As many of you know, the forums went down yesterday due to some database issues. This was due to Program (Aaron) and Mute (Luke) deleting the entire forums, all of the in-game items, and many other various things such as my senior project data. He was banned permanently because of this; I was up until 5 AM yesterday restoring all of this data from a backup recorded at 8 AM yesterday, then I immediately went to sleep, or I would've posted about this yesterday. So basically, the forum and the game have effectively been rolled back to 8 AM yesterday.
Also, I don't understand why you guys think the WorldScape is going to be shut down, if I wanted it to be shut down, I would've just kept it offline after it was hacked. But I spent four hours repairing it because this is my website and game and I care about it; it was the first private server I created and I don't plan on shutting it down.
You guys keep complaining about the RuneRebels project; the reason we didn't post it here is because we didn't want it to steal players from WorldScape, however you guys freaked out saying that we were trying to keep it a secret, so we post it here for everyone to see, and now you freak out because you think we are stopping WorldScape. Both server will continue to be run and updated.
I'm sorry that updates to WorldScape are still widely spaced out; but it has been like this for a while, mainly because I have so many other things going on in my life, such as school, planning for college, and so on. Right now I have four weeks "off" from school where I must work 6 hours every weekday on my senior project, which is developing another game from scratch. So I'm sorry that there aren't many updates, but the server is not shutting down and it would be nice if everyone would stop spreading rumors that aren't true! Thank you,
- (http://www.worldscapeblitz.com/rs/pics/admin.gif)Ry60003333
Thanks for the explanation, now I know what happened. :D I myself understand how difficult it's been for you and the staff, so I haven't been saying anything about this whole RuneRebels thing and you guys not replying. But I have one question. Are the other staff members and developers like Kevin and Alex helping you on your senior project of making a new game too? I was just wondering. ???
Whos Program? are you sure its him
Program was a former forum moderator on here and he was a part of the WorldScape Rebellion group.
so its a person?
Yeah he was a person not a program lol. O.O
Completely understandable Ry. Glad you've done all this work for us.
Thank you <3
Why would he do that!?
Thank you so much for doing such a thing.. you know when that happened last night, my friend and i were kind of surprised it happened but i told him i honestly thought someone did this so i just waited it out. I knew it would come back up and for that, i thank you. Now i'm going to go play some of my favorite game in the RSPS server
Quote from: patrickcolmeyer on May 05, 2012, 03:08:32 PM
so its a person?
Quote from: 010 on May 05, 2012, 03:39:32 PM
Why would he do that!?
Both of these user accounts are accounts created by the hacker.
Quote from: freak m4n on May 05, 2012, 04:21:29 PM
Quote from: Ry60003333 on May 05, 2012, 03:51:26 PM
Quote from: patrickcolmeyer on May 05, 2012, 03:08:32 PM
so its a person?
Quote from: 010 on May 05, 2012, 03:39:32 PM
Why would he do that!?
Both of these user accounts are accounts created by the hacker.
So it wasn't Program and Mute?
It was, they created those accounts as well, and edited my post earlier to say Kevin.
@Ry - Why have you devoted so much time to a game that barely anybody plays? You're obviously very talented, what are you studying?
This is terrible :(, I hope not a large bite of your project was taken =\.
Ry, what can I say, your so dedicated, times may be slow, but they will pick up again, they always have and always will! We adore you for doing this for us :)
Regards
Thehate
No hard feelings Ryan.
Love ya man.
Thanks Ryan for getting the info on what happened yesterday or when it happened. I guess people don't have a life considering they want updates in an hour. Thanks for every thing and I really don't care if you opened up another server. It's your choice not ours. ;)
how did they hack this servr? i love it and i want to find who did this >:(
Quote from: Raiden96 on May 06, 2012, 04:11:25 PM
how did they hack this servr? i love it and i want to find who did this >:(
He says in his post. MUTE AND PROGRAM. People don't read shit, damn.
Quote from: Recoil on May 06, 2012, 04:43:19 PM
Quote from: Raiden96 on May 06, 2012, 04:11:25 PM
how did they hack this servr? i love it and i want to find who did this >:(
He says in his post. MUTE AND PROGRAM. People don't read shit, damn.
