PDA

View Full Version : MacRumors Live Feed Hacked


nickspohn
Jan 6, 2009, 11:28 AM
According to the admins, expect a formal response from Arn later about this situation.

WinterMute
Jan 6, 2009, 11:29 AM
Hacker, it;s over.

Blue Velvet
Jan 6, 2009, 11:30 AM
I'm going to close this until someone like Arn or one of the admins are prepared to give an answer.

longofest
Jan 6, 2009, 11:32 AM
All-

MacRumors Live has been broken into. We sincerely apologize, and are working swiftly to remedy the situation.

UPDATE (1PM EST): Our coverage is over. Arn will post a more formal response later, however rest assured that the site takes this incident very seriously.

For now, please visit the following excellent sites for live coverage of the Macworld keynote (no particular order):

Engadget (http://www.engadget.com/2009/01/06/live-from-the-macworld-2009-keynote/#continued)
Gizmodo (http://live.gizmodo.com/)
Arstechnica (http://arstechnica.com/news.ars/post/20090106-macworld-ars-macworld-2009-keynote-live-on-ars.html)

JML42691
Jan 6, 2009, 11:34 AM
Any idea if the feed will be back up before the end of the keynote?

FireArse
Jan 6, 2009, 11:35 AM
I'm in support of the suspension of MacRumorsLive until the hack is fixed.

FireArse

MacGeek7
Jan 6, 2009, 11:36 AM
I'm in support of the suspension of MacRumorsLive until the hack is fixed.

FireArse

If it would help solve the situation faster than I agree with this statement.

mattwrit
Jan 6, 2009, 11:36 AM
I'm really pleased it's been hacked - it made me realise that Engadget's feed is a damn site better.

Apple Ink
Jan 6, 2009, 11:36 AM
Please atleast get the lid on the stupid feed!

Chaszmyr
Jan 6, 2009, 11:36 AM
I'm in support of the suspension of MacRumorsLive until the hack is fixed.

FireArse

I think it's gotten to the point that they don't have a choice...

nickspohn
Jan 6, 2009, 11:36 AM
There is a very long thread over at 4chan about this. Not even going to link to it.

miniConvert
Jan 6, 2009, 11:37 AM
Pretty appalled at some of the comments that went out on the hacked feed. Pathetic, tbh.

Victor ch
Jan 6, 2009, 11:37 AM
Is there anyway to pinpoint the perpetrator? I think he/she should be severely punished, no one should do this to MR :mad:.

Victor

nickspohn
Jan 6, 2009, 11:37 AM
Is there anyway to pinpoint the perpetrator? I think he/she should be severely punished, no one should do this to MR :mad:.

Victor

Yes. He's registered on this forum.

Mr_Ed
Jan 6, 2009, 11:39 AM
If it would help solve the situation faster than I agree with this statement.

Agree.

I hope they can finger the dips**** responsible, though I doubt that will happen.

azharc
Jan 6, 2009, 11:39 AM
http://www.mediafire.com/imgbnc.php/8cec69ac6555f396cf882b66df98f8a62g.jpg (http://www.mediafire.com/imageview.php?quickkey=m3jxtueielu&thumb=5)

miniConvert
Jan 6, 2009, 11:41 AM
Agree.

I hope they can finger the dip**** responsible, though I doubt that will happen.
Whoever dropped the ball with the implementation at MR and allowed such a widely viewed stream to be so badly defaced also needs a pretty hefty slap, IMHO.

TuffLuffJimmy
Jan 6, 2009, 11:41 AM
I'm really pleased it's been hacked - it made me realise that Engadget's feed is a damn site better.

Didn't the hacker link to "matt's blog?"

*points finger*

windstarfy
Jan 6, 2009, 11:41 AM
To the hacker. Thanks for ruining an otherwise awesome liveblog. :(

MacDawg
Jan 6, 2009, 11:42 AM
I'm really pleased it's been hacked - it made me realise that Engadget's feed is a damn site better.

Comments like this are uncalled for on the board at this time
If you really feel that way... please feel free to exit

Woof, Woof Dawg http://homepage.mac.com/k.j.vinson/pawprint.gif

Victor ch
Jan 6, 2009, 11:42 AM
Didn't the hacker link to "matt's blog?"

