1  2  3  |   Order by index

Jul 13, 2003, 2:46am

Usually I don't post any chat in public but I feel it's necessary this time
for a serious security issue that concerns everyone.
By serious, I mean serious ! The contents of this world got wiped out
totally.

The concerned people actually didn't know that I am working at night and
fortunately I completely forgot to disconnect my bot from Gala world. I
realized it just before to shut down my computer.

Gala is not my world, his owner, JermeL, citnumber 327600, "gave me the
keys" while he is in vacation.

I would have liked to offer that good friend something else than this log
for is birthday !

The world was reset with a completely unknown backup not related to it.
Worlds right were reset as well.
Everything in the world distroyed.

I precise that no privilege passwords were given, I am the only one to have
Gala's owner passwords.
Anyway as they say in this chat log, they don't even need it.

Maybe some of you can identify these people with their connection
session/IP, so I put them as well.

For the rest, this doesn't need further comments, I can only hope for all
of us that AW will do something asap.

---------------------
(french time zone)
Sun 07/13/03 04:34:24 Gala 199.35.171.230:1490 -1 IDENTIFIED
'[Timmay]' 0 327600
Sun 07/13/03 04:29:54 Gala 68.201.45.185:1624 -1 ENTER 21332
2F2D5B09
Sun 07/13/03 04:29:54 Gala 68.201.45.185:1624 -1 IDENTIFIED
'"Nora"' 0 0
Sun 07/13/03 04:29:53 Gala 24.209.50.218:1323 -1 ENTER 20981
8648E83
Sun 07/13/03 04:29:53 Gala 24.209.50.218:1323 -1 IDENTIFIED
'"STA Knight"' 0 0
Sun 07/13/03 04:29:30 64.94.241.235:4159 -1 CONNECTED
Sun 07/13/03 04:29:30 64.94.241.235:4159 -1 TUNNEL CONNECT
Sun 07/13/03 04:29:31 64.94.241.235:4159 -1 CHANNEL OPEN
24.209.88.140:45015 channel=2
Sun 07/13/03 04:29:31 64.94.241.235:4159 -1 CHANNEL MESSAGE
2 (33 bytes)
Sun 07/13/03 04:29:31 Gala 24.209.88.140:45015 -1 IDENTIFIED
'"DOOMED"' 0 0
Sun 07/13/03 04:30:16 64.94.241.235:4159 -1 CHANNEL OPEN
66.20.55.226:2313 channel=3
Sun 07/13/03 04:30:16 64.94.241.235:4159 -1 CHANNEL MESSAGE
3 (33 bytes)
Sun 07/13/03 04:30:16 Gala 68.201.45.185:1624 0 TERRAIN QUERY 0
0 3320 [0]
Sun 07/13/03 04:30:16 Gala 66.20.55.226:2313 -1 IDENTIFIED
'"Johnny"' 0 0
Sun 07/13/03 04:32:04 12.245.118.44:9132 -1 CONNECTED
Sun 07/13/03 04:32:04 Gala 12.245.118.44:9132 -1 ENTER 21322
2D6ECAE6
Sun 07/13/03 04:32:05 Gala 12.245.118.44:9132 -1 IDENTIFIED
'"EmporerZ"' 0 0

