[Official] Recent downtimes and attacks on CodeMplosion

[Suspense 2974]

Hello guys,

 

As many have noticed by now, our sites stability has been rather unstable the past week or so, and theres some good reason to this. I will use this thread to try and explain a bit of what happened to us, and the effects this might have. Let me first note that dates mentioned in this thread may not be accurate, i currently cannot remember exactly when everything happened, and we have been working non-stop to get us back online, resulting in me being tired to the point where i do not feel like gathering all that intel.

 

So, about a week ago, 2 weeks maybe. We got hacked initially by 2 people that did not like us(obviously). We were able to get in talks with the intruders in which we all agreed that theres no use of leaking any of our information, instead it was more to prove a point, and as such we kept contact to the initial intruders and ended on friendly terms. They made us aware of some serious security flaws in our systems, flaws that we to an extend were aware of. 

 

Now i have no intentions of covering anything up here, we slacked, and theres no excuse. We did not take the security of our website serious enough in the past many months, primarily because we don't recieve much traffic, and we haven't had any attacks for a very very long time. The lack of maintenance and security on our part is inexcusable, to be frank, it's just not good enough. I cannot emphasize how much i am sorry for the recent downtimes, and the effects that might follow. However, i must urge that due to the nature of this scene, and what we do, we WILL paint targets on our backs. We highly recommend that in general, nobody use sensitive emails or passwords on sites that evolve around hacks, cheats, exploits, etc and etc. 

 

However, above mentioned incidents were history up until 2 days ago. We did not stress to fix all the security flaws after the initial hit, because we did not think anyone else had gained access. We realised that the initial hack got the ball rolling, and fueled other groups to flex their mucles and try to gain from it. Such group, contacted me roughly 2 days ago, and attempted to blackmail me for money. Heres the transcript of the skype conversation between me, and the group that attempted to blackmail me before we took the site down:

 

[14-09-2013 02:39:15] opurfbvds: Greetings,We're now going to inform you about this threat.What you have done to us and our companys, we're going to take actions on your server if you don't pass 500$ PayPal withing 25 Minutes.This is a payment that will be paid against all of the profile builders out there that you stole the profiles from.[14-09-2013 02:39:29] opurfbvds: 
Please login or register to see this link.
  02:39:59] Suspense: What is this on this screenshot?[14-09-2013 02:40:10] opurfbvds: Your database.[14-09-2013 02:41:22] Suspense: Where are you from lol?[14-09-2013 02:41:37] opurfbvds: That is not relevant.[14-09-2013 02:43:10] Suspense: Alright, well its super simple, we dont have 500$, so you go ahead and do what you gotta do[14-09-2013 02:43:49] opurfbvds: So lets make an agreement.[14-09-2013 02:44:34] opurfbvds: We'll take every donation until 500$ is paid. Once that is done, we won't harm your servers or database.[14-09-2013 02:47:05] Suspense: Listen, its super duper simple. We operate like any other website does, we comply with takedown notices(you gave us none) and thats simply it. If you leak the database, you leak the database, nothing we can do about that, unfortunate but thats how it goes. Im not sending you 500$[14-09-2013 02:47:51] opurfbvds: Very Well, Don't say we didn't warn you.[14-09-2013 02:48:06] Suspense: ITs just the ipb database[14-09-2013 02:48:09] Suspense: Its a loss, its what it is[14-09-2013 02:48:15] Suspense: You didnt come to us and asked it to be removed[14-09-2013 02:48:30] Suspense: Like any other normal business would have[14-09-2013 02:52:36] opurfbvds: Knowledge Stress,We are Legion,We do not Forgive,We do not Forget,Expect us.[14-09-2013 02:53:07] Suspense: Oh pls. Lol

Now us not having 500$ was obviously a little white lie, we have what we need to cover our bills. But I stand ground and will NOT be blackmailed by people like this. The result of my actions may push these guys to upload 2 database backups from this month, containing the emails of our users, aswell as hashed passwords. This is no doubt unfortunate, and we wished this had not happened. However, such database leak is not its first in history of CM, we had one back at Wacraftcheating aswell. There is very little use of our database, and very little chance that anyone is gonna sit down and try to use 36k hashed passwords and emails to anything. However, we of course urge everybody to change their passwords as a safety precaution.

 

We have now spent a great deal of time doing everything we can to secure CM and it's servers. Our new setup is still fresh, and while i would like to promise no more incidents, it should be obvious that i cannot make such a promise, theres always a chance, we hope we have covered ourselfs enough to keep this people out. 

 

One thing is for sure though, no matter the resistence, no matter the measures, CM will stay, we will return. 

 

Regards

CMStaff

[Attraction 2]

This is crazy I would of thought a site about coding and hacking (Be it games or websites) would be more serious about security. It is lucky they didn't push too hard for the $500 else you might of tripped dayum. Well if you need any help with security im your man I used to do what they  did to you but I would inform the admin of the site and they sometimes sent me some cash.

On the topic of the money you should of sent them $0.10 via paypal im guessing as there noobs and you would have there email and w/e else was on the account

If I find any vulns on the site I will inform you immediately in the mean time I would advise you to update your server.

- Attraction

[Nachtigaller 0]

we are anonymoose!!

Im cringing while reading this.

[Quid 0]

Only just changed my password today, god I need to be more active on the forums.

[Aesthetic666 0]

Comming back for world of warcraft, bot's are a necessity for this bitch of a game. Thank you so much for the opportunity you gave us to use a free program.


Just gonna say off the top, I been learning a bit of coding the last few months and this site looks really weak. Im mean your search tool in the top right of the page has backdoor's all over it without even glancing @ the html. Fuck that anonymous message shit though, were freedom fighter not hackers trying to capitalize hacking.

 

 

BEST OF LUCK TO CODEDECEPTION. 

[Panic7700 254]

This was not what i expected, tbh I though that a site with hackers, coders and reverse engineers would be secured. Enough about that.
-Suspense, is it possible that u can flag people to re-new their account name in here? ofc. we can change our password our self, but I was aware that the site had been down. I realized shortly it probably was due to hacking, and looked for a possibility to change my accountname(on CM), but didn't find it.

Also, again. I support the community 100% and I will stay, though i'm interested to protecting my wow-account.

-Viva revolution!