For those of you posting on this board, I am reporting to you as I have reported to the webmaster that someone has the capability of hacking into your posts and pretending to be you.
I find this offensive and probably illegal. Although I had hesitated to do this, I am no longer going to post and the hooligans can have their way. This is too damned weird for me. Have fun and make sure you all agree with the majority opinions here.
Peace, Mercy and Compassion for a final time.
Well, how about that. His email to me omitted any reference to which post he’s referring to (and he didn’t even tell me who he was, talking about piper7 in the third person.)
So yeah, weird indeed, but maybe not for the same reasons: all of piper7’s posts have come from the same computer, which is also the computer he sent me mail from. Go figure.
Of course, if anyone has evidence that there’s a problem with the board, please let me know, but there’s nothing to suggest that this is anything but FUD</a](http://jamesthornton.com/jargon/html/entry/FUD.html">FUD</a)>.
- -Rich
[Woops, fixing a URL.. -rich]
[ This Message was edited by: rich on 2003-02-20 21:26 ]
Good thing you posted that dictionary link, Rich. For a moment there I was considering what FUD might stand for and I came up with F***ed Up Dude.
This fellow’s behaviour doomed
him on the board, and it’s
unrealistic to expect people
not to respond with
hostility to weird and
provocative messages.
Still, I wish we had been
nicer to this guy. Next time
somebody wants to rear
back and let someone have it,
(e.g. ‘crawl back under your
rock’) well, there may be better
options. Some people are
provocative because they
want to get kicked; as
long as we kicked him, he
couldn’t stop his weird
behaviour. But he
did respond positively to
kindness.
Oh well, a fish too far out
to reel in. Best
Hi everybody,
This issue is interesting to me because I am considering starting some message boards for some Web design clients of mine. Anyway, I guess I should preface all this by saying that I’m not defending anyone nor am I lobbying for their return.
But I did take this issue to the YaBB and the phpBB message forums to see if what Piper7 claimed could actually be accomplished. I also did a fair amount of research in their message board archives.
As it turns out, hacking into certain message boards is not all that hard to do. As a matter of fact, message boards are where a lot of novice hackers cut their teeth. For experienced hackers, it’s not time consuming at all. It’s easier because many Webmasters use standard configurations that place sensitive files and folders in predictable locations. While each message board host is a little different, most offer some flexibility to keep files in protected and/or harder to locate areas.
But the kicker is figuring out if someone can post a new message with the authorized user’s static IP address.
It’s possible…but a bit involved. Go to Google and do a search for mass or bulk email software. You’ll quickly discover that with $50-$200 in software, you can send emails (millions of them, actually) from pretty much any email address or IP address that you want. Similar tools could be used on a message board. Still, seems like a lot of work.
BUT that all changes if you’re working with an existing message. If I have hacked into message board, then I can log in using that person’s USER ID and PASSWORD, click ‘edit’ on an existing post, and modify that listing without changing the IP Address log (which usually only logs original posts, not edits).
If you look at the post piper7 claims to have been hacked:
http://chiffboard.mati.ca/viewtopic.php?mode=viewtopic&topic=9918&forum=2&start=60
You will see that the message was edited after the original post. Does that prove the board was hacked? Certainly not. But it does prove that it is possible without modifying the IP Address log.
The only other shred of evidence in favor of piper7’s claim is of the variety he wouldn’t like. Many, if not all, of his posts were abrasive, nasty, and trollish…but they were also consistent. The allegedly hacked post is the only one that doesn’t fit his particular style. Oh, and if you look at any of piper7’s posts, he never signed off on any of them. That one offending post is the only one where he signs off as “Sincerely, Piper7” etc.
Still, whenever I pointed anyone to the thread, they all seemed to agree that piper7 was a bit of a @#$%, and that personal theatrics wasn’t out of the question either.
Just my .02 cents.