*points finger*

My thoughts exactly.

windstarfy
Jan 6, 2009, 11:44 AM
IP Ban? From the looks of it it seems it's more than one person that's ruining it :confused:

EDIT: Please close the live blog. There are some distubring pictures :(

pprior
Jan 6, 2009, 11:46 AM
Wow, I'm very disappointed. I had my kids in the room while I was watching, very not cool at all.

mattwrit
Jan 6, 2009, 11:47 AM
IP Ban? From the looks of it it seems it's more than one person that's ruining it :confused:

EDIT: Please close the live blog. There are some distubring pictures :(

Isn't it offline already?!

mattwrit
Jan 6, 2009, 11:49 AM
Comments like this are uncalled for on the board at this time
If you really feel that way... please feel free to exit

Woof, Woof Dawg http://homepage.mac.com/k.j.vinson/pawprint.gif

I appreciate what you're saying but I wasn't being flippant - I seriously think it's better. I meant it as more of a tip for others looking for somewhere else to go (and something for MR to consider for next time - the MR feed was a little dull and quite tricky to follow).

Ish
Jan 6, 2009, 11:49 AM
Yes, it's down.

JML42691
Jan 6, 2009, 11:50 AM
Isn't it offline already?!
The pictures were still up, I had a teacher behind me reading the blog when it happened. Thankfully the teacher understood that i was not trying to navigate to any of that stuff.

bartelby
Jan 6, 2009, 11:50 AM
quite tricky to follow.

:confused:

How? Unless you find reading tricky of course...

BarneysPosse
Jan 6, 2009, 11:51 AM
http://img.4chan.org/b/res/107637759.html

windstarfy
Jan 6, 2009, 11:52 AM
I liked the blog. Because it was like reading a chat, instead of constant refreshing via Engadget :(

Chaszmyr
Jan 6, 2009, 11:52 AM
:confused:

How? Unless you find reading tricky of course...

Maybe he's confused by the 800 people who have made "MacRumorsLive Hacked!!" threads. :rolleyes:

zblaxberg
Jan 6, 2009, 11:52 AM
Unfortunately these guys think they are funny...

Dmac77
Jan 6, 2009, 11:52 AM
How did they get in?

Don

tMac85
Jan 6, 2009, 11:54 AM
this sucks i feel really bad

windstarfy
Jan 6, 2009, 11:55 AM
Here's an assumption, they're updating via Email or something, so they send to an email address and it get's updated. Someone found the email or w/e and they're sending messages to it? (I use something similar with Wordpress)

iParis
Jan 6, 2009, 11:55 AM
Before it was taken down I saw a bunch of explicit words, especially "*****."
And I noticed 4chan being mentioned.
Thank god it's down, looks like I'll be using engadget for this one.

Drumjim85
Jan 6, 2009, 11:55 AM
I'm glad it's been hacked but ONLY to teach people about security. I doubt the bloggers were SSH tunneling...

but what they wrote was dirty and uncalled for.

Dmac77
Jan 6, 2009, 11:56 AM
There was a picture of an anus. Ugh /shudders/

Get your site back arn. Find these people and kill them.

Don

marold280
Jan 6, 2009, 11:57 AM
what absolute dicks that are doing that. kill them i need mac news !

MrNase
Jan 6, 2009, 11:57 AM
If they really left the .passwd as a public file... Oh well... Too bad it's offline but else could have been done? :(

dgouldin
Jan 6, 2009, 11:58 AM
If they're using open wifi unencrypted at a tech conference, they're asking for it IMO.

Pixellated
Jan 6, 2009, 11:58 AM
Whoever did this is very stupid and insensetive.

wilmor42
Jan 6, 2009, 12:01 PM
dont worry, it's just some bitter PC users..
what goes around comes around..
*wishing some horrid diseases on the perpetrators*

Dmac77
Jan 6, 2009, 12:02 PM
dont worry, it's just some bitter PC users..
what goes around comes around..
*wishing some horrid diseases on the perpetrators*

Actually one of them said that he was a linux user.

Don

Blue Velvet
Jan 6, 2009, 12:03 PM
All-

MacRumors Live has been broken into. We sincerely apologize, and are working swiftly to remedy the situation.

UPDATE (1PM EST): Our coverage is over. Arn will post a more formal response later, however rest assured that the site takes this incident very seriously.

For now, please visit the following excellent sites for live coverage of the Macworld keynote (no particular order):

Engadget (http://www.engadget.com/2009/01/06/live-from-the-macworld-2009-keynote/#continued)
Gizmodo (http://live.gizmodo.com/)
Arstechnica (http://arstechnica.com/news.ars/post/20090106-macworld-ars-macworld-2009-keynote-live-on-ars.html)


Update.

