Okay, the boards are cracked, i don't know why it's taking so long to update them, it takes a whole 5 minutes, infact, it's so easy i've even automated the process on my own websites via a crontab that runs once weekly. The boards are easily exploitable and it's a shame to see this on ns4.
I'm unsure why my login stopped working, and i'm unsure why the boards are now using https (wich is all busted up). Is the security certificate supposed to be there? nsrealm.com/boards does NOT exist when trying to access via https.
To anyone trying to login:
If you use the same password for many things, or even just your nwn account, do NOT login to the boards with that account.
They have been cracked, and who knows what password recording modifications have been inserted into the login script. The attacker could just be trolling for nwn passwords, remember, if you use the same password for the forums, the attacker may now have access to your nwn account, and if he does, he has access to your CDKeys as well (they're recorded on the bioware website, wich uses your nwn login on the bioware site as well)
If you wish to post, LOG OUT if you are still logged in via cookies, click the login button, click "I forgot my password" give the username/email and you will receve an email with a https link. Copy that link, replace the 'https' with 'http', and go to the url. your password will now be reset to something random, and safe to login with. The only thing you can now loose is your ns4 boards account, wich is not exactly the most important thing in the world.
You can remove your nwn cdkeys from the bioware website by logging in at http://nwn.bioware.com and accessing your profile. Note, they record the keys there so incase you loose the papers/manuals that they had come printed on when you bought it, you can recover them. Removing your keys from the bioware site will obviously make this impossible, so make sure you don't loose your keys (i wrote all mine down on a pice of paper and stuck it in the little cardboard cd wallet that came with hotu)
I've asked in the irc channel about the boards and nobody will tell me what's up with the security certificate bs, or the https bs, or why my account had it's password changed, but i'd bet it has something to do with the crack untill one of the people in the #neversummer channel says otherwize.
Logging In / Boaords Cracked / Whats Up?
-
Terminal Insanity
- Newbie Helper
- Posts: 348
- Joined: Thu Nov 27, 2003 1:24 pm
- Location: I am Jacks hate.
.
I dont think the hacker is after our NWN accounts (althoug it ofcouse is posible). Both times we where hacked the hackers also attacked alot of other php boards. It seems to be more of a "showing the colors" then anything else. Unless ofcouse they attacked all the other websites to cover up what they where after.
Actually..it's NOT that easy sometimes... lke on my own linux server, running the stable version of Debian -- it simply won't allow phpbb to be updated! It uses libraries that the current version of Deb doesn't allow (yet)...
But yes, keeping your game password and boards password different is a good idea one way or the other. It is likely that the 'hacker' is probably using some utility that someone else wrote to hack whatever php boards he finds on google. How lame - what a way to spend a saturday night
But yes, keeping your game password and boards password different is a good idea one way or the other. It is likely that the 'hacker' is probably using some utility that someone else wrote to hack whatever php boards he finds on google. How lame - what a way to spend a saturday night
