knows ;l
HabboHut had stupid stuff installed like that silly facebook like thing that follows

- - - Updated - - -


From what we have seen we are just being attacked by other database leaks at the moment

Why do people on your site think im the hacker :(
http://tashload.com/Uploader/uploads//YNmtanY.png

Okay just downloaded;
http://www.vbulletin.org/forum/showthread.php?t=231666&highlight=thank+you+likes

Its not that one.
http://www.vbulletin.org/forum/showthread.php?t=243510&highlight=thank+you+likes

Nor that one, They don't have the stuff you guys have searched for.

God knows ;l
HabboHut had stupid stuff installed like that silly facebook like thing that follows

- - - Updated - - -



Why do people on your site think im the hacker :(
http://tashload.com/Uploader/uploads//YNmtanY.png

He's on here too.

Wassap people anyways x

Okay just downloaded;
http://www.vbulletin.org/forum/showthread.php?t=231666&highlight=thank+you+likes

Its not that one.
http://www.vbulletin.org/forum/showthread.php?t=243510&highlight=thank+you+likes

Nor that one, They don't have the stuff you guys have searched for.

God knows ;l
HabboHut had stupid stuff installed like that silly facebook like thing that follows

- - - Updated - - -



Why do people on your site think im the hacker :(
http://tashload.com/Uploader/uploads//YNmtanY.png

LMAO You most have that look ;/

They're a new member to us (i think he posted on here somewhere as well)

LMAO You most have that look ;/

They're a new member to us (i think he posted on here somewhere as well)

Thats the second person ;(

http://tashload.com/Uploader/uploads//dKtAjJY.png

You're feeding them :(

- - - Updated - - -

3rd person;
http://tashload.com/Uploader/uploads//iDpFeYH.png

LMAO Sonny is a troll he'll pull your leg, but i'll verify its not you on the forum!

Lol oh sonny is funny

I am being trolled by the HFFM community :(

I am being trolled by the HFFM community :(

:( dw they even troll me :/

goldenmerc couldnt hack himself out of his mothers uterus

figured it would be the like system

:( dw they even troll me :/

i should be vip to protect and have a body guard.

Did Habbohome or what ever get hacked too?

i should be vip to protect and have a body guard.

Did Habbohome or what ever get hacked too?

I haven't had any notification of them being hacked, however their current security has proven faulty before so I would imagine they will be if they haven't yet

I haven't had any notification of them being hacked, however their current security has proven faulty before so I would imagine they will be if they haven't yet

Aw, no point having a site with poor security.

Anyways im off to bed, NIGGHTTTT

Night! Thanks for the help

Hah - I just remembered my habboxforum pass. Damn crazy all the fan sites going down. I wonder how many people have the same email/pass as there habbo account... If you do I'd suggest you change your habbo account now

habbohut was hacked as well.

Really?!?! My cousin goes on Habbohut and she never heard it was hacked....hmm


People must be sad that they enjoy ruining other fansites...bunch of low lifes! But in the other hand the general managers at the other fansites needs to be more secure then this..come on!

http://habboswat.com has been hacked as well. And all users Passwords and Personal Info was shared on a redirect page. Some how they are redirecting our site. For now I have redirected our site to our twitter!

If it was due to the plugin system, HabHome *should* be fine as they disabled all plugins before anyone tried to target them.

http://habboswat.com has been hacked as well. And all users Passwords and Personal Info was shared on a redirect page. Some how they are redirecting our site. For now I have redirected our site to our twitter!

Did you have any encryption on passwords at all? O.O

Did you have any encryption on passwords at all? O.O

I am not the biggest geek. If IPB "The Forum Software We Use" Had one or not, I am not sure. All I know is I can't figure out how to Stop the redirect. BlueHost scanned our access and Databases and such and found nothing.


Update: Hacker has removed the ZIP Files from the redirect site.

I am not the biggest geek. If IPB "The Forum Software We Use" Had one or not, I am not sure. All I know is I can't figure out how to Stop the redirect. BlueHost scanned our access and Databases and such and found nothing.


Update: Hacker has removed the ZIP Files from the redirect site.

Noticed that the files were removed too, wonder why. IPB will have had encryption so that's alright.

Noticed that the files were removed too, wonder why. IPB will have had encryption so that's alright.

Thanks for saying this. I was feeling really low like a looser for a sec. Its weird that we even got attacked. As we are not official. We are how ever one of the most promoted via Social Media and Mobile App, that bing 1,000s to our site daily.

We ask that if you have any thoughts on, Swat's problem in finding away to stop the redirect, please let us *Me* know. I have dealt with Redirect erros before. I have done all that I know how to do. So please let me know, I don't see other fansites having the redirect problem.

Thanks for saying this. I was feeling really low like a looser for a sec. Its weird that we even got attacked. As we are not official. We are how ever one of the most promoted via Social Media and Mobile App, that bing 1,000s to our site daily.

We ask that if you have any thoughts on, Swat's problem in finding away to stop the redirect, please let us *Me* know. I have dealt with Redirect erros before. I have done all that I know how to do. So please let me know, I don't see other fansites having the redirect problem.

Could be they've embedded a PHP redirect in there seeing as you're saying htacess is clean, but I'm not clued up on Web tech really.

Could be they've embedded a PHP redirect in there seeing as you're saying htacess is clean, but I'm not clued up on Web tech really.

Prob raw html redirect, will be something dead simple hah

Sent from my HTC One using Tapatalk

i've reported all sites which got hacked and they are in the process of being removed! success!

Really?!?! My cousin goes on Habbohut and she never heard it was hacked....hmm


People must be sad that they enjoy ruining other fansites...bunch of low lifes! But in the other hand the general managers at the other fansites needs to be more secure then this..come on!

Some people hack to show the security flaws on a site. They'll hack to prove a point and then email you on how to prevent it. Some touch nothing but others destroy sites!

habbox is clearly supa dupa safe

So Habbox is safe? What will locking rooms do? IDGI

So Habbox is safe? What will locking rooms do? IDGI

that bit was a joke

what a load of ****, people needa grow up

I'm interested in what they actually did to take these sites down. Anyone have any more information?

yeshellothere

Mysterious hackur here: (proof - http://rofl.land/lol.txt)

You're all way off. And the majority of you suck ass.



that's all
thanks



<=3

yeshellothere

Mysterious hackur here: (proof - http://rofl.land/lol.txt)

You're all way off. And the majority of you suck ass.



that's all
thanks



<=3

that link looks dodgy

yeshellothere

Mysterious hackur here: (proof - http://rofl.land/lol.txt)

You're all way off. And the majority of you suck ass.



that's all
thanks



<=3

Shoot me a PM

any pws not encrypted?

bloody dutch hackers i have locked my tubmaster in my room hopefully will be ok

lmao comment of the day

that link looks dodgy

Its a text file lol DODGYYYY

Its a text file lol DODGYYYY

ok!

Really?!?! My cousin goes on Habbohut and she never heard it was hacked....hmm


People must be sad that they enjoy ruining other fansites...bunch of low lifes! But in the other hand the general managers at the other fansites needs to be more secure then this..come on!
Habbohut have posted a thread about it though at 9:25 am AEST yesterday.

Interesting how quickly the hackers hopped from one site to another! Glad Habbox was safe!

Honestly the locking rooms comment made me LOL. I remember when I was a newb and thought that would keep my precious furni safe -eye roll-.

having hard time finding the hidden code that is redirecting our site.

Ctrl+F in Notepad or whatever you use

Type redirect.

Find redirect code in files. Likely done.

If you're using Linux just use grep to search inside files

Ctrl+F in Notepad or whatever you use

Type redirect.

Find redirect code in files. Likely done.

If you're using Linux just use grep to search inside files

Thanks, but this would not have helped as they used a Base69 Encryption, that made the line of code look like:


header(base64_decode('TG9jYXRpb246IGh0dHA6Ly9yb2Zs LmxhbmQv'));

Had to do a lot of digging. First I found out using a site, that Swat's site was being redirected via "Header Coder" Secondly I had to accept the fact that the code could be encrypted, thus causing me to use a website to search for base69 encryptions. The first file that came up, I searched and found that code, I used a decoder to find out what it means, and find out that the line is actually "Double Encrypted" so I take a leap of faith and delete the line. Test my site, and find that it is no longer being redirected! Wott! Wott!

Base69 Encryption

I just burst into hysterical laughter at the bastardisation of Base64 encoding.

Hacking and finding vulnerabilities definitely isn't a good thing. Shows how selfish and self-centered you are. Can't think about anyone else.

Hacking and finding vulnerabilities definitely isn't a good thing.
Not true. Maliciously exploiting the vulnerabilities isn't a good thing. Finding them so they can be fixed is good.

yeshellothere

Mysterious hackur here: (proof - http://rofl.land/lol.txt)

You're all way off. And the majority of you suck ass.



that's all
thanks



<=3

Shot in the dark here but...

$temp = unserialize($check);
add:
$temp = json_decode($check,true);

then running:

serialize($_POST) changed to json_encode($_POST)

PHP object injection?

Pretty sure that was a problem recently, if I remember correctly xxMATTGxx

Shot in the dark here but...

$temp = unserialize($check);
add:
$temp = json_decode($check,true);

then running:

serialize($_POST) changed to json_encode($_POST)

PHP object injection?

Pretty sure that was a problem recently, if I remember correctly xxMATTGxx

PHP object injection is literally useless in vanilla vBulletin. There's no exploitable magic methods. It only becomes a danger when you couple it with poorly made plugins.

Note how one forum was IPB and one was MyBB, too.

I just burst into hysterical laughter at the bastardisation of Base64 encoding.

I have an exam today on Base64 to binary conversion... Why did I see this today hahaha

PHP object injection is literally useless in vanilla vBulletin. There's no exploitable magic methods. It only becomes a danger when you couple it with poorly made plugins.

Note how one forum was IPB and one was MyBB, too.

Ahh I see, I was just wondering about it seeing as vBulletin recently patched something simliar haha

Hacking and finding vulnerabilities definitely isn't a good thing. Shows how selfish and self-centered you are. Can't think about anyone else.

Google Ethical Hacking

Did anyone actually work out the cause?