Mr_Ed
Jan 6, 2009, 12:03 PM
Whoever did this is very stupid and insensetive.

Yeah, but I see it more as "juvenile". I almost picture someone like my 12 year old stepson and his friends hiding in a corner making fart and poop jokes. Farther reaching implications, but juvenile nonetheless.

~Shard~
Jan 6, 2009, 12:04 PM
Glad I found this thread, I was wondering what had happened to the live feed. Too bad that we can't follow it on MRlive now, but engadget seems to be doing a great job - I've been tuning in there. Obviously this sucks, but I guess it's a good lesson on the importance of security if nothing else... :o

And I agree about the comments being totally inappropriate and so forth, but what do you expect coming from hackers? If someone is going to hack a site, they're probbaly going to try and create as much of a s#!% storm as possible. Unfortunate, but these things happen....

wilmor42
Jan 6, 2009, 12:04 PM
Actually one of them said that he was a linux user.

Don

i do sincerely apologize Don...

nickspohn
Jan 6, 2009, 12:04 PM
Someone posted fake passwords over at 4chan for all the top users (except Arn).


And also, sites seem to be linking to this specific forum, because there are over 500 viewing it..

iParis
Jan 6, 2009, 12:05 PM
Actually one of them said that he was a linux user.

Don

Ok, some bitter non-Mac users who seem very unintelligent.

iParis
Jan 6, 2009, 12:08 PM
Someone posted fake passwords over at 4chan for all the top users (except Arn).


And also, sites seem to be linking to this specific forum, because there are over 500 viewing it..

Good thing macrumors.com is shut down.

I am so sorry Arn. Hopefully this will be fixed soon.

hayduke
Jan 6, 2009, 12:10 PM
What a bummer. I'm sad today. Sorry, Arn.

Dmac77
Jan 6, 2009, 12:10 PM
Yes I'm very sorry that this has happened to you arn. It should have happened to gizmodo or engadget.

Don

dgouldin
Jan 6, 2009, 12:10 PM
Actually one of them said that he was a linux user.

Don

I'm not sure why you would assume that PC == Windows

Pixellated
Jan 6, 2009, 12:11 PM
Yes I'm very sorry that this has happened to you arn. It should have happened to gizmodo or engadget.

Don

Why? They've done nothing wrong to you.

dalvin200
Jan 6, 2009, 12:12 PM
major bummer... i realised just after the steve jobs comment was made!! sucks man.

hope you get the fckers Arn!

I'm really pleased it's been hacked - it made me realise that Engadget's feed is a damn site better.

wtf is this comment about? are you crazy!? :eek:

Palad1
Jan 6, 2009, 12:12 PM
Are the forums accounts safe?

Are the forums accounts password encrypted on the server?

Good luck Arn, it's going to be a rough couple weeks before everything settles.

windstarfy
Jan 6, 2009, 12:12 PM
On a sidenote: 17" O.O MBP

powerdave
Jan 6, 2009, 12:13 PM
Yes I'm very sorry that this has happened to you arn. It should have happened to gizmodo or engadget.

Don

??? What sort of comment is that?

Shame that it happened, but it looks like MRs admin panel and password file was open to the public. Stupid mistake but they will learn from it.

Peace
Jan 6, 2009, 12:13 PM
Do what BV says or the cat gets it!!.;)

BabyFaceMagee
Jan 6, 2009, 12:13 PM
If I were MacRumors I'd press charges and sue for damages of reputation, libel, etc. Teach the guilty a lesson.

ipponrg
Jan 6, 2009, 12:14 PM
all this means for the future for MR and other sites is to not take security mildly.

Dejavu
Jan 6, 2009, 12:14 PM
I was following 4 keynote streams, and by far MacRumorsLive had the best stream, I was just thinking. What a shame the feed got hacked! :mad:

Luftwaffles
Jan 6, 2009, 12:15 PM
/b/ and /g/ at 4chan are making threads about it. All the windows users on /b/ and /g/ thought they were being funny.

It appears they pulled the passwords directly from the admin page's .htpasswd file. So much for ub3r-1337 hackers. The script-kiddies of /b/ have gotten their giggles for today.

Hopefully this should stop as soon as their computer lab classes are over. :rolleyes:

oscillatewildly
Jan 6, 2009, 12:15 PM
Who knows, maybe one day they will get girlfriends.

bartelby
Jan 6, 2009, 12:16 PM
Who knows, maybe one day they will get girlfriends.

