Dubious new forum members -- eeeeek!!!

General Moho topics.

Moderators: Víctor Paredes, Belgarath, slowtiger

Post Reply
User avatar
Rasheed
Posts: 2008
Joined: Tue May 17, 2005 8:30 am
Location: The Netherlands

Dubious new forum members -- eeeeek!!!

Post by Rasheed »

Please realize, this posting is written by a non-expert, but the concerns are real and should be dealt with by Lost Marble and e frontier.

Now look at this latest member of this fine forum:

Image

This guy is obviously up to no good, because, according to Urban Dictionary.com
A grifter is someone who swindles you through deception or fraud.
This account (and a lot of other accounts I seen coming through lately) is obviously a dormant account that can only be used for things like forum spamming. He seems to like Britney Spears and ringtones, but he must be selling access to this server to others as well. At least, by so blatantly telling us what he will do if no-one stops him, he shows us he has a sense of humor.

I suspect the forum accounts are made by circumventing forum sign-up, namely by inserting them directly into the database. Because I have seen two incidences of server hacks (here and here), I suspect this security of the server has been breached by some hacker.

Unfortunately, I don't have the expertise to claim with any certainty what has been happening, and if it are attacks by someone(s) who ha(s)(ve) physical access to the server, or remote attacks. However, I'm pretty confident, that there is something seriously wrong with the server that hosts the Lost Marble website and forum.

There is also the remote possibility that the computer of the forum administrator has been taken over by some hacker, which would make every attempt of changing passwords and similar things pretty useless, because a keystroke logger would register such actions immediately. If this is the case, we are in deep trouble, because that would mean that the hacker has access to e frontier as well, and he could use his knowledge to put evil code into e frontier products.

I hope this latter doom scenario is not the case, because that could mean his next step is blackmailing e frontier.
The400th
Posts: 177
Joined: Wed Dec 22, 2004 3:51 pm

Post by The400th »

Stop giving the hackers ideas!!!

:lol:

But seriously, I think you're over-reacting a little. This is one of the best managed software vendor forums I've seen. The Tab and Digicel forums have been taken down (or had been last time I looked) and the Toonboom forums are full of... how do I put this... less than professional users.

I think that implying that someone registering on a forum with a (possibly) joke occupation will lead to AS containing malware is stretching it a bit far...
User avatar
Rasheed
Posts: 2008
Joined: Tue May 17, 2005 8:30 am
Location: The Netherlands

Post by Rasheed »

I'm not hindered by any knowledge of how the security of e frontier is organized, nor do I want to have such knowledge. I'm only expressing my concerns as an outsider. Those recent attacks on the Lost Marble server are pretty scary.

I have sent a PM to Fahim, pointing to this thread. I hope he can shed some light on this subject.
The400th
Posts: 177
Joined: Wed Dec 22, 2004 3:51 pm

Post by The400th »

If you've sent a PM to Fahim, why post this scaremongering publicly? You're only going to scare off potential new users. You're not actually helping the situation for e-Frontier.

If you're that worried about hackers and malware, you should consider the Other Software forum, where people post exciting links to unknown software which could contain ANYTHING. That's far more likely to be dangerous than the possibility of AS being hacked.

Or you could campaign for people to stop using Windows... oh, wait... you already are... :D
User avatar
Rasheed
Posts: 2008
Joined: Tue May 17, 2005 8:30 am
Location: The Netherlands

Post by Rasheed »

You're right, perhaps I should have selected my words more carefully. However, it seems like nothing is happening to step up the security of this server. I thought by being more blunt, I could evoke an appropriate reaction.

For most people, security is not the first thing that comes to mind when they are dealing with computers. Security is a process, not a state. It is an ongoing battle of wits between owners and criminals. The latest trick, that hided a batch of links by scripting them invisible, proves that IMHO.

I see the above example of adding new forum accounts with some humor in it as a typical bad hacker's trait. It proves that he can do whatever he wants, even mock you in the face. He's smart and you're not.

And BTW no operating system is 100% secure. Only some (Windows) are targeted more often than others.
User avatar
Captain Jack
Posts: 37
Joined: Tue Feb 06, 2007 2:11 pm
Location: Indianapolis, IN
Contact:

Post by Captain Jack »

In this particular case, I don't think there's any worry, because "grifter", "con artist", "swindler", and other such terms are not what people call themselves, they're what other people say about them. People who play the con think of themselves as wolves in a world of sheep, staking out their rightful place in the order of things, and typically don't identify with negative descriptions. Same with spammers; they think of themselves as "advertisers" or "socially aware" and delude themselves into thinking that what they're doing is okay.

Someone who calls himself a grifter is almost certainly joking, or in rehab. If it was a hacker, he would have called himself a "God Among Mortals" with an interest in "Ruling the Known Galaxy" or some such nonsense as that. :)
User avatar
heyvern
Posts: 7035
Joined: Fri Sep 02, 2005 4:49 am

Post by heyvern »

I have to say I am not worried at all myself.

New malicious forum members are going to be a fact of life. Even if someone is personally approving new members the troublemakers are always going to slip through the cracks.
(I am sure animations4you didn't send some crazy email to get signed up.)

I am more worried about the content that is here being damaged in some way. I am sure there must be a backup somewhere. ;)

The one thing I was worried about was what will happen to this place in the long term. After speaking with Fahim at the Comicon this weekend, I am very excited about the future of this forum. Really happy about it. I think everyone involved realizes the importance of this forum and its members now and in the future. ;)

Don't worry too much. I'm not going to.

-vern
User avatar
jhbmw007
Posts: 382
Joined: Thu Feb 15, 2007 5:41 am

Post by jhbmw007 »

I just wanted to say I had a helluva time trying to get signed up on this forum. First the email you're supposed to get went into my spam folder (yahoo users take note), so I signed up under another email, and then I caught the registration email which went into my spam folder- followed the link and then it told me I had to wait for the admin to approve me! I finally just emailed the admin and asked for them to register my original name... okay so it only took 2 days to sort out but I'm impatient!!!

I think just the fact that lostmarble set up a "spam" forum topic to try and catch these guys shows hope- I haven't seen other forums do that- they just wait till the spam comes and then take a day or two to delete them.
LittleFenris
Posts: 246
Joined: Thu Mar 10, 2005 7:29 pm
Location: USA!

Post by LittleFenris »

jhbmw007 wrote:I think just the fact that lostmarble set up a "spam" forum topic to try and catch these guys shows hope- I haven't seen other forums do that- they just wait till the spam comes and then take a day or two to delete them.
Most other forums catch the spam before it ever shows up in the forum itself. I think the SPAM Bucket is a good start, but there are much better ways of securing the forum than catching the spam AFTER the fact.
Last edited by LittleFenris on Tue Feb 27, 2007 10:06 pm, edited 1 time in total.
User avatar
heyvern
Posts: 7035
Joined: Fri Sep 02, 2005 4:49 am

Post by heyvern »

Littlefenris,

Probably not the greatest idea to post information like that. If "They" didn't know that before they certainly know it now.

;)

-vern
User avatar
toonertime
Posts: 595
Joined: Tue Feb 27, 2007 8:34 am
Location: ST. LOUIS

fear not this grifter

Post by toonertime »

Hi Rasheed

I am a new member to the forum, and I am the
guy that put grifter in the profile, in humor, just
for a laugh.

I can see that the attempt at humor wasn't 100
percent successful!

At any rate, have no fear, I am here to learn about animation
and the studio software, and I promise not to swindle
or bamboozle anyone.
Post Reply