---------------------------
(vrt time)
00:05:20 VRT: Universe build 39, world build 56
00:05:20 VRT: Global Mode accepted
00:05:20 VRT: GaLa - www.gala-3d.net - 0.000n 0.000w 0.00a
266.0° -
00:20:12 VRT: [Timmay] enters s# 21289 #327600 at 0.0n 0.0w 0.0a 0
00:21:46 VRT: [Timmay] exits s# 21289 #327600 at 0.0n 0.0w 0.0a 0
00:22:20 VRT: [Timmay] enters s# 21312 #327600 at 0.0n 0.0w 0.0a 0
00:22:40 VRT: OldHand exits s# 20025 #351150 at 30.0n 30.0e 0.5a 21
00:22:50 VRT: [Timmay] exits s# 21312 #327600 at 0.0n 0.0w 0.0a 0
00:23:08 VRT: [Timmay] enters s# 21325 #327600 at 0.0n 0.0w 0.0a 0
00:24:42 VRT: M A T T A C K - Yes, you were owned by M a t t. To prevent
future attacks on other worlds E-Mail Bill at Activeworlds.Com so he can try
to stop it but never will be able to!!
00:26:04 VRT: [Timmay] exits s# 21325 #327600 at 0.0n 0.0w 0.0a 0
00:29:07 VRT: "DOOMED" enters s# 21369 at 5.2n 0.7e 1.2a 185
00:29:29 VRT: "STA Knight" enters s# 20981 at 12.1s 13.8e 115.9a 330
00:29:30 VRT: "Nora" enters s# 21332 at 10.5s 12.2e 115.5a 75
"STA Knight": where are we
00:29:53 VRT: "Johnny" enters s# 21258 at 5.2n 0.7e 0.0a 185
"DOOMED": lol
"Johnny": I c
"DOOMED": Too funny
"Johnny": I just love what you did with the place
"Johnny": It feels so ..... opened
"DOOMED": rofl
"Johnny": What do you think Nora ?
"Johnny": Like the remodeling job ?
"Nora": cool
00:31:40 VRT: "EmporerZ" enters s# 21322 at 0.3n 0.0w 0.0a 0
"EmporerZ": /aide
"Johnny": Yep
"EmporerZ": how do i win?
"Nora": *scoot*
00:32:08 VRT: "STA Knight" exits s# 20981 at 7.4n 1.0e -350.0a 352
"Johnny": Get us a ppw
00:32:18 VRT: "Shadow Creature" enters s# 21431 at 5.2n 0.7e 0.0a 185
"Johnny": You win this world
"Shadow Creature": hi
"Nora": what the
"EmporerZ": where are u ppl?
"Nora": oh hi
"Johnny": hi Shadow
00:32:49 VRT: "STA Knight" enters s# 20981 at 5.2n 0.7e 1.2a 185
"DOOMED": This is just tooo good
"STA Knight": hi sry got booted
"Johnny": Matt did a great job
"STA Knight": what about that free stuff
00:33:09 VRT: "oh well" enters s# 21444 at 0.6n 0.6e 0.3a 134
"Johnny": STA
"Nora": yea
"Johnny": To get free stuff you must get a ppw
"Johnny": Return here with it and tell us the Citizen Name and Number
"Nora": ppw???????
"STA Knight": ppw?
"Johnny": Then you get this world all to yourself !!!
"Johnny": just ask around
"Johnny": youll find out fast
"STA Knight": tell us please
"Shadow Creature": what about citizenships?
"Nora": what is a Ppww?
00:34:05 VRT: [Timmay] enters s# 21451 #327600 at 0.0n 0.0w 0.0a 0
"Johnny": Like i said
"oh well": timmay !
"Johnny": Ask around
"EmporerZ": no one is going to tell us
"Johnny": go to AWGate for example
00:34:23 VRT: "STA Knight" exits s# 20981 at 0.8s 3.8w 0.2a 140
"Shadow Creature": it's a scam
"Johnny": Thats why ya gotta be sneaky
"Johnny": I know how to do it
"EmporerZ": http://ownp.us/aw/
"Johnny": Matt does to , obviously
"EmporerZ": go there fo aw help
"EmporerZ": i need ideas
"EmporerZ": how?
00:35:06 VRT: "Shadow Creature" exits s# 21431 at 4.1n 9.3e 0.0a 208
"EmporerZ": cause then i can use bot
"EmporerZ": s
"Johnny": Hey if you cant figure it out thats your problem
"Johnny": I know how to do it
"Johnny": Matt knows how to do it