Doubtful. Very doubtful...

nickspohn
Jan 6, 2009, 12:16 PM
/b/ and /g/ at 4chan are making threads about it. All the windows users on /b/ and /g/ thought they were being funny.

It appears they pulled the passwords directly from the admin page's .htpasswd file. So much for ub3r-1337 hackers. The script-kiddies of /b/ have gotten their giggles for today.

Hopefully this should stop as soon as their computer lab classes are over. :rolleyes:

i've been reading over there for the passed hour, and /b/ had nothing to do with it, it was all /g/

and the person that did this is registered on the forums "apparently" based on his comment.

dejo
Jan 6, 2009, 12:16 PM
Who knows, maybe one day they will get girlfriends.
I hope not. We don't need people like this reproducing.

Dmac77
Jan 6, 2009, 12:19 PM
MR is my home. I could care less about Engadget or Gizmodo.

Don

fishmoose
Jan 6, 2009, 12:22 PM
Who knows, maybe one day they will get girlfriends.

I doubt that then they would need to stop be so amazed of anuses and start looking at the other sex instead ;)

TheWelshBoyo
Jan 6, 2009, 12:24 PM
It's a terrible shame.
The MacRumors Live liveblog was the best one yet.
It was very clean, and the interface was brilliant.
I hope the "hackers" at 4Chan are severely dealt with.

kidwithdimples
Jan 6, 2009, 12:25 PM
Seems like they even made a digg post about it

http://digg.com/apple/Macworld_2009_Keynote_Live_Coverage_at_Macrumours_HACKED

dgouldin
Jan 6, 2009, 12:26 PM
/b/ and /g/ at 4chan are making threads about it. All the windows users on /b/ and /g/ thought they were being funny.

It appears they pulled the passwords directly from the admin page's .htpasswd file. So much for ub3r-1337 hackers. The script-kiddies of /b/ have gotten their giggles for today.

Hopefully this should stop as soon as their computer lab classes are over. :rolleyes:

That sounds more embarrassing to me than "ub3r-l337 hackers" getting into your site. The web is their business. They should know better.

antirem
Jan 6, 2009, 12:26 PM
What happened here?

some pics....
Mac Rumors Hacked (http://hackerblog.net/papers/mac-rumors-hacked)

MisterEd
Jan 6, 2009, 12:27 PM
Seems like they even made a digg post about it

http://digg.com/apple/Macworld_2009_Keynote_Live_Coverage_at_Macrumours_HACKED

There are about a million digg posts right now...

Pixellated
Jan 6, 2009, 12:29 PM
Seems like they even made a digg post about it

http://digg.com/apple/Macworld_2009_Keynote_Live_Coverage_at_Macrumours_HACKED

Idiots. They are just stupid. Proven by the fact he's running Vista.

Hatchet
Jan 6, 2009, 12:31 PM
Why wasn't the coverage pulled when the Steve Jobs is Dead comment was first shown? Even I was tipped off that it looked like it had been hacked....?

Got pretty bad after that and feed wasn't pulled until the disturbing images...

I am beyond disappointed.

:mad::mad:

JG271
Jan 6, 2009, 12:34 PM
Why wasn't the coverage pulled when the Steve Jobs is Dead comment was first shown? Even I was tipped off that it looked like it had been hacked....?

Got pretty bad after that and feed wasn't pulled until the disturbing images...

I am beyond disappointed.

:mad::mad:

The admins were at the event, so I presume it was hard to just take the site down remotley. These things happen.

Pixellated
Jan 6, 2009, 12:36 PM
The admins were at the event, so I presume it was hard to just take the site down remotley. These things happen.

Precisely. Just because you don't know how to complain to who did this, don't take it out on whoever you can.

arn
Jan 6, 2009, 12:38 PM
Why wasn't the coverage pulled when the Steve Jobs is Dead comment was first shown? Even I was tipped off that it looked like it had been hacked....?


coverage was pulled very quickly. New visitors were redirected away. The problem with the self-loading feed is that the browser doesn't reload the whole page regularly.

arn

DarthTreydor
Jan 6, 2009, 12:41 PM
am i the only one who found it a little bit funny? i mean c'mon, can't you appreciate a little chaos? i mean its not like anyone got seriously injured (aside from some people's pride). macworld still happened. you still got your 17" mbp. steve is neither dead nor gay. the world moves on.

