[23:07] Ralph: well i finally had a kid..again..everything is going rather well
[23:07] Mikey: hahaha
[23:08] Mikey: so you have 3 now?
[23:08] Ralph: no..just 2
[23:08] Mikey: you sure do ruin a lot of lives
[23:08] Mikey: were they both with the same woman?
[23:08] Ralph: i don’t think so…i am actually better than that really..cause i didn’t ruin anybody around me..
[23:08] Ralph: ya
[23:09] Mikey: okay, so you’ve ruined 3 lives and not 4
[23:09] Ralph: your quite an idiot just like the guys on wht
[23:09] Ralph: seriously
[23:09] Mikey: well, i don’t know, aren’t both of your kids in foster homes?
[23:09] Ralph: no
[23:09] Mikey: that’s what you told me last time.
[23:10] Ralph: only one is in a foster home
[23:10] Mikey: how are you supporting these people?
[23:10] Ralph: i already told you a bit back
[23:10] Mikey: refresh my memory
[23:11] Ralph: disability..
[23:11] Mikey: how is your disability supporting children?
[23:11] Ralph: the only thing we have to pay is diapers..wic takes care of the rest
[23:12] Mikey: okay, so you have the state supporting the children you created.
[23:12] Ralph: pretty much and alot of people do it
[23:13] Mikey: Did you impregnate this woman on purpose?
[23:13] Ralph: ya
[23:13] Mikey: that’s great.
[23:13] Ralph: you can say whatever you like
[23:13] Ralph: i am not a fucking nobody or whaterver like wht says
[23:14] Mikey: well you dont’ seem to have a job, and you’re living with your parents at what.. 25?
[23:14] Ralph: sorry..i live somewhere else
[23:14] Mikey: oh, where do you live?
[23:14] Ralph: not saying
[23:14] Mikey: because you’re ashamed.
[23:14] Ralph: because you’ll tattle tell
[23:15] Mikey: I didn’t really care when you scammed all of those webhosting people, but i think the way you’ve used society is suicide worthy
[23:16] Ralph: you’ll think scammed…when you know the real truth
[23:16] Mikey: i just think you’re just a sociopath who has no empathy for anyone else.
[23:17] Mikey: you’re never going to victimize me, because i’m much smarter than you.
[23:17] Ralph: ok whatever
[23:18] Ralph: i guess i must of been smart of enough to hide my shit from wht and everybody…cause nothing happened and nothing bad has happened recently in my life
[23:18] Ralph: i knew a misunderstanding was going to happen
[23:18] Ralph: i am not that stupid
[23:20] Mikey: You are that stupid.
[23:20] Ralph: please back your claim up would ya?
[23:20] Mikey: Unless you’re just lying about this to try and troll me.
[23:20] Ralph: not lying
[23:20] Mikey: then you are an idiot.
[23:21] Ralph: how is telling everybody what happened with my server being a fool?
[23:21] Mikey: and you’re an even bigger idiot for not realizing that those facts make you an idiot.
[23:21] Mikey: You’re an idiot for knocking up that woman twice with no source of income.
[23:21] Ralph: your a fucking jew
[23:21] Mikey: actually i’m an atheist, and now you’ve compounded your idiocy by being a racist.
[23:22] Ralph: lol
[23:22] Ralph: your really fucking funny
[23:22] Ralph: ass wipe
[23:22] Ralph: your blocked too
[23:22] *** “Ralph” signed off at Tue Dec 30 23:22:28 2008.

lol

i’ll write however the hell i want, about anything i want, and nothing you say or do will change it.

Sunday wasn’t a bad day. I haven’t had a good sunday in a long time, there always seems to be some stressing force surrounding my aura, but sunday I just forced myself to stop thinking about everything that’d been bothering me, and somehow it worked.

The night before, i went to bed at about 6am, and woke back up at noon. I got some maki and a smoothie for lunch, talked with the venezuelan roomie for a little while, and we discussed how his bed broke in half while he was “sleeping”. Then I went back to my room, and listened to the pavement album that I downloaded a few days earlier. This is probably my favorite album of the year, the album is 2 cds long, and just about every song is extraordinarily pleasant.

While listening to pavement I laid in bed. I was a little bit lonely, but I should be getting a little company here pretty soon.

I’ve been talking with a couple of women who have told me they are in polyamorous relationships. People of this variety often concern me, because I’m never aware of the legitimacy of their claim on the front of their significant other. I would like to believe that this is 2008, and that there are all types of relationships, and people are much more open minded than they once were. I just don’t want to be a home wrecker.

Well, one woman is coming to visit from Champaign, IL this weekend, and I’m not sure about the other. They are both beautiful, interesting people, and that’s the only reason why I’m continuing to talk with them. My standards are a little more loose when chatting with fellow single people, but I keep a small group when talking with the already ‘committed’ folks.

This year I get to work christmas eve, christmas day, new years eve, and new years day. The schedule had me coming back monday night at 9pm, and working until friday morning. Then I’m out for 4 days, come back with 2 days left in the year, and I’m also in for the first two days of the year. Man that’s not fair.

I haven’t ever spent a new years ever with another person. Last year I walked most of the night. The year before that I was alone in my parents home, same for several years before that. I never had any friends in oxford, i had maybe one friend last year, but she was out with her friends.

I’m trying to convince myself that all of this is ok. That there’s a perfectly acceptable answer for why i spend so much time alone. It’s all just fucking me mentally as the years go by.

here’s a good song you can listen to

Bye!

talk like me

[4:54:17 am] mikey:if we could kiss, do you think it would be nice?
[4:54:43 am] some woman:yeah, probably
[4:54:53 am] mikey:that’s wonderful.
[4:55:01 am] mikey:I agree completely.
[4:55:17 am] mikey:It would be magic from the heart of funk and bass.
[4:55:27 am] some woman:that’s good to know.

[15:09] Mikey: john tell me what you do
[15:09] *help John - hivelocity.net: elaborate?
[15:10] Mikey: what do you do
[15:10] *help John - hivelocity.net: what do you mean?
[15:10] Mikey: the things you do
[15:10] *help John - hivelocity.net: i talk, i work, i eat, i sleep
[15:12] Mikey: this is perplexing for me
[15:12] *help John - hivelocity.net: how so
[15:12] Mikey: i don’t understand this
[15:12] *help John - hivelocity.net: why not
[15:12] Mikey: you see
[15:13] Mikey: there are things which are hard for me to understand
[15:13] Mikey: this being among the corresponding results
[15:13] Mikey: what can one do
[15:13] Mikey: with such things
[15:14] *help John - hivelocity.net: i see
[15:14] *** You have been disconnected. Wed Nov 26 15:14:29 2008.

Walk On Yellow!

the other day, i moved the lamp from the floor to the night stand.

It looks like the truth about wht being compromised finally came out.

It’s good to see that they admitted to what happened, though there is still some denial about the possibilities of what happened.

It turns out, I was right about a majority of what happened. Wiki vulnerability exploited by somebody. Not sure if it was masteritx who was responsible for it, but I’m fairly sure he’s at least partly involved.

I’m ok with it, I guess. I don’t really wanna kick sand in the face of their mods, but it was handled in a less than honest manner, by at least one party. I don’t really believe dennis, jan, writespeak, or anyone other than mat are really knowledgeable of what happened, but I do believe that if mat gave the others the information that they were posting, than he probably handled it in a less than honest manner, possibly to save his credibility.

The main issue is, we don’t have any evidence of what happened. They say that the attacker didn’t have access to the database, but he could have easily gained the credentials by opening the forum’s config.inc.php file with the phpshell he managed to get onto the servers originally. Additionally, he could have used the same methods to install phpmyadmin, configure with the same login credentials he obtained via config.inc.php, and then browse the database that he was writing user logins to. They could have also removed the files that they put there in order to erase their tracks. If wht did log, they might have evidence of what happened, but since the hack can be dated back as early as august, they probably don’t have logs dating back that far.

But, they’re forcing users change their passwords, so that’ll help. Hopefully nobody used the same password for multiple websites, but something tells me they were.

Another problem is that, they say:

This occurred only when logging into WHT through the wiki, not through the standard vBulletin (homepage) login

Which isn’t true, as I was recieving the error when logging in via the homepage on their dev server while the original thread was happening.

But, I don’t know. I’m not overly concerned about it, at least they’re not denying it completely anymore.

yogurt - small town boy

Normally, when I see someone post a thread that includes multiple sentence terminators in it’s subject, I believe that the thread starter is exaggerating the topic at hand. However, in this thread, it would appear that the poster is completely right. Only problem is, only a quarter of the forum’s user base understands why.

You see, the block of error message shows a very serious problem taking place on wht. A php script that’s masked as a .jpg file is being invisibly accessed by a php script on the server of wht, and it’s passing along three variables any time the user logs in: 1) The user’s username, 2) The user’s password, and 3) The user’s email address. After that, there isn’t a completely clear idea of what is being done with the data, but common sense tells me that the data is being sent out in an email to someone who is collecting wht accounts for some purpose.

How did it get there? Well, this is where it gets interesting. About a month ago, I was contacted by this fag who calls himself masteritx. This boring virgin who comes to the internet via a telephone line in some third world sandbox. This guy went on to tell me that he hacked wht, and to prove it he sent me an email from a webserver of wht’s, with the headers of the email clearly showing the email as being sent via a php script on a webserver of webhostingtalk. Every few weeks, he likes to contact me telling me he’s doing something new with the hack he put down on wht. What’s fucked up about it is, when he did tell inet about the vulnerabilities, he was registered, and those fucks actually banned him when they found out about the compromise. Real nice, ban the guy who offered to help you close a security hole. But, I’m not sure how masteritx went about it. He could have tried to extort them, and that could have triggered the ban, but I’m not really sure what happened. All I know is that he told me he was trying to reach wht’s admins, and a few days later he was banned. After that, he tried to tell me that he had obtained a copy of wht’s database, and that he was going to sell it to somebody.

Back to the technical specifics of the attack, the error that was posted on the thread is as follows:

Warning: fopen(http://www.webhostingtalk.com/store/images/126928744_lg.jpg?user=calamine&pass=xxxxxx&email=xxxxxx%40gmail.com): failed to open stream: HTTP request failed! HTTP/1.1 403 Forbidden in /includes/functions.php(2651) : eval()’d code(1) : eval()’d code on line 5

When the user logged in, the php script login.php calls a file under includes/function.php, and within that file is code which uses the php fopen function to download a file at http://webhostingtalk.com/store/images/126928744_lg.jpg while passing the username, password, and email address variables back down to the page. How did the 126928744_lg.jpg file get there? Well, my bet is that when the wiki was compromised, masteritx put in a few backdoors in directories he found were chmod 777, because those are directories that the webserver would be able to write to. With those backdoors, he probably wrote a php script, disguised it as a .jpg file which sends him an email with the variables the user sends when they login.

Currently, one admin has posted, Dennis. Dennis has posted to tell my friend and associate Steven that he should be posting elsewhere, and not “insulting” wht by posting information about the hack. I find inet’s disregard for user security a lot more insulting than what steven has posted. More information is probably going to come as the days go on, but the side of intelligence and security has been gaining support, with only a few idiots stepping in to defend wht’s admins.