"EmporerZ": can u tell us one if ur so good?
"EmporerZ": or r u lying?
"Johnny": now its time for you younger kids to learn
"Johnny": Umm
"Johnny": This world should speak for itself there EmporerZ
"Johnny": How do you think matts doing this ??
"Johnny": a ppw
00:36:03 VRT: "oh well" exits s# 21444 at 2.6n 1.8w 0.0a 109
"EmporerZ": who's?
"Johnny": anyone
00:36:37 VRT: "STA Knight" enters s# 20981 at 5.2n 0.7e 1.2a 185
"Nora": Are you testing us like Gueni Pigs?!?!?
00:36:43 VRT: "oh well" enters s# 21444 at 5.2n 0.7e 0.0a 185
"STA Knight": its a fraud
"Johnny": What is ?
"EmporerZ": u r
"STA Knight": ppw
"EmporerZ": just tell us one then
"STA Knight": you need to be a cit to get a ppw
"Johnny": a ppw is fraud ?
"Johnny": Not to get one
"STA Knight": tourists cant get one
"Johnny": To use and have on though
"Johnny": you do
"Johnny": You can get them off people as a tourist
"STA Knight": i asked someone they said no
"EmporerZ": how>
"STA Knight": i went to aw gate
"EmporerZ": they all say #^$#^ off
"Johnny": They wont just give you it
"Johnny": Kids kids
"EmporerZ": i have been on 4 2 yrs
"EmporerZ": i know
"EmporerZ": my tricks dont work
"EmporerZ": if u want us getting ppw's for you, then tell us how
"EmporerZ": duh
00:38:33 VRT: M A T T A C K - Yes, you were owned by M a t t. To prevent
future attacks on other worlds E-Mail Bill at Activeworlds.Com so he can try
to stop it but never will be able to!! Thank you Strike Rapier and
Panther1403 for providing the ppw for this attack. ;-)
"oh well": omg
"oh well": strike rapier is a hacker
"Nora": UR USING US
"EmporerZ": notice the 0 response
"EmporerZ": if u tell me how, i will get some for u
"oh well": he deleted AWRPG also !
"Johnny": I just splained it to ya Emporer
"Johnny": Oh well your a genious
00:39:43 VRT: "STA Knight" exits s# 20981 at 2.6n 0.6w 0.0a 215
"EmporerZ": no, u said not to just ask them
"Johnny": Lets all give it up for oh well
"EmporerZ": that not explainning
"Johnny": I just whispered to you
"EmporerZ": no u didnt
00:40:07 VRT: [Timmay] = ip 199.35.171.230
"EmporerZ": i hear nuthin
00:40:12 VRT: "DOOMED" exits s# 21369 at 0.0n 1.1w 0.0a 251
"Johnny": scroll up
"EmporerZ": no blue text
"EmporerZ": i did
"EmporerZ": try again
"Nora": UR USING US ?
"Nora": I AM GETTING ANGRY AT JOHN EY!!!!!!!!!!!!!!\
"EmporerZ": lol
"EmporerZ": im sure it does
"Nora": what
"Nora": thats not mw
"Nora": me*
"Johnny": .......
"Johnny": ok
00:46:03 VRT: "EmporerZ" exits s# 21322 at 0.3n 0.1w 0.0a 38
00:46:03 VRT: "oh weII" enters s# 21575 at 0.3n 0.1w 0.0a 38
"oh weII": i will fuck you all
00:46:12 VRT: "krikri" enters s# 21573 at 5.2n 0.7e 0.8a 185
"oh well": ?
"oh weII": and nora's dog
"oh well": lol
00:46:25 VRT: "oh well" exits s# 21444 at 5.2n 0.7e 0.0a 185
00:46:26 VRT: "oh no" enters s# 21581 at 5.2n 0.7e 0.0a 185
"oh no": lol
"oh weII": j/k i am not laughing
"oh weII": i am serious
"oh no": :P
"oh weII": come here doggy
"oh no": love ya too man
"Nora": OK
"krikri": slt
00:46:55 VRT: "oh weII" exits s# 21575 at 1.9n 0.1w 0.0a 284
*****: **** eject [Timmay]
00:47:01 VRT: "Nora" exits s# 21332 at 0.3n 0.1e 0.0a 72
"oh no": hmm
"oh no": dumdidum

Jul 13, 2003, 3:46am

This person named "oh Well " was ejected by zbot for saying the "F" word at
GZ in A!!CT unfortunately Zbot only ejects for 60 seconds the first time and
the ejection terminates there after so i do not have the IP info at this
time.
MrBruce

[View Quote]

Jul 13, 2003, 6:39am

Matt doesn't hack.....he gets others to do it for him and he hides behind a
proxy. AWI has been on to him for a while now. As long as you keep your
ppw's safe and make sure NO one gives them out to anyone, you will be fine.
He likes to try to con ppl into giving ppws to him either by telling them a
false story or falsly impersonating someone that actually has that ppw and
saying that he lost it. Nothing to be worried about. AWI is on to him ;)

Elyk
kfoerst at sbcglobal.net
[View Quote]

Jul 13, 2003, 6:47am

Yeah... someone is seriously playing hell, your PPW will have been stolen
most likely....

Rick.... its time to take M a t t to court mate, you cant seriously expect
your customers to feel safe in your environment if you dont take action when
its needed....

And as for Panther and I... I know what he has against me, my bots Protect
AWNewbie and I countered most of his crap in AWTeen... as for Panther, no
idea why he would say that? Over to you panther if your on here?

- Mark
[View Quote]

Jul 13, 2003, 8:05am

I know his MSN acc :-D - He also hacked Amunition121 with his keylogger and
gave out info for www.xeonworlds.co.uk Alpha

~John

[View Quote]

Jul 13, 2003, 8:38am

Jump to it Enzo, your mate has spoken


[View Quote]

Jul 13, 2003, 9:03am

M A T T again? How many warnings do we need to give you ENZO?! Ban the kid!

[View Quote]

Jul 13, 2003, 9:17am

Sun 07/13/03 04:29:54 Gala 68.201.45.185:1624 -1 IDENTIFIED
'"Nora"' 0 0

"Nora" uses "ROADRUNNER-SOUTHWEST" ISP - Identified, United States of
America Location

=====================

Sun 07/13/03 04:29:53 Gala 24.209.50.218:1323 -1 IDENTIFIED
'"STA Knight"' 0 0

"STA Knight" also uses "Road Runner" ISP - Identified, United States of
America

=====================

Sun 07/13/03 04:29:31 Gala 24.209.88.140:45015 -1 IDENTIFIED
'"DOOMED"' 0 0

"DOOMED" also uses "Road Runner" ISP - Identified, United States of America

=====================

Sun 07/13/03 04:30:16 Gala 66.20.55.226:2313 -1 IDENTIFIED
'"Johnny"' 0 0

"Johnny" uses "BellSouth" ISP - Identified, United States of America -
possible Florida


=====================

Sun 07/13/03 04:32:05 Gala 12.245.118.44:9132 -1 IDENTIFIED
'"EmporerZ"' 0 0

"EmporerZ" uses "AT&T WorldNet Services" ISP - Identified, United States of
America

=====================

Jul 13, 2003, 9:59am

As for me he doesn't like me because i was present during a conversation he
was having with kol in AWTeen and i sent the logs to AW. oh and i called him
a deadbeat loser on MSN. As far as him getting ppws, i know that Zaru has a
group that gathers and shares ppws with each other and with M A T T. He has
been trying to get me to give him mine for a long time, but i like to think
that im not that stupid.

[View Quote]

Jul 13, 2003, 10:08am

I believe they call themselves "ZeoGang" lol

"As far as him getting ppws, i know that Zaru has a
group that gathers and shares ppws with each other and with M A T T"

Jul 13, 2003, 10:16am

Must be a gang of idiots, cretins and trolls - any pictures available?


[View Quote]

Jul 13, 2003, 10:38am

Yeah they started it when I was at the gate and were trying to get me to
join... I'm guessing they renamed it because they wanted me to join lol... I
told the GK on duty and she said she would watch out for it, and I also
mentioned it to a Peacekeeper who said she'll keep her eye on him. I've got
chat logs if anyone needs them...

Also, I've seen "Nora" and "EmporerZ" in a couple of worlds before and
neither of them have ever been a problem... they've never cussed or
vandalised that I know of.

-ZeoFateX

Jul 13, 2003, 10:43am

I forgot to mention it because it was obvious for me that of course no
privileges password was given to anyone.
Only the world owner and I know them.
And there are not passwords like "toto" :)
Besides, if you read the chat, they say that they only need any privilege
password, not necessary the owner's one.
Not to "show up" but just for info, I am not exactly a newbie on AW (1997).

The answer from AW came today, if I thank them for the quick reply on a
sunday, it's indeed a .. quick reply :

"Ya someone got ahold of a PPW. Most likely someone downloaded a bot that
sent the PPW to the hacker.."

Now I don't know for JermeL, but I didn't run anything else than a Preston
and a Xelagot bot on his world.

In any case, I do not agree for putting the blame on the owner (or me),
because, if it is really possible to get any ppwd you want with a malicious
bot, it is still an AW security hole.
That should not be possible and that should be fixed asap.

Jul 13, 2003, 10:49am

"Nora" and "STA Knight" as well as "Shadow Creature" are all regulars to
AWNewbie. I can assure you, they would never intentionally get caught up in
one of M a t t's ordeals.

"DOOMED"-I saw him posting url's around AW yesterday and advertising stuff,
as well as swearing. I think its kinda obvious he's matt. lol.

"Johnny"-Probably confederate. M a t t's minion.

"oh well"-he was ejected from AWNewbie by customs aide for swearing.

"EmporerZ"-He's a regular in AWNewbie as well, but I have no idea why he
went along with matt.

"DOOMED" visited AWNewbie while all these tourists were there, but he didn't
talk much. I'm guessing he lured them in by whispers or something.



[View Quote]

Jul 13, 2003, 10:49am

The ONLY way to do it with any PPW is by using the mother of all exploits
which only Sleepy E has, the Tunnel exploit.

- Mark

[View Quote]

Jul 13, 2003, 10:53am

ZeoGang does not trade ppws with M A T T or do anything with him.. the gang
cannot contact him.. I know this cuz Im his friend..

oh yes on another note: some people think Im friends with M A T T... not
true

Jul 13, 2003, 11:01am

Sleepy E would not give informations to Matt.


[View Quote]

Jul 13, 2003, 11:04am

Hence 'Which Only Sleepy E has'
^^^^^

I know Sleepy would never give out anything of that, he wouldent even tell
me how it worked on Andras' NG, lol

- Mark

[View Quote]

Jul 13, 2003, 1:05pm

<Leak from someone in MSN - Disclaimer: no value or legal bounding is put on
this post>

Apparently M a t t was given the PPW by a world owner over MSN

</Leak from someone in MSN>

Jul 13, 2003, 1:07pm

Umm, so which is it? :P

[View Quote] --
Goober King
Pointing out the not-so-obvious
awnews at awnews.org

Jul 13, 2003, 1:10pm

You've got to be a little more specific than that, Leaf. :P

Nora's IP traces to a RoadRunner server in Waco, TX
STA Knight's IP traces to a RoadRunner server somewhere in the Allen
County, OH area
DOOMED's IP traces to a RoadRunner server in Xenia, OH
Johnny's IP traces to a BellSouth server somewhere in the Miami, FL area
EmporerZ's IP traces to a AT&T server somewhere in the Detroit, MI area

Of course, as has been said previously, they could be using proxies, but
I'm not sure if we can give them that much credit. :P

[View Quote] --
Goober King
Down to brass tacks
awnews at awnews.org

Jul 13, 2003, 2:20pm

Heh didn't want to get too personal Goober lol

[View Quote]

Jul 13, 2003, 4:13pm

I'm also sure a good programmer could figure a way to get a Bot to give out
the privpassword it's running under.
Im not a programmer and do not claim to know what Im talking about here,
but, like all things bots run most of the time and in alot of cases run
under someones privs who have CT or ED rights. I figure someone could figure
out a way to hack into a bot and gain the priv it's running under. I know in
most cases a bot uses ******* but while scour the web one day I found a
program called "snitch" that allows you to copy and paste ***** (the
encrpted password) into a box and it reveals it into actual letters (the
password) I tried this with my worlds object password and on that it did not
work, because the field is sort of greyed out, but with a few Bots I tried
this and it did reveal the password in actual letters.
MrBruce
[View Quote]

Jul 13, 2003, 4:29pm

In article <Xns93B7957BE65AFCatherine at 64.94.241.201>,
removethisailleurs at ailleurs3d.com says...
> In any case, I do not agree for putting the blame on the owner (or me),
> because, if it is really possible to get any ppwd you want with a malicious
> bot, it is still an AW security hole.
> That should not be possible and that should be fixed asap.
>

There is a simple fact that everyone working with computers should understand;
If you run someone's code, the programer owns your machine...simple as that.
The only way around this is trusting the source (or writing your own software),
no one can do anything for you if you run malicious code.

--
../B

Jul 13, 2003, 4:36pm

A good programmer? Someone can do that using just the example project.

- Mark

[View Quote]

Jul 13, 2003, 4:40pm

Oh, btw...

The fields you are talking about are just fields where a character mask is
used instead of the font, but the text is still taken and is stored in the
same way as all other text boxes, and can be retrieved though DDE or
GetItemDlgText (MFC thingy) or a RAM equivilent, I think the reason you cant
do this in AW is because it sends a string of * of the length the password
is?

- Mark

[View Quote]

Jul 13, 2003, 5:18pm

So you mean like Windows, Baron ?
In general I agree, of course, it's like viruses and trojans people execute
from their e-mail every day, but I think it was already stated that the
only bots used came from trustfuly resources.


"baron" <pk39srt at hot[youknowwhat].com> wrote in
news:MPG.197bd07bb02394029896b3 at news.activeworlds.com:

> In article <Xns93B7957BE65AFCatherine at 64.94.241.201>,
> removethisailleurs at ailleurs3d.com says...
>
> There is a simple fact that everyone working with computers should
> understand; If you run someone's code, the programer owns your
> machine...simple as that. The only way around this is trusting the
> source (or writing your own software), no one can do anything for you
> if you run malicious code.
>

Jul 13, 2003, 5:38pm

In article <Xns93B7D7DF54AF3Drubi at 64.94.241.201>, nospam at alterlinks.fr says...
>
> So you mean like Windows, Baron ?
> In general I agree, of course, it's like viruses and trojans people execute
> from their e-mail every day, but I think it was already stated that the
> only bots used came from trustfuly resources.
>
>
>
>

In my previous post I quoted the exact statement that I was referring to, the
one about AWI needing to do something about malicious bots. It's the user's
responsibility and not an AW security hole, period. I didn't really understand
what the OS has got to do with anything, a SunOS box can easily be owned with a
malicious binary if the user is ignorant enough to work as root or another
privileged user (like the vast majority of windows users work as
administrators, Microsoft can't do much about this).

--
../B

Jul 13, 2003, 5:45pm

[View Quote] Often, you can't install programs without being administrator. This is
rarely a case on *nix unless you compile from source. (I may be wrong
about that, though)

--
--Bowen--

No of SETI units returned: 27
Processing time: 22 days, 8 hours.
(Total hours: 536)
www.setiathome.ssl.berkeley.edu

Jul 13, 2003, 5:47pm

[View Quote] It depends on the program. You can always compile as non-root, but some require you to be root in order to finish the installation (the "make install" step)

1  2  3  |   Order by index