Kal-EL
Jan 6, 2009, 12:41 PM
main site's back up

"Our MacRumorsLive keynote coverage was hacked today, inserting inappropriate content into the text and photo feeds. We apologize for the inconvenience and are working to restore our services. The hack appears to be limited to the MacRumorsLive servers so forum accounts should be safe.

We'll continue Macworld Expo coverage on an ongoing basis this week, and will report on Apple's announcements shortly."

wildcardd
Jan 6, 2009, 12:43 PM
am i the only one who found it a little bit funny? i mean c'mon, can't you appreciate a little chaos? i mean its not like anyone got seriously injured (aside from some people's pride). macworld still happened. you still got your 17" mbp. steve is neither dead nor gay. the world moves on.

I can appreciate a little chaos...there are just some things that can't be unseen. *shivers*

dgouldin
Jan 6, 2009, 12:43 PM
coverage was pulled very quickly. New visitors were redirected away. The problem with the self-loading feed is that the browser doesn't reload the whole page regularly.

arn

Not so sure about that. I came in pretty late in the game and still got to the feed. Also, you always had the option of stopping the webserver process so that not even ajax/comet could continue functioning. Not a great user experience I know, but considering the alternative ...

Apple Ink
Jan 6, 2009, 12:43 PM
coverage was pulled very quickly. New visitors were redirected away. The problem with the self-loading feed is that the browser doesn't reload the whole page regularly.

arn

Aah.. makes sense!

But really you planning to take some action?

rpaloalto
Jan 6, 2009, 12:49 PM
Thanks anyway Arn, and to the rest of the MacRumors team. Sorry some one hacked your live feed.
I just got home from work. I'm now very disappointed that I have to use another site for coverage. Feels like I'm cheating on you all. For having to go some wear else:o

Miss.L
Jan 6, 2009, 12:51 PM
Greetings.

I'll introduce myself, and become quite unpopular, as a 4chan user. I was browsing the infamous /b/ board when the hacking began.
There are a few facts you should know, before you want to wage a war against those who did that.

First, know that if a lot of 4chan people think it's funny, another lot think it's not. Quite unpolite answers, such as "Cancercancercanceretc..." or "You newfags suck" were posted in numbers. These boards are chaotic, and what was entertaining, for them, as one of you pointed it out, was chaos. /b/ is "Random". Chaos.

Second important point, i think, is that you will never pinpoint anyone, and you will never sue 4chan. Many websites tried, but they systematically failed. 4chan is entirely anonymous, when a thread is deleted, there is no trace of whoever posted. No IP, nothing. Therefore, nobody to sue. Another thing to know is that this hacking -which I didn't like, once more- involved dozens of people, from many countries. My e-mail address says .fr, but there were also .com .us .de .uk .whatever. You can't sue 200 people from 30 countries.

Third point, a lots of 4chan posts lately said that Windows users were fags, and that macintosh-based software was immune to viruses and hacking, blah blah blah, well, you know trolls. Well... Kids from an anonymous website destroyed your live feed. What does that mean, well, I don't like to be rude, but it means MR sucked at security. The mere fact that it was easy doesn't mean the "hackers" suck. It means the MR security sucked more.
I personnally hope it will be fixed, so this doesn't happen again.

Fourth thing, which is important too, a thread was run on /b/ but as someone said on this very thread, /b/ people couldn't even cook an egg, so, organize an attack... Unlikely.

To finish with, I recommend not to respond, flood the boards, or anything like that, which could be extremely nocive to your website. I saw people who were attacked deciding to run a "terrible counter-attack" and flood the 4chan boards. As a result, their websites became flooded and polluted by thousands of angry "people".
/b/ is a cancer, and we, people using it, are tumors. We know it, we live with it. We're immune to cancer. We don't care about flood. Once more, I do not threaten you, as I don't participate in "flood parties", but many people on 4chan will strike extremely hard and it could become a war you can't win. It's not an army, it's a chaotic, anarchic, groupe of weird beings, it's like sheeps. If a sheep does something, the others follow... And 10.000 sheeps can do a lot of damage, alas !
My personnal advice is to reinforce security (a lot) and forget this. The best way to deal with us is to forget us.

After, I can understand your angriness, but for this time, the best answer is not to attack.

Thanks for your attention. I hope this problem will be fixed soon.