That was Aaron trying to hack again.
Are you absolutely positive? He's not online.
Quote from: Recoil on May 06, 2012, 04:46:12 PM
Are you absolutely positive? He's not online.
Yup
Quote from: Kevin on May 06, 2012, 04:45:10 PM
Quote from: Recoil on May 06, 2012, 04:43:19 PM
Quote from: Raiden96 on May 06, 2012, 04:11:25 PM
how did they hack this servr? i love it and i want to find who did this >:(
He says in his post. MUTE AND PROGRAM. People don't read shit, damn.
That was Aaron trying to hack again.
I was suspecting that lol.
herp derp I'm stupid
Respect for you Ry.
You had it coming.
Why did jake get demoted?
Quote from: CookBook101 on May 06, 2012, 05:51:49 PM
herp derp I'm stupid
lmao^^
And yeah, why did Jake get demoted?:(
Jake got demoted because he was a suspect for being involved with the hacking, as was I. I was banned but I explained to Ryan I was innocent, so now I'm good. Jake didn't hack, but why he hasn't gotten his position back yet I don't know.
It's sad to see good people go bad.
Quote from: D E A T H on May 07, 2012, 05:01:44 PM
It's sad to see good people go bad.
I never went bad. It was a misunderstanding. Everything is clear now though.
how do you know program and mute did it?
Pretty sure they looked at their IP.
wouldnt that be the first thing to change if you were going to hack this website?
Well with Ryan being a genious that's probably no much of a problem with him, I'm sure they found out one way it was them.
I was on when this happen.. and i'm sure recoil saw this but, Batman was admin lmfao for the time all this happen.
Quote from: nate on May 07, 2012, 09:21:51 PM
wouldnt that be the first thing to change if you were going to hack this website?
You would think, right? We can't go too in-depth with the details at this current point in time, but in the near future we will have a full report of the breach. I will say though, the evidence is plentiful.
Yeah, To be honest, I think we should stop talking about what has happened. Just look towards the future ;D
When they can tell us something, they will.
Quote from: Jake on May 07, 2012, 10:55:17 PM
Yeah, To be honest, I think we should stop talking about what has happened. Just look towards the future ;D
When they can tell us something, they will.
Well, I can say this. Luke doesn't really "Hack" he was more of a cheer leader for the whole thing. Aaron was the hacker in all of this. He found a way to gain access to the database and just dropped everything. Dropping something in MySQL just deletes it. So he kept doing that. We asked him about it because we knew he had done it. I had already banned him and while we were sitting there, he decided to hack us again, they tried demoting me on the forums and in-game which they didn't do correctly so nothing happened, we snagged their IP's and called both of their ISP's. We spoke with Aarons ISP for quite some time, and they sent in a report. So we decided to do some investigating ourselves. We managed to find Aarons last name, with that we found both his parents names. With that, we found their home address, along with their home phone number. So we gave them a ring, and they wont be a problem anymore.
EDIT: And for the people who said we had backdoor things inside the client (Key logger, Ddoser, RAT, ect.) if we did have all of those things, wouldn't you think we would have used it to our advantage against Aaron and Luke. I know some of you talk to them still.
They said it was in tools.jar. That file is currently empty.
Quote from: Kevin on May 07, 2012, 11:49:25 PM
Quote from: Jake on May 07, 2012, 10:55:17 PM
Yeah, To be honest, I think we should stop talking about what has happened. Just look towards the future ;D
When they can tell us something, they will.
Well, I can say this. Luke doesn't really "Hack" he was more of a cheer leader for the whole thing. Aaron was the hacker in all of this. He found a way to gain access to the database and just dropped everything. Dropping something in MySQL just deletes it. So he kept doing that. We asked him about it because we knew he had done it. I had already banned him and while we were sitting there, he decided to hack us again, they tried demoting me on the forums and in-game which they didn't do correctly so nothing happened, we snagged their IP's and called both of their ISP's. We spoke with Aarons ISP for quite some time, and they sent in a report. So we decided to do some investigating ourselves. We managed to find Aarons last name, with that we found both his parents names. With that, we found their home address, along with their home phone number. So we gave them a ring, and they wont be a problem anymore.
