Massassi Forums Logo

This is the static archive of the Massassi Forums. The forums are closed indefinitely. Thanks for all the memories!

You can also download Super Old Archived Message Boards from when Massassi first started.

"View" counts are as of the day the forums were archived, and will no longer increase.

ForumsDiscussion Forum → Just a heads up about the site/forums
Just a heads up about the site/forums
2014-02-04, 7:38 PM #1
Passwords were reset, if you didn't notice. You will need to reset your password as if you forgot it, using the link provided when you attempt to login. If your email address is old, feel free to either email me at coolmatty@gmail.com or catch me on IRC, I can fix it for you.

The main website is also back online, with reduced functionality. Parts of the site that were outright never used have been completely disabled, and will likely never return (Editors Corner being a big one). Other parts, such as the rest of the files section, will be restored as I find time to investigate the issues and blatant security hazards (literally nothing was written correctly).

That said, the levels section of the site should now be FULLY functional, minus the actual level commenting system. You can read old comments, but not leave new ones.

Remember everyone: JK players may die off, but Massassi will always come back to life. :tfti:
2014-02-04, 8:00 PM #2
:suicide:
And when the moment is right, I'm gonna fly a kite.
2014-02-05, 2:01 AM #3
http://www.youtube.com/watch?v=Z12LfV6i61k
幻術
2014-02-05, 8:37 AM #4
Eh, I think the main page should be turned into a sanctuary of the best of the best MotS SP levels instead.
Star Wars: TODOA | DXN - Deus Ex: Nihilum
2014-02-05, 9:23 AM #5
The funniest part is, the guy's still at it. Trying desperately to break into a site using tools he downloaded off the internet. I guess it never occurred to him that I have multiple layers of protection now? He's still stuck at stage 1 and there's 4 different stages of protection against a repeat attack. Sorry kid, I know you're reading this, but tools you literally googled off the internet aren't going to cut it anymore.

:downswords:
2014-02-05, 10:16 AM #6
I am an optical illusion
A ghost, reflection, I'm a shell
And yet I live; the logical conclusion:
Inside my heart burn fires of hell

[https://lh3.googleusercontent.com/-sz9IQMMdNOg/UvJ-CPcsbjI/AAAAAAAANoo/G1HB5Xg64cw/w479-h691-no/Heart_of_fire_by_chymere.jpg]
幻術
2014-02-05, 11:08 AM #7
Be diligent with backups and patches, since I doubt these attacks will ever stop completely.
My favorite JKDF2 h4x:
EAH XMAS v2
MANIPULATOR GUN
EAH SMOOTH SNIPER
2014-02-05, 12:36 PM #8
Originally posted by FastGamerr:
Eh, I think the main page should be turned into a sanctuary of the best of the best MotS SP levels instead.


I second this motion.
Also, I can kill you with my brain.
2014-02-05, 3:16 PM #9
Originally posted by EAH_TRISCUIT:
Be diligent with backups and patches, since I doubt these attacks will ever stop completely.


Backups are automatic, made plenty of use of that. Patching doesn't really matter, since Massassi itself has nothing to PATCH. Nearly the entire site is static HTML now. I won't go into details on how I fixed everything here, but needless to say, even if he broke right back in he literally couldn't do anything. :P
2014-02-05, 4:35 PM #10
I would love to see this script kiddy brag to his friends about having hacked a website that (on outward appearance), hasn't updated in over a year. I mean, unless they were trying to inconvenience a person who wanted to play some old custom levels, taking down a website about a 15 year old game that hasn't really had an active modding community for five years isn't really going to inconvenience anyone.

Heck, even if they had somehow managed to get to the user list and gotten emails and passwords, many of them are so old as to be worthless on the black market, as people have gotten better at security, changed to less embarrassing usernames and even changed email addresses.
Snail racing: (500 posts per line)------@%
2014-02-05, 5:07 PM #11
Indeed, the forum database even has salted passwords, so unless he's willing to spend tons of money to crack terrible old hashes, there's no point.

Also alpha1, the code he used to break in was code that was written and untouched for over a decade. And I'm 99% sure all he did was google some basic hacking tools, because the guy clearly doesn't know what he's doing.
2014-02-05, 7:27 PM #12
A few things we know about the person doing this, just to keep in mind:

1.) He's friends with ret, and is one of the #nar people.

2.) His name is AcidRain. If that isn't enough of a bulletpoint for you, here are some extra notes about this.

--- The female protagonist in Hackers was named Acid Burn. Hackers was not known for high quality research into the 'hacker subculture'.
--- His hacker handle is so original that his domain name had to be acidshower.com.
--- His hacker handle features inclement weather, which is the infosec version of an anime fan naming himself 'goku', or a Star Wars fan naming himself 'darth'.
--- He has a hacker handle.

3.) His website features many computer security tutorials, including such gems as: how to let Canonical fix the Ubuntu install you broke, because if you were too much of a retard to check the manpages for useradd you sure aren't going to look up chroot.

4.) His website features a manifesto-style monograph about computer hacking, which proudly exclaims that XSS vulnerabilities are his favorite. Personally I prefer things like allocation-related server-side arbitrary code execution, timing attacks against cryptography, and hash collision denial of service, but I'm sure dumb baby's first javascript exploit gets him laid a lot too.

5.) His website has a dozen forums, none of which have more than 8 posts.

6.) Nobody who works in this space wants to do it when they get home. So he's not even a software guy, he's just a fan.

7.) His hacker handle domain was registered under his real name, James Patterson, and points to a server he runs from his home in Jackson, Tennessee. It looks like he's recently tried to anonymize it. So, dear Internet, if AcidRain defaces your website in the future, now you know who did it and where he lives. (He's also changed his IP address 11 times, so I'm guessing he can't afford a static IP. Whoopsies!)

8.) He is ostensibly our age, i.e. an adult.
2014-02-05, 7:31 PM #13
By the way, I've saved that post locally, so if AcidRain finds a way to wipe the server again I'll just repost it.
2014-02-05, 7:36 PM #14
Originally posted by Jon`C:
8.) He is ostensibly our age, i.e. an adult.

Correlation does not imply causation.
And when the moment is right, I'm gonna fly a kite.
2014-02-06, 2:51 PM #15
coding music

http://www.youtube.com/watch?v=hxmTCP5gST0&list=RD024Mg_Zc7FwMw&feature=share&index=1
幻術
2014-02-06, 3:05 PM #16


Quite possibly exactly what AcidRain was listening to. Although I'm going to lean towards that it was more likely to be ICP or Linkin Park.
Also, I can kill you with my brain.
2014-02-06, 3:26 PM #17
.
2014-02-06, 4:47 PM #18
Listen to the entire playlist.

But don't listen if you don't like this sort of music.

Everyone's different.
幻術
2014-02-06, 5:52 PM #19
Originally posted by Koobie:
Listen to the entire playlist.

But don't listen if you don't like this sort of music.

Everyone's different.


"Listen to this music. Or don't. Whatever."

I'm glad you gave me permission to not listen to that.
And when the moment is right, I'm gonna fly a kite.
2014-02-06, 6:20 PM #20
Originally posted by Reid:
i wonder if there's a website.. some sort of hack forums... where you can get scripts just by registering and using the search function.. hm
yes, it is called ACM or IEEE.

oh wait, you meant embarassing high school email address dot com.
2014-02-06, 6:32 PM #21
.
2014-02-06, 7:52 PM #22
Originally posted by gbk:
"Listen to this music. Or don't. Whatever."

I'm glad you gave me permission to not listen to that.


I was not talking to you.

You do not have my permission.
幻術

↑ Up to the top!