Take care,
John
On 2003-02-25 16:29, rhodeirish wrote:
…
But the kicker is figuring out if someone can post a new message with the authorized user’s static IP address.It’s possible…but a bit involved. Go to Google and do a search for mass or bulk email software. You’ll quickly discover that with $50-$200 in software, you can send emails (millions of them, actually) from pretty much any email address or IP address that you want. Similar tools could be used on a message board. Still, seems like a lot of work.
This is not actually true. You cannot actually forge the IP address for any TCP (as opposed to UDP) protocol transmission. HTTP (web) and SMTP (mail) are both TCP protocols. The spam software will insert bogus ‘received’ headers into the mail, but any sysadmin with the slightest experience can readily tell which IP was the actual originator. A lot of folks get hung up on forged headers, but the truth is that they’re not that big a deal.
In the case of web logs, the only way you could create an entry with my IP address would be to compromise my machine, or a machine on my local network. Otherwise, your transmission would fail, since TCP requires a full two-way handshake to complete. The server’s ACK (acknowledgement) would go to my machine, which would be ignored, since my machine would know nothing about it.
It’s a bit more complicated than that, but in short, the only way to forge the IP address would be to compromise the client, or hack the server and hand-edit the log file.
Not to give credence to Piper7’s odd claim, but just prior to this, there were several odd posts in his name simply reading “test”. I wondered at the time what that was all about; it’s certainly possible it was someone breaking in, just to see if they could do it in his name.
On the other hand, his posts were so consistently argumentative, disruptive, accusatory and erratic from the beginning, it was hard to tell which posts we were supposed to think were NOT his. Further, someone went through a lot of trouble to do it, even if it can, in fact be done. Any one else ever see a post in their name that they did not write?
I’ve written a few I wish I hadn’t, but that’s not really the same thing… 
Hi msheldon,
Regarding the creation of new posts with a forged IP address, your points are valid and I’ll bow out of any debate there.
In terms of a hacker using the ‘edit’ feature to modify an existing message without changing the IP address log, it’s a possibility.
I’m not saying it happened for certain, but message boards get hacked, sometimes easily. And in this instance, it might be the case even though most of us would probably agree that it couldn’t have happened to a nicer guy.
It is perhaps something the Webmaster(s) should look into.
John
One more thought…how about the Dave Spillian posts?
Re: “sniper7” and all that went with it: we may be witnessing his reincarnation; check the nick, and the post: suspiciously consistent somehow. Although obfuscation has been his way, certain clues are there, and none too subtle if my eyes are working right. I don’t want to be mysterious and stir up a witch-hunt, however. I am sure that there are plenty of C&Fers who are aware of this one, and I’ll be keeping an eye open just to see if I called it correctly. C&F is one of the good things in my day, and I for one don’t want to see it ruined. Self-regulation might best include simply ignoring any trollery; response usually affords trolls traction for more of the same. This should be evident by now. Certainly we can involve Rich or Dave if things get out of hand, but meanwhile, if poison is offered, we are not obligated to eat it. Well, that’s easier said than done sometimes, eh? rantrantrant
N, just my $.02
What I found odd was that piper7 let the claimed hacked post stand and did not edit or delete it. I’m not jumping to conclusions, rather strolling towards them.
On the other hand, a good beating is most effective when the high road isn’t working. 
N, finished now
On 2003-02-26 15:11, Nanohedron wrote:
Re: “sniper7” and all that went with it: we may be witnessing his reincarnation; check the nick, and the post: suspiciously consistent somehow.
Hrm, I’m not sure I like public speculation about these things. piper7 appears to have decided to let the matter rest (I think). I don’t believe any of the new users today came from piper7, although I’m suspicious about some of them for other reasons.
But if you notice behavior that you find suspicious, please drop me a line – I’ve got a lot more tools to investigate than you do, but I don’t necessarily notice the problem without being prompted.
Thanks,
- -Rich
Sorry if I’m being a firebrand, Rich. I’ll let it rest, too.
N, done
The DavySpillane posts were me.
Chris
Aachh, wee Laughlin’s been 'acked he 'as!!!