Your Ad Here Your Ad Here
Page 1 of 6 1234 ... LastLast
Results 1 to 10 of 58

Thread: What.CD database compromised?

  1. #1
    psxcite's Avatar Pimpilicious Penguin
    Join Date
    Feb 2006
    Location
    Pimpin' in the South Pole
    Posts
    739
    Seems hackers got the What.CD user database and they are sending fake RIAA emails to all the users. Must have happened during the SQL injection hack.


    Delivered-To: my@address
    Received: by 10.115.106.10 with SMTP id i10cs44735wam;
    Mon, 12 Nov 2007 02:35:00 -0800 (PST)
    Received: by 10.114.190.6 with SMTP id n6mr271088waf.1194863700180;
    Mon, 12 Nov 2007 02:35:00 -0800 (PST)
    Return-Path:
    Received: from spunkymail-mx6.g.dreamhost.com (mx1.spunky.mail.dreamhost.com [208.97.132.47])
    by mx.google.com with ESMTP id m27si5736940wag.2007.11.12.02.34.59;
    Mon, 12 Nov 2007 02:35:00 -0800 (PST)
    Received-SPF: neutral (google.com: 208.97.132.47 is neither permitted nor denied by best guess record for domain of riaa@bitient.org) client-ip=208.97.132.47;
    Authentication-Results: mx.google.com; spf=neutral (google.com: 208.97.132.47 is neither permitted nor denied by best guess record for domain of riaa@bitient.org) smtp.mail=riaa@bitient.org
    Received: from bitient.org (unknown [85.17.201.73])
    by spunkymail-mx6.g.dreamhost.com (Postfix) with ESMTP id 6EABC2D320
    for ; Mon, 12 Nov 2007 02:34:35 -0800 (PST)
    Received: (qmail 21760 invoked by uid 10012); 12 Nov 2007 11:34:22 +0100
    Date: 12 Nov 2007 11:34:22 +0100
    Message-ID: <20071112103422.21757.qmail@bitient.org>
    To: my@address
    Subject: Music Piracy
    From: piracy@riaa.org
    Reply-To: piracy@riaa.org
    X-Originating-IP: [76.74.24.143]
    X-Originating-Email: [piracy@riaa.org]
    X-Mailer: Internet Mail Service


    Subj: Music Piracy
    Date: Mon, Nov 12, 2007 at 4:35 AM
    From: piracy@riaa.org
    ----------------------------------------------------------------
    Dear registered user of the site What.cd,

    We have recently been investigating the activities of the users of the
    site http://www.what.cd/ and we have found that this site exists for the
    sole purpose of music piracy.

    Pirating music is a criminal offence and we believe it should be obvious
    to you that the results outweigh the benefits - hard working artists
    won't be rewarded for their work and will stop producing music,
    ultimately leading to a severely reduced selection of music both in the
    shops and for download.

    The RIAA had hoped that the disabling by the police of the large illegal
    music site, Oink.cd, would stop a lot of people from engaging in piracy,
    as they don't want to be seen as criminals. However, this appears to
    not be the case, as two large new sites have sprung up in its place.

    This email is the final warning to all of you who were members of
    Oink.cd and are current members of What.cd. If we find you to be
    committing any more criminal acts of piracy then we will have to press
    charges against you, as representatives of the major record companies of
    America.

    Yours Faithfully,

    The RIAA
    Oh you silly script kiddies. Get a life.

    FYI

    Consider your passwords disclosed
    The attacker probably has a copy of password hashes and with a bit of effort can result in cracking of your password.

    Change your passwords elsewhere!

    Luckily for me, I use a different password on everysite.
    Last edited by psxcite; 11-12-2007 at 11:06 AM.
    "Dude, where's my rar?"

  2. BitTorrent   -   #2
    Hanz™'s Avatar making the world go BT Rep: +3
    Join Date
    Nov 2004
    Location
    Hollywood
    Age
    50
    Posts
    477
    Ugh. Yet another reason to use waffles over what.

