content

[Lovelost]

Update on March 12, 2012: To assist victims affected by the DNSChanger malicious software, the FBI obtained a court order authorizing the Internet Systems Consortium (ISC) to deploy and maintain temporary clean DNS servers. This solution is temporary, providing additional time for victims to clean affected computers and restore their normal DNS settings. The clean DNS servers will be turned off on July 9, 2012, and computers still impacted by DNSChanger may lose Internet connectivity at that time.

Story link here: http://www.fbi.gov/news/stories/2011/no ... are_110911

Basically if you are affected by this hackers malware, you will be temporarily disconnected from the internet tonight for anywhere up to a few hours if your server was/has been targeted this could include sites games are ran off of. So don't freak out.

This is a link to determine if your server is affected or not : http://dns-ok.us
Red = it is
Green = it isn't

Personally I'm unaffected but I can imagine it might start minor lag in other servers.

[idontcareanymore]

Your join date is very...interesting. O_o

[billexzeal]

OP is a hacker posting about DNS hack? lol

[_josiha_]

Definitely not.

A hacker knows the difference between a manipulated hosts file and a SQL injection.

The latter method has meanwhile been used to compromise and steal literally hundreds of thousands of passwords from each of the following domains (and they are only those that are yet known):

- LinkedIn
- Last.fm
- eHarmony
- Formspring
- AndroidForums.com
- NVidia
- Yahoo

Edit:

- we can add Maplesoft to the list.

Everybody may speculate about other internet data bases, especially those related to games...


Greetings, Josiha

[yoyobuae]

There is a possibility that Rappelz is being hacked via DNS redirection. Specifically redirection of this site:
http://rappelz-launcher.gpotato.com/launcher.html

The Rappelz launcher picks up a lot of important data (login server IP, update server IP) from the HTML of that site. If the hackers can somehow redirect the launcher to a fake website of their own then it is game over.

[_josiha_]

(sigh)

Now it is Gamigo again. Will they find the giant hole already that seems to be gaping in all these data bases?

@yoyobuae:

Do you mean a DNS redirect (eg by DNS server communication poisoning) to a phishing domain, or a man-in-the-middle attack? The first one would be detected very fast, because the launcher would contact this page and then no login happens (no game server beyond this page). The second would mean that all traffic has to be redirected until the player is on the respective game server, which can cause a big load. I doubt someone that sets up a DNS attack this way, will use a computer that can handle that many queries, which means the response will be much worse than that of the Amazon cloud; and people would report the bad performance left and right.

I don't know about gPotatos internal handling of accounts, though. There is so much involved, the customer data base, validation of the login, game server population, inventory database, and I dunno what. It might be that a redirect of the login process would be only that, and afterwards the player is back on the Rappelz servers, not noticing he might have been elsewhere. Or it might be that everything is botched because part of the servers are unreachable due to the manipulated DNS information. It all depends on the design of the launcher.exe and the server service setup.

It would be much easier to use whatever method it is to just vacuum the files off the gPotato customer data base, run them through a number cruncher that is specialized on MD5 hashes (if it is too expensive for you to buy the necessary equipment, just rent some time on a cloud server for cheap), and if there is no salt, the passwords will be spit out within a couple of hours. If there is actually some residue left that couldn't be cracked, post it on a hacker forum and wait for someone to chime in and offer to process it (for free, money, exchange for other services, who knows), and the last passwords are done in, no matter how much the user had tried to make them unbreakable.

I am afraid, they did the latter. To LinkedIn, Gamigo, whatever. There is a pattern in it that that makes everything point into that direction.

If I only knew how they are accessing the files. Seeing how many cases of security breaches (of that size) have already become known to the public, it must be very easy for them. I bet there is already a toolkit out that is sold on the black market. Just point it to the domain, let it search the servers for typical database names and sub domains, identify the type of the operation system and version of the data base, and then apply the exploit. How else can they steal millions of entries within such a short time?


Josiha