Miss L for Love, because showing breasts can solve a lot of problems.

dgouldin
Jan 6, 2009, 01:03 PM
What does that mean, well, I don't like to be rude, but it means MR sucked at security. The mere fact that it was easy doesn't mean the "hackers" suck. It means the MR security sucked more.
I personnally hope it will be fixed, so this doesn't happen again.


Couldn't agree more.

Miss L for Love, because showing breasts can solve a lot of problems.

... or causes them.

PowerFullMac
Jan 6, 2009, 01:04 PM
Greetings.

I'll introduce myself, and become quite unpopular, as a 4chan user. I was browsing the infamous /b/ board when the hacking began.
There are a few facts you should know, before you want to wage a war against those who did that.

First, know that if a lot of 4chan people think it's funny, another lot think it's not. Quite unpolite answers, such as "Cancercancercanceretc..." or "You newfags suck" were posted in numbers. These boards are chaotic, and what was entertaining, for them, as one of you pointed it out, was chaos. /b/ is "Random". Chaos.

Second important point, i think, is that you will never pinpoint anyone, and you will never sue 4chan. Many websites tried, but they systematically failed. 4chan is entirely anonymous, when a thread is deleted, there is no trace of whoever posted. No IP, nothing. Therefore, nobody to sue. Another thing to know is that this hacking -which I didn't like, once more- involved dozens of people, from many countries. My e-mail address says .fr, but there were also .com .us .de .uk .whatever. You can't sue 200 people from 30 countries.

Third point, a lots of 4chan posts lately said that Windows users were fags, and that macintosh-based software was immune to viruses and hacking, blah blah blah, well, you know trolls. Well... Kids from an anonymous website destroyed your live feed. What does that mean, well, I don't like to be rude, but it means MR sucked at security. The mere fact that it was easy doesn't mean the "hackers" suck. It means the MR security sucked more.
I personnally hope it will be fixed, so this doesn't happen again.

Fourth thing, which is important too, a thread was run on /b/ but as someone said on this very thread, /b/ people couldn't even cook an egg, so, organize an attack... Unlikely.

To finish with, I recommend not to respond, flood the boards, or anything like that, which could be extremely nocive to your website. I saw people who were attacked deciding to run a "terrible counter-attack" and flood the 4chan boards. As a result, their websites became flooded and polluted by thousands of angry "people".
/b/ is a cancer, and we, people using it, are tumors. We know it, we live with it. We're immune to cancer. We don't care about flood. Once more, I do not threaten you, as I don't participate in "flood parties", but many people on 4chan will strike extremely hard and it could become a war you can't win. It's not an army, it's a chaotic, anarchic, groupe of weird beings, it's like sheeps. If a sheep does something, the others follow... And 10.000 sheeps can do a lot of damage, alas !
My personnal advice is to reinforce security (a lot) and forget this. The best way to deal with us is to forget us.

After, I can understand your angriness, but for this time, the best answer is not to attack.

Thanks for your attention. I hope this problem will be fixed soon.


Miss L for Love, because showing breasts can solve a lot of problems.

I thought servers kept records of all the IPs of people that visited, though?

Powerdrift
Jan 6, 2009, 01:05 PM
That can always be disabled, of course.

kenta
Jan 6, 2009, 01:06 PM
Miss.L very well put. I was thinking the much the same but there's one more thing....

I bet you can't triforce ;)

Miss.L
Jan 6, 2009, 01:09 PM
I thought servers kept records of all the IPs of people that visited, though?

I'm not quite sure I understand your sentence, sir. Of people that visited what ? If you mean "a particular thread", it's worthless, as all people visiting a thread don't participate in it and don't automatically approve what is said into this very thread. If you mean that visited a board, well, that's 6.000 IPs, I'm not quite sure you could get something out of it.
Once more, other websites tried, and 100% of them failed. You would waste time and possibly money, which could be used in better ways, such as buying your girlfriend some roses.

EDIT to Kenta : triforce threads are copypasta

Anyway, as I'm not an ambassador I'm not likely to answer all of your questions (the only official of 4chan is moot, and I'm not moot).

PowerFullMac
Jan 6, 2009, 01:13 PM
I'm not quite sure I understand your sentence, sir. Of people that visited what ? If you mean "a particular thread", it's worthless, as all people visiting a thread don't participate in it and don't automatically approve what is said into this very thread. If you mean that visited a board, well, that's 6.000 IPs, I'm not quite sure you could get something out of it.
Once more, other websites tried, and 100% of them failed. You would waste time and possibly money, which could be used in better ways, such as buying your girlfriend some roses.

EDIT to Kenta : triforce threads are copypasta

I thought that all websites kept huge logs of all visitors, so if I type 4chan.org and press enter that site would then have a record of my visit.

Note to admins: making the password file public is like shouting the passwords while posting them on dodgy sites yourself.

SpinThis!
Jan 6, 2009, 01:16 PM
I thought servers kept records of all the IPs of people that visited, though?
IP address doesn't tell you much. A smart hacker would probably go through a few anonymous proxy servers first in multiple countries so it's harder to track down. It would be like calling your friend who calls another friend who calls another friend, etc.

And hackers usually use some free wifi connection somewhere. Even if you had a reliable IP address, you need probable cause to obtain customer information. ISPs just don't hand that information out because someone hacked your site; you would need to lose a lot to make it worth your while to track down.

It's really a shame the hackers were so childish about the whole thing but bottom line here: secure your sites and keep them up to date! I noticed MR's servers here are running a version of Apache and PHP a couple versions behind as well. (Ideally that server signature shouldn't even be displayed to make it harder to figure out what you're running.)

wongulous
Jan 6, 2009, 01:17 PM
I remember when MacRumors was not populated with n00bs. I think this was pre-iPhone, pre-Apple-Stores-on-every-corner, pre-Intel. Now, it's just different. This is a mass commodity.

My point is, most people here are just regular Joes now, for the most part. What regular Joes don't understand is that 4chan users think entirely different. Internet trolls were probably a new or vaguely familiar thing they've heard about to many.

To those people, I want to hug them and tell them that it's going to be okay, that no one thinks they're a fag, and no one wants Steve Jobs dead. I also want to tell them that there is life beyond a MacWorld liveblog.

I also completely hope that Arn, the whole MR team, and the MR community see that it would be imprudent, to say the least, to attempt to respond to 4chan. Don't counter-attack, don't try to sue, don't try to badmouth them. In fact, don't even talk about how much it sucked, how appalled you were, how disappointed you are, how it ruined all of 2009 and the last MacWorld keynote liveblog and you needed a whole towel to soak up your tears. It only gives them the attention and reaction that they desired when they did all of this.

Just ignore it, have a laugh (it's therapeutic! really!) and move on. Security holes become exploits become fixes. This is ONLY THE INTERNET.

Miss.L
Jan 6, 2009, 01:25 PM
>>Spinthis!

I'm afraid, sir, that most people didn't even do that. To what end ? If you could get all the live addresses of all the pirates, you'd have 300 different addresses from at least 20 different countries with different laws. Congratulations, now what ?

>>Wongulous

You perfectly understood the situation, which means I can leave in peace. Thank you kind sir.

PowerFullMac
Jan 6, 2009, 01:25 PM
I remember when MacRumors was not populated with n00bs. I think this was pre-iPhone, pre-Apple-Stores-on-every-corner, pre-Intel. Now, it's just different. This is a mass commodity.

My point is, most people here are just regular Joes now, for the most part. What regular Joes don't understand is that 4chan users think entirely different. Internet trolls were probably a new or vaguely familiar thing they've heard about to many.

To those people, I want to hug them and tell them that it's going to be okay, that no one thinks they're a fag, and no one wants Steve Jobs dead. I also want to tell them that there is life beyond a MacWorld liveblog.

I also completely hope that Arn, the whole MR team, and the MR community see that it would be imprudent, to say the least, to attempt to respond to 4chan. Don't counter-attack, don't try to sue, don't try to badmouth them. In fact, don't even talk about how much it sucked, how appalled you were, how disappointed you are, how it ruined all of 2009 and the last MacWorld keynote liveblog and you needed a whole towel to soak up your tears. It only gives them the attention and reaction that they desired when they did all of this.

Just ignore it, have a laugh (it's therapeutic! really!) and move on. Security holes become exploits become fixes. This is ONLY THE INTERNET.

I agree. 4chan "/b/tards" have a huge thing about the Internet being a huge game, the objective being to screw it up and annoy as many people as they can in the process.

They are mostly script-kiddies though, someone got the password file and distributed the passwords publicly (that much is obvious) so the people who done the spamming are not the hackers at all.

Apple Ink
Jan 6, 2009, 01:42 PM
Greetings.

I'll introduce myself, and become quite unpopular, as a 4chan user. I was browsing the infamous /b/ board when the hacking began.
There are a few facts you should know, before you want to wage a war against those who did that.