EDIT: And for the people who said we had backdoor things inside the client (Key logger, Ddoser, RAT, ect.) if we did have all of those things, wouldn't you think we would have used it to our advantage against Aaron and Luke. I know some of you talk to them still.
They said it was in tools.jar. That file is currently empty.
Geez, Jeremy did that to poor Coleshot1 just out of bullying. (called his parents etc)
20 year old vs a 14 y/o unfair advantage lol but ANNNYYWAY
AAAAAAAAAAAAARRRRRRRRRRRRRRROOOOOOOOOOOOOOON
GOT
OWNED
Let's not bring that up anymore Mia 8)
That's all in the past.
To add on to what Kevin said... We believe he went on through a proxy Ryan was running (proxy.allgofree.org) and proceeded to use an SQL Injection to gain administrative access to the site and database. Being that he was on Ryan's proxy, the server recognized him as 127.0.0.1 (basically thought he was Ryan), and that's why his attacks went relatively unnoticed. Alternatively, he could also have exploited the actual Linux computer used to host the proxy and forum. That would explain why he maintained privileges for an extended period of time. After using DROP to delete the tables and effectively delete player stats, he proceeded to create more Admin accounts for himself to use. At this point the AllGoFree staff caught on to what he was doing, and began to secure the forums. This was the end of the road for Aaron. For his last stunt, he messed around with Kevin's profile and tried to demote legitimate Admins. The AllGoFree team was quick to respond, with Ryan revoking MYSQL privileges that weren't needed and restoring from a backup. I only jumped on the team about a day after the initial attack, so I defiantly have to give a lot of credit to the Admins, Mods, and Players that helped to get WorldScape up and running again. The server and IP logs AllGoFree had were an essential part to figuring out who was behind the attack. Matching the server logs with the IP's of players who logged in lead us to believe it was Aaron (Program) and Luke (Mute).
Quoteay 5 15:04:46 debiang5 afpd[21872]: done
May 5 15:05:15 debiang5 suhosin[22004]: ALERT - configured GET variable value length limit exceeded - dropped variable 'sql_tbl_insert_q' (attacker '75.152.105.45', file '/mnt/zsites/allgofree/blitz/smf/Themes/The_Killing_SMF2/scripts/theme.php')
May 5 15:06:01 debiang5 /USR/SBIN/CRON[22070]: (ry60003333) CMD (java -jar /home/ry60003333/ServerStatus/ServerStatusJob.jar)
May 5 15:06:46 debiang5 suhosin[22104]: ALERT - configured GET variable value length limit exceeded - dropped variable 'sql_query' (attacker '75.152.105.45', file '/mnt/zsites/allgofree/blitz/smf/Themes/The_Killing_SMF2/scripts/theme.php')
May 5 15:06:50 debiang5 suhosin[22104]: ALERT - configured GET variable value length limit exceeded - dropped variable 'sql_tbl_insert_q' (attacker '75.152.105.45', file '/mnt/zsites/allgofree/blitz/smf/Themes/The_Killing_SMF2/scripts/theme.php')
May 5 15:08:08 debiang5 suhosin[22100]: ALERT - configured request variable name length limit exceeded - dropped variable 'COOKIE%3Bpma_collation_connection%3B%2F%3Bphpmyadmin_allgofree_org' (attacker '75.152.105.45', file '/mnt/zsites/Sites/proxy/index.php')
(http://s13.postimage.org/bohy03047/evi.jpg)
After directly asking the two through Skype, they admitted to hacking WorldScape!
Quote[5/5/12 3:55:39 PM] Aaron: It wasn't me, so you should double check whatever proof you think you have.
[5/5/12 3:55:44 PM] Ryan : http://www.allgofree.org/pics/evidence/
[5/5/12 3:55:48 PM] Ryan : http://www.allgofree.org/pics/evidence/evidence_1.png
[5/5/12 3:55:50 PM] Ryan : Hacker account.
[5/5/12 3:55:59 PM] Kevin added Seva to this chat
[5/5/12 3:56:01 PM] Ryan : Hid the IP
[5/5/12 3:56:05 PM] Ryan : logged into game
[5/5/12 3:56:05 PM] Ryan : http://www.allgofree.org/pics/evidence/evidence_2.png
[5/5/12 3:56:07 PM] Ryan : Real IP
[5/5/12 3:56:12 PM] Ryan : IP Lookup
[5/5/12 3:56:12 PM] Ryan : http://www.allgofree.org/pics/evidence/evidence_3.png
[5/5/12 3:56:13 PM] Ryan : ding ding ding
[5/5/12 3:56:17 PM] Ryan : so thats magic right?
[5/5/12 3:56:24 PM] Aaron: Hey!
[5/5/12 3:56:29 PM] Aaron: You're smarter than I thought!
[5/5/12 3:56:36 PM] Kevin: You're dumber then I thought
[5/5/12 3:57:14 PM] Luke: Sooooooo....
[5/5/12 3:57:31 PM] Aaron: It's not like I broke anything anyway. Backups ftw xD
[5/5/12 3:57:43 PM] Aaron: You're just mad that someone got through your security.
[5/5/12 3:57:53 PM] Luke: http://t3.gstatic.com/images?q=tbn:ANd9GcRYWv309EKaK_s-Jk8VVVYquZrG5OXz3ZtpNXtnYDT41cwfh8Wgpg
[5/5/12 3:58:15 PM] Ryan : No
[5/5/12 3:58:18 PM] Ryan : I'm mad
[5/5/12 3:58:19 PM] Ryan : because
[5/5/12 3:58:20 PM] Ryan : you messed
[5/5/12 3:58:22 PM] Ryan : with my
[5/5/12 3:58:24 PM] Ryan : website
[5/5/12 3:58:25 PM] Ryan : :)
So that should wrap up the whole ordeal. Hopefully we can just leave this in the past and move on with our lives. The proper actions have been taken against both Aaron and Luke. They have both been banned, Aaron's parents were contacted to make sure they knew what he had done, and a formal investigation was started by his ISP (Telus). Understanding that Luke acted as nothing more than a "cheerleader", his account was permanently banned from WorldScape.
No passwords or user information was compromised as a result of this attack. I hope that answers some questions you might have had.
- Seva
Quote from: s3v on May 08, 2012, 08:25:57 PM
So that should wrap up the whole ordeal. Hopefully we can just leave this in the past and move on with our lives. The proper actions have been taken against both Aaron and Luke. As Kevin said, Aaron's parents were contacted to make sure they knew what their son had done, and a formal investigation was started by his ISP (Telus). Understanding that Luke is 14, and acted as nothing more than a "cheerleader", we felt that giving Luke a stern warning was as far as we needed to go with him.
No passwords or user information was compromised as a result of this attack. I hope the answers some questions you might have had.
- Seva
But I thought you guys banned Luke?
Both have been banned.
S3v, I honestly think you shouldn't post their Ips up on here.
Okay. Let me clear some things up since I'm unbiased. I read the original logs. I find it funny how you change the logs up to make AllGoFree look all cool and calm. All I know is in the logs I saw Ryansaid IM MAD CAUSE YOU HACKED MY FUCKIG SITE (yes he did all caps) and Luke is actually 17, FYI.
No I'm not on their side, I just think it's important to know the truth.
Quote from: Australiaman on May 09, 2012, 05:54:29 AM
S3v, I honestly think you shouldn't post their Ips up on here.
Why that?
Quote from: Recoil on May 09, 2012, 08:16:17 AM
Okay. Let me clear some things up since I'm unbiased. I read the original logs. I find it funny how you change the logs up to make AllGoFree look all cool and calm. All I know is in the logs I saw Ryansaid IM MAD CAUSE YOU HACKED MY FUCKIG SITE (yes he did all caps) and Luke is actually 17, FYI.
No I'm not on their side, I just think it's important to know the truth.
Seva didn't do that, I did that. Yes I was upset but there is no need to post that here.
Quote from: Wild on May 09, 2012, 11:48:04 AM
Quote from: Australiaman on May 09, 2012, 05:54:29 AM
S3v, I honestly think you shouldn't post their Ips up on here.
Why that?
And yes, why not? Their IP addresses change constantly, and it does no harm to post it. They deserve to be punished for what they did.
Waiiiittt a minute. How'd I just now figure this out?
I'm going to quote something from Kevin. It doesn't let me link the quote, the topic was locked. Here's a link to the topic: http://www.worldscapeblitz.com/blitz/smf/index.php?topic=12753.30
Quote from: KevinKryptonite, you say it's bad that we aren't giving items back. We had every intention on giving items back, but the first 3 or so people I asked what they lost told me the same thing, "Full Bandos, AGS, Sigil Dragon Boots". How are we supposed to return everyone's items when we don't know exactly what they lost. We are going to be adding a system to the logs that will tell us more about what items you guys have had in the past, rather then the present.
So, when people lost their items to the zombie bug.. We were told there is no proof of the fact that people may have had items before? If I were to post "I lost AGS, blabla etc" AGF would reply, "there's no proof, we can't return items". Okay, well apparently there is proof now because of daily backups. Why couldn't you guys have just intentionally rolled back a few accounts a few days to those that lost items? Or at least checked their data from a few days ago to see if they were telling the truth about their items? There was proof, we just didn't know it, but now we know that Ryan does daily backups. I really don't understand why you couldn't have just looked at the backups from before the zombie glitch to see about their items. Instead it was "Sorry, there's no proof, kiss your items goodbye"
And don't tell us that this is any way our fault. There was a bug in a mini-game that was the developers (or whoever) fault, and the players lose items due to it. The players ask if they can have their items back, and the developers tell them there's no way to prove that they had the items in the first place. But wait! There is.... So why lie (or maybe just "forget", which seems near impossible). Is there something I'm missing here? Or am I just crazy, is there no way to check through to backups? Because a lot of people lost items from the mini-game.
Quote from: Recoil on May 09, 2012, 03:13:13 PM
Waiiiittt a minute. How'd I just now figure this out?
I'm going to quote something from Kevin. It doesn't let me link the quote, the topic was locked. Here's a link to the topic: http://www.worldscapeblitz.com/blitz/smf/index.php?topic=12753.30
Quote from: KevinKryptonite, you say it's bad that we aren't giving items back. We had every intention on giving items back, but the first 3 or so people I asked what they lost told me the same thing, "Full Bandos, AGS, Sigil Dragon Boots". How are we supposed to return everyone's items when we don't know exactly what they lost. We are going to be adding a system to the logs that will tell us more about what items you guys have had in the past, rather then the present.
So, when people lost their items to the zombie bug.. We were told there is no proof of the fact that people may have had items before? If I were to post "I lost AGS, blabla etc" AGF would reply, "there's no proof, we can't return items". Okay, well apparently there is proof now because of daily backups. Why couldn't you guys have just intentionally rolled back a few accounts a few days to those that lost items? Or at least checked their data from a few days ago to see if they were telling the truth about their items? There was proof, we just didn't know it, but now we know that Ryan does daily backups. I really don't understand why you couldn't have just looked at the backups from before the zombie glitch to see about their items. Instead it was "Sorry, there's no proof, kiss your items goodbye"
And don't tell us that this is any way our fault. There was a bug in a mini-game that was the developers (or whoever) fault, and the players lose items due to it. The players ask if they can have their items back, and the developers tell them there's no way to prove that they had the items in the first place. But wait! There is.... So why lie (or maybe just "forget", which seems near impossible). Is there something I'm missing here? Or am I just crazy, is there no way to check through to backups? Because a lot of people lost items from the mini-game.
The daily backups are complete backups of the databases in MySQL. Its very easy to delete the current one and restore a backup, which is what we did. Its very difficult to look through these backups and find individual entries; and it is even more difficult to restore only parts of a database.
This is the same reason that RuneScape rarely rolls back; such as when Purple party hats were created, they didn't roll the game back, because it was technically challenging.