The problem with this hacking thing

[nvrspk4]

The bigger issue here was actually a little bit of a misunderstanding over passwords where we just couldn't find the right one for a little bit.

The only thing that would have helped them would be access to the root of Habbox which for obvious reasons is given out to the GM, Techie, and Site Owner. While you can reset CPanel PWs the root is the highest level of access.

The way the CPanel works is that the PW can only be changed from the root. Therefore, the managers will be able to go back and forth with the hackers until someone arrives to reset the root. However if the root is taken then its much more difficult.

We would much rather have the site messed up for a couple hours extra than have to deal with the root being compromised.

We try and minimize the number of people having access to things for safety reasons, for a while I made HxL managers send their changes through Mr.OSH after Habbox got hacked last time and we decided on more stringent security measures but gave them access when he went away, and in the end a HxL manager got hacked.

I think the system is fine how it is.

[Immenseman]

The bigger issue here was actually a little bit of a misunderstanding over passwords where we just couldn't find the right one for a little bit.

The only thing that would have helped them would be access to the root of Habbox which for obvious reasons is given out to the GM, Techie, and Site Owner. While you can reset CPanel PWs the root is the highest level of access.

The way the CPanel works is that the PW can only be changed from the root. Therefore, the managers will be able to go back and forth with the hackers until someone arrives to reset the root. However if the root is taken then its much more difficult.

We would much rather have the site messed up for a couple hours extra than have to deal with the root being compromised.

We try and minimize the number of people having access to things for safety reasons, for a while I made HxL managers send their changes through Mr.OSH after Habbox got hacked last time and we decided on more stringent security measures but gave them access when he went away, and in the end a HxL manager got hacked.

I think the system is fine how it is.

Yeah and at the end of they day there are numerous things in place to ensure that managers don't get hacked. They are told not to use the same passwords which unfortunately didn't happen in this case.

However, if they listened and took all advice given to them it's very unlikely they'd be compromised. Even when it does happen (it's bound to) the right actions are in place to ensure that there isn't much damage then.

It could have potentially been dangerous to official status mind you if more articles had been posted on habbox.com with pornography or anything real graphic. This wasn't the case and because of the incident people will be more alert to dangers, hopefully anyway.

[Jin]

To put things in perspective, by giving out additional access we would decrease the amount of time it would take to restore our site but increase the chances of getting hacked more frequently which in turn would cause more down time.

If our servers are compromised at the level of access that Myself, sierk and nvr operate at then we would be down for about a week we may not even fully recover from it. I think that our news manager and A(GM)'s handled the issue very very well. I didn't take me too long to sort out my end of things habboxlive.com was sorted in 30 mins and despite the few set backs with habbox.com which increased the time to 45 mins we were up and runnings fairly quickly.

this hacking has actually been a blessing in disguise as I noticed something whilst fixing the site that could have caused us a lot of issues later on.

[nvrspk4]

Yeah and at the end of they day there are numerous things in place to ensure that managers don't get hacked. They are told not to use the same passwords which unfortunately didn't happen in this case.

However, if they listened and took all advice given to them it's very unlikely they'd be compromised. Even when it does happen (it's bound to) the right actions are in place to ensure that there isn't much damage then.

It could have potentially been dangerous to official status mind you if more articles had been posted on habbox.com with pornography or anything real graphic. This wasn't the case and because of the incident people will be more alert to dangers, hopefully anyway.

Even if she had used all different passwords, it wouldn't have changed anything lol. Its very difficult to be perfect and there will be mess ups. To expect that none of our managers will ever be hacked is unrealistic. There may be consequences when they do, its not like we'll brush it off, but we also contingency plan for it.

No, it wouldn't have I've spoken to staff, as long as its reasonable what happened, and you email them to let them know about it (as I did) and you show that you took reasonable precautions which didn't help, they let it go.

[Immenseman]

Even if she had used all different passwords, it wouldn't have changed anything lol. Its very difficult to be perfect and there will be mess ups. To expect that none of our managers will ever be hacked is unrealistic. There may be consequences when they do, its not like we'll brush it off, but we also contingency plan for it.

No, it wouldn't have I've spoken to staff, as long as its reasonable what happened, and you email them to let them know about it (as I did) and you show that you took reasonable precautions which didn't help, they let it go.

It would have because she wasn't keylogged but iStealer. She hadn't typed all the passwords in but because of the fact all her passwords were so similar it was easy for them to jump around. So it probably would have changed the situation.

It was reasonable what happened only because Dlox didn't care. If he had put a phisher up and loads of habbox users had been hacked I'm not so sure they would have seen that as "reasonable". I certainly wouldn't have and he could have easily put a link to one in the article and even pretended to be a real news reporter as more people would have fallen for it. Luckily he has no GCSEs so would never have thought of anything so imaginative.

[Blinger1]

It would have because she wasn't keylogged but iStealer. She hadn't typed all the passwords in but because of the fact all her passwords were so similar it was easy for them to jump around. So it probably would have changed the situation.

It was reasonable what happened only because Dlox didn't care. If he had put a phisher up and loads of habbox users had been hacked I'm not so sure they would have seen that as "reasonable". I certainly wouldn't have and he could have easily put a link to one in the article and even pretended to be a real news reporter as more people would have fallen for it. Luckily he has no GCSEs so would never have thought of anything so imaginative.

Or he doesn't really care about ruining the site that much?
I have 'gained access' to other fansites and deleted an article or two but not post links to phishing sites or what ever, just to prove there was an exploit.

Sure he keylogged who ever it was, but that might just be to say that "blahblah of staff hasn't got much knowledge of what happens" or isn't very liable?

[Immenseman]

It was sarcasm, I don't think people take GCSEs in hacking habbo fansites. I was merely highlighting they were hardly handling anyone serious just some deluded child who met his girlfriend through Habbo and learnt to read on Habbo and I am being deadly serious.

[Blinger1]

It was sarcasm, I don't think people take GCSEs in hacking habbo fansites. I was merely highlighting they were hardly handling anyone serious just some deluded child who met his girlfriend through Habbo and learnt to read on Habbo and I am being deadly serious.

I thought you more meant it was someone who doesn't go to school, not got any school awards (*** r gsces)

[Jin]

Oh speaking of mindless.

I have just been reading ***** and apparently somebody called "Adam Walsh" is dealing with out finances and they are concentrating their efforts on him :S?

Last time I checked our finances aren't controlled by an "Adam Walsh".

[Blinger1]

You sly dog!!!

Who is Adam Walsh?

Also, is Habbox hosted on a proper host? I presume it is. (by proper i mean someone like umm, godaddy or some crap)