First, know that if a lot of 4chan people think it's funny, another lot think it's not. Quite unpolite answers, such as "Cancercancercanceretc..." or "You newfags suck" were posted in numbers. These boards are chaotic, and what was entertaining, for them, as one of you pointed it out, was chaos. /b/ is "Random". Chaos.

Second important point, i think, is that you will never pinpoint anyone, and you will never sue 4chan. Many websites tried, but they systematically failed. 4chan is entirely anonymous, when a thread is deleted, there is no trace of whoever posted. No IP, nothing. Therefore, nobody to sue. Another thing to know is that this hacking -which I didn't like, once more- involved dozens of people, from many countries. My e-mail address says .fr, but there were also .com .us .de .uk .whatever. You can't sue 200 people from 30 countries.

Third point, a lots of 4chan posts lately said that Windows users were fags, and that macintosh-based software was immune to viruses and hacking, blah blah blah, well, you know trolls. Well... Kids from an anonymous website destroyed your live feed. What does that mean, well, I don't like to be rude, but it means MR sucked at security. The mere fact that it was easy doesn't mean the "hackers" suck. It means the MR security sucked more.
I personnally hope it will be fixed, so this doesn't happen again.

Fourth thing, which is important too, a thread was run on /b/ but as someone said on this very thread, /b/ people couldn't even cook an egg, so, organize an attack... Unlikely.

To finish with, I recommend not to respond, flood the boards, or anything like that, which could be extremely nocive to your website. I saw people who were attacked deciding to run a "terrible counter-attack" and flood the 4chan boards. As a result, their websites became flooded and polluted by thousands of angry "people".
/b/ is a cancer, and we, people using it, are tumors. We know it, we live with it. We're immune to cancer. We don't care about flood. Once more, I do not threaten you, as I don't participate in "flood parties", but many people on 4chan will strike extremely hard and it could become a war you can't win. It's not an army, it's a chaotic, anarchic, groupe of weird beings, it's like sheeps. If a sheep does something, the others follow... And 10.000 sheeps can do a lot of damage, alas !
My personnal advice is to reinforce security (a lot) and forget this. The best way to deal with us is to forget us.

After, I can understand your angriness, but for this time, the best answer is not to attack.

Thanks for your attention. I hope this problem will be fixed soon.


Miss L for Love, because showing breasts can solve a lot of problems.

Much appreciated.

Leafhat
Jan 6, 2009, 02:05 PM
Well, this is kind of hilarious actually. What is this? Is it some kind of "If you try to sue us we'll send you a sawed off pigs head"? There are always consequences for improper actions. Perhaps you'll be lucky again, and nothing will happen this time. Perhaps even if that "anonymous site" falls, you'll just group up somewhere else. Someone will still meet the consequences.

You're right, there's probably no way to track every schmuck that decided to humour themselves tonight. And for a lot of people this feels like just a joke, that nobody should take seriously. What happened was a criminal action, despite the bad security, despite the topic of this site. The easiest way to rid of problems like this is to go for the root. Now depending on where 4chan is hosted, there might just be a law saying "Aiding criminals is prohibited and punishable". Then again, who would bother suing a bunch of trolls sitting in their basement watching cartoon porn?

Palad1
Jan 6, 2009, 02:05 PM
There's always the option of looking at the /admin logs on Macrumorslive.com to get the IPs but really what's the point?

Biggest issue for the admins now is to make sure the site is up and running and do some damage control (ie. making sure all the other parts of the site don't use the same passwords as those that were leaked).

The first 10 seconds of the hijack were pretty fun actually.

Good luck MR admin team, not fun.

PowerFullMac
Jan 6, 2009, 02:23 PM
Remember next time: DONT MAKE THE PASSWORD FILE PUBLIC

Sorry if I sound rude here but what did you think would happen if you made the file containing the admin passwords public? It's impossible for you not to get "hacked" doing that, as easy as walking through a open door, or should I say a door with the keys left in the lock, that's more accurate.

Now, to restore my bloody iPhone 3G for the second time this month...

Baffles
Jan 6, 2009, 02:58 PM
Remember next time: DONT MAKE THE PASSWORD FILE PUBLIC

Sorry if I sound rude here but what did you think would happen if you made the file containing the admin passwords public? It's impossible for you not to get "hacked" doing that, as easy as walking through a open door, or should I say a door with the keys left in the lock, that's more accurate.

Now, to restore my bloody iPhone 3G for the second time this month...

More like a door with no lock. There was no password.