Jump to content
DayZ Forums
tonic-_-

Forum / Security Notice - They trollinnnn

By tonic-_-, in Mod Announcements & Info

Recommended Posts

tonic-_-    42

tonic-_-
Posted

Hello again,

* NOTE: DO NOT POST THIS PERSONS PERSONAL INFORMATION, GAMING ALIASES, ETC ARE FINE, BUT NAMES, ADDRESSES, SOCIAL WEBSITES ARE NOT ALLOWED IN THIS TOPIC. ALSO DO NOT MAKE THREATS AGAINST THIS PERSON IN ANY WAY LEGAL ACTIONS ARE BEING PURSUED*

Heh. Apparently the little troll didn't take kindly to quickly reacting and locking him out and then posting about it, sadly one users account was not thought of and cost us our forums to revert back to a backup from a week or two ago. Sad I know right?

He managed to get a database backup from the 22nd (Hah, we don't keep backups for admins). But as everyone knows the normal drill when such events happen you should change your forum account password.

His actions are going to dig him into a very deep hole and I assume he doesn't care or believes it to be a bluff like any normal person would, well we're not going to bluff and your actions against the forums are going to further lead us to peruse legal actions.

So, for the people that have missed out on our previous announcement about today's rising events.

A person has gained access to our main email account which have details listed for our FTP's, etc. He then uploaded a malicious application to the US file host which has since been taken offline.

The file was called dayz_auto_updater.exe

This malicious software is lead to be a backdoor / bot. Below is the ThreatExpert report on this file.

http://www.threatexpert.com/report.aspx?md5=ead7a55075d5ce1a32353832bed88069

ThreatExpert also explains where this malicious application installs / moves its processes to stay hidden within your computer. So if you are a user who has downloaded the .exe called dayz_auto_updater.exe from the US Mirror is to scan their computer against viruses and read the description by ThreatExpert on where to locate this if your Virus detector does not pick it up.

Now off to the server hosts

Server hosts who provided us with RDP details are comprised and need to thoroughly scan their server for the same type of processes and to change their servers RDP details and to NOT ever give the RDP details out to anyone *Including DayZ* from now on.

Now we move to the main event

This person responsible for this goes by the following name in-game and here is his GUID:

despected - GUID: e812801aa33603d69643eff110880ec9

He has since changed his name but is banned in DayZ.

Fun facts:

He once acted to be a female for 3 months to gain donations for a counter strike community.

He makes money by selling runescape gold *w/e the hell that is lol*

He apparently loves mcdonalds...

This person has now become my center of attention, I truly do adore him.

As the last bit of words I write, I would strongly advise this person to stop his actions otherwise. DayZ is becoming a very strong community and beloved by many communities. It would be ill advised to continue what you're doing, the community does not appreciate what you're doing and I feel you will anger the zombies *Ahh everyone run*.

  • Like 1

Share this post

Link to post
Share on other sites

xqnp7    0

xqnp7
Posted

So...I mean.....what exactly provoked this fucktit to hack everything?

Share this post

Link to post
Share on other sites

azimov    76

azimov
Posted

Please don't give away his personal info. Most of the time innocent people become victims of the ensuing witchhunts. But please sue him to the full extent of law. People who do this kind of shit think they can get away with it all too often.

Share this post

Link to post
Share on other sites

icomrade    201

icomrade
Posted

The passwords arent stored plain text.. right?

passwords are usually hashed, a strong password will generally not have a known plain text derivative. With that said, there are many places where one can unhash a hashed password, hashes are specific to a word/alphanumerical combinations. For example, the password "test" has a hash of "098f6bcd4621d373cade4e832627b4f6" which will always be true for the word "test."

Now, if the passwords are salts then you're probably safe, but I would air on the side of caution and change my password anyway. I believe the passwords this forum software stores are salted/SHA-1, which is essentially an MD5 hash of an MD5 has of a plaintext password.

Share this post

Link to post
Share on other sites

Timberfox    2

Timberfox
Posted

Depressed legion dude is unhappy about being hated by the community; goes and attacks the community...

Time for the community to attack back?

Share this post

Link to post
Share on other sites

red62    9

red62
Posted

will have address in an hour stay tuned

edit: 2-3 hours

Share this post

Link to post
Share on other sites

tonic-_-    42

tonic-_-
Posted

I have since came to senses and don't plan on posting his information unless he tries something else. Once Rocket gets online I believe we're going to have a nice discussion on how to pursue this.

Share this post

Link to post
Share on other sites

WildGunsTomcat    78

WildGunsTomcat
Posted

I have since came to senses and don't plan on posting his information unless he tries something else. Once Rocket gets online I believe we're going to have a nice discussion on how to pursue this.

Tonic, is what this kid did causing all the server lag?

Share this post

Link to post
Share on other sites

red62    9

red62
Posted

arite, won't post it then

in the meantime staffs, should go to steam and see if you can get his location/ip from them

assuming you dont already have it

Share this post

Link to post
Share on other sites

tonic-_-    42

tonic-_-
Posted

I have since came to senses and don't plan on posting his information unless he tries something else. Once Rocket gets online I believe we're going to have a nice discussion on how to pursue this.

Tonic' date=' is what this kid did causing all the server lag?

[/quote']

No, that was a additional security thing added to the database server for DayZ this morning and it's causing problems.

Share this post

Link to post
Share on other sites

WildGunsTomcat    78

WildGunsTomcat
Posted

I have since came to senses and don't plan on posting his information unless he tries something else. Once Rocket gets online I believe we're going to have a nice discussion on how to pursue this.

Tonic' date=' is what this kid did causing all the server lag?

[/quote']

No, that was a additional security thing added to the database server for DayZ this morning and it's causing problems.

Any ETA on a fix?

Yep. They used to be Legion...but they got so hated here they changed their names to Apocalypse gaming.

Share this post

Link to post
Share on other sites

Timberfox    2

Timberfox
Posted

Known aliases:

Pistachio

Dragon

Sgt. Pistachio Kaine

Sgt. Pistachio Caine

[FL:RP] Apples

Charades

Boom

Lt. Pistachio Caine

-vG- Apples

Apples

Share this post

Link to post
Share on other sites

Kinglorre    0

Kinglorre
Posted

Take down his personal information Tonic. Its nice your trying to put this in a funny perspective but you cant be doing that.

Personal data are defined as "any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;" (art. 2 a)

This definition is meant to be very broad. Data are "personal data" when someone is able to link the information to a person, even if the person holding the data cannot make this link. Some examples of "personal data" are: address, credit card number, bank statements, criminal record, etc.

The notion processing means "any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;" (art. 2 b)

The responsibility for compliance rests on the shoulders of the "controller", meaning the natural or artificial person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; (art. 2 d)

The data protection rules are applicable not only when the controller is established within the EU, but whenever the controller uses equipment situated within the EU in order to process data. (art. 4) Controllers from outside the EU, processing data in the EU, will have to follow data protection regulation. In principle, any online business trading with EU citizens would process some personal data and would be using equipment in the EU to process the data (i.e. the customer's computer). As a consequence, the website operator would have to comply with the European data protection rules. The directive was written before the breakthrough of the Internet, and to date there is little jurisprudence on this subject.

The proposed new European Union Data Protection Regulation (a draft for which was unveiled in January 2012) extends the scope of the EU data protection law to all foreign companies processing data of European Union residents.[1]

http://en.wikipedia.org/wiki/Data_Protection_Directive

Share this post

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Go To Topic Listing Mod Announcements & Info
×