  3. BitTorrent   -   #3
    fOrUmAs's Avatar Poster BT Rep: +75BT Rep +75BT Rep +75BT Rep +75BT Rep +75BT Rep +75BT Rep +75BT Rep +75BT Rep +75BT Rep +75BT Rep +75BT Rep +75BT Rep +75BT Rep +75BT Rep +75
    Join Date
    Oct 2007
    Location
    Zagreb
    Age
    32
    Posts
    3,420
    Someone really doesn't like us! ∼ posted on Nov-12-07 by What
    This week has been terrible. After we did two code audits and fixed our security issues, our wonderful attackers couldn't get in (yay!), so they turned to brute force. After having been hit by several port scans and a rather fearsome DDoS attack (traffic reaching almost 80 megabits per second (note: that's 10 megabytes per second)) our server pretty much went to hell. After an extended downtime (ending a couple hours ago) during which we tweaked firewall settings, etc., we decided that it was safe enough to bring the site back up.

    Pretty much immediately after the site came back up we had someone trying to brute force our (well passworded) ssh accounts (they've now met the hot burny side of the firewall).

    What have we learned from all this? That there is a person or a group of people somewhere that wants us to disappear. We originally thought that the attacks were by bored kids, but whoever was behind the DDoS appears to be much more serious than that. We aren't going to publicly speculate on who is behind the attacks - we'll leave that to you guys.

    Despite these attacks, we are still up and running, and we hope to stay this way for a very long time. We have plans for this site, and we aren't going to flush them down the drain just because some people don't like what we're doing. The first of our plans involves a very cool freeleech plan, but we're going to wait until we're sure the tracker's relatively stable for that. For the time being, we're keeping freeleech on until further notice.

    Edit by DAQ: These fake RIAA Emails are just that. Fake. http://pastebin.ca/770503 Read that.


    http://www.downforeveryoneorjustme.com/

  4. BitTorrent   -   #4
    Poster BT Rep: +13BT Rep +13BT Rep +13
    Join Date
    May 2007
    Location
    Europe
    Posts
    683
    Yes, well. It would take large amounts of time to work for 15k user passwords and to use them on top of that. To me it looks like the only target is what.cd and they're really trying to make the staff's life miserable

    This mail was originally sent from the what.cd server itself, anything else is smokescreen.

  5. BitTorrent   -   #5
    Polarbear's Avatar deep funk BT Rep: +5
    Join Date
    Sep 2007
    Location
    behind the turntables
    Age
    46
    Posts
    3,658
    i got this nonsense as well. probably a frustrated ex-staff kid.

  6. BitTorrent   -   #6
    AugustoP's Avatar Poster BT Rep: +1
    Join Date
    Mar 2007
    Posts
    620
    It's send from what.cd server to what.cd userbase. Staff really has to explain that shit to everyone concerned about security.

  7. BitTorrent   -   #7
    Artemis's Avatar ¿ןɐɯɹou ǝq ʎɥʍ BT Rep: +3
    Join Date
    Jun 2007
    Location
    127.0.0.1
    Posts
    6,331
    Here we go again ?
    yet another site database hacked, I think this will be a big nail in the coffin of what.cd on top of the sql injection of the porn image and all the downtime experienced through ddos attacks and 'updates'.

    4d7920686f76657263726166742069732066756c6c206f662065656c73


  8. BitTorrent   -   #8
    Polarbear's Avatar deep funk BT Rep: +5
    Join Date
    Sep 2007
    Location
    behind the turntables
    Age
    46
    Posts
    3,658
    even though the pw's are encrypted on the server, i'd recommend to change your what passwords.

  9. BitTorrent   -   #9
    psxcite's Avatar Pimpilicious Penguin
    Join Date
    Feb 2006
    Location
    Pimpin' in the South Pole
    Posts
    739
    After the Bit-HDTV fiasco, I would change your password on the site. If you use the same password on other sites (shame on you), I would change them NOW.
    Also, be prepared to really monitor any unknown emails you may receive. I hope I don't have to tell you not to open any unknown emails people. I would expect now that they have the email list, we are in for some "spam from hell".
    Last edited by psxcite; 11-12-2007 at 11:30 AM.
    "Dude, where's my rar?"

  10. BitTorrent   -   #10
    John1988's Avatar ★★★Need help?Ask★★★ BT Rep: +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100BT Rep +100
    Join Date
    Aug 2007
    Posts
    1,399
    OMG!!!
    i got the same email
    wth is going on??

Page 1 of 6 1234 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •