Warning About g00ns

[welder]

Here is the story about our g00ns.net run in the last few days:

Im sure most of you have heard of the server for MTA:SA Race call GamersEdge.org (Home of the -]alw[- Clan)

Well, for about six months we have been playing with a player named "StoleMyBike"

And, well, he was always in ventrilo a lot, and we talked on a regular basis.

So, we let him in the clan about 3 weeks ago.

Well, we had been getting some phone calls from the g00ns, and we started suspecting someone was listening in to us on Ventrilo.

Well, the calls stopped, and they seemed to vanish for about a week.

But three days ago, i logged into our remote desktop of our server, and someone else was logged on.

So, we puilled the logs, and found it to be the g00ns.

Next thing we know, our ventrilo goes down, and comes back with "G00ns.net Owns you"

And someone joined with the name of the last name of one of our members.

When he spoke, we realized it was indeed Stole, and he said to call him Mayo from now on. (Who is the leader of the attack squad on g00ns)

They gained access to our forums, and downloaded our logs. They then used passwords in there, to steal various email accounts and myspaces from about 4-5 of our members. And they stole my Godaddy account (Which i got back)

Im sure they would have done more, but we shut everything down to prevent that.

he then called me on the phone, and we talked for about 45 minutes.

He stated that his sole purpose for playing was to get into a clan, and screw them up.

And thats what he did.

He said that they targeted -]alw[- at the time, because we were one of the larger clans around.

All i can say, is that i must WARN you, to be very cautious of who you let into your clan, and who you trust.

NEVER download a file from another clansmen, no matter how long you have known them.

He sent me a file a while back, and it turned out to be a backdoor virus, and key logger.

So, they aren't hackers, but, rather social engineers, and exploiters.

I must admit, he was very dedicated. I mean, spending half a year just to steal some email accounts is pretty damn dedicated.

Its unfortunate that i can no longer trust anyone i know online. Because you never know who is just waiting for the right moment to mess you up.

Luckily i got our new Domain ( FearedGamers.net ) Back, and got our website going again.

It was also a good lesson on security.

So, i must repeat. CAREFUL who you play with. Because they apparantly are pretty active in MTA just waiting for an opporunity. Bike himslf still plays under several aliases, and im sure we will not be the last ones.

So, BEWARE.

[Robix]

Hmmm impressive story.But maybe your clan have done somthink bad to that guy who hacked you?

[welder]

No, we did absolutely nothing.

Their intent is to screw clans up. They hate clans.

And, also, i posted this above:

he then called me on the phone, and we talked for about 45 minutes.

He stated that his sole purpose for playing was to get into a clan, and screw them up.

[rockstarrem]

Wow that sucks, what an ass. I can imagine how you felt about all this. It would worry me from the it happened until the time after it happened (basically I'd still be worrying). This story actually tells me to be more cautious about what I do.

I feel sorry for you man, seriously. I guess now we know that we really can't trust a lot of people.

[Jani]

They are idiots, they use skiddie methods to get into stuff (I'm guessing your server had a really stupid password) and mess shit up for other people. I remember back in MTA 0.5, they ddos'd Partyserver for about a week, it was terrible.

[Vicer/Spitfire]

It's funny cause g00ns are actually a clan themselves. Silly script kiddies. I also remember back in GTA3:MTA 0.5, they ddos'd the now [KFC]vtec's Challenge Server. It went out for about a week before it got ddos'd once again forcing vtec to shut it down completely

[Blokker_1999]

- only give admin access to people you have known for a long time

- make sure your website encrypts passwords upon registration in MD5

- alert users whenever a password does not get encrypted

- make sure no one but trusted webmaster can get access to the website

- use different passwords on different sites, preferably every single account on any site/mail/service should need a different password

- don't hand out passwords from servers to people who don't need it. Don't put them on a team forum but only send them to those who really need it in a more secure way

- put a registrar lock on your domains. Makes it more difficult to hijack them. Also use a trusted firm and if possible ask them to notify you by phone when someone requests a transfer by e-mail.

[ijsf]

Here's some quick paranoid guidelines.

Remember this is the internet. Especially if you're a server administrator, you need a fair amount of paranoia.

- Always use strong passwords (at least one upper case, one number, one special character, and at least 6 characters long). This causes a hash brute-force attack to last at least a thousand years longer for even the most well-equiped home-based hacker.

- Always use multiple passwords, preferably categorized in importance levels. Important things should have very strong passwords, things you don't really care about can have easier (but still strong) passwords.

- Don't think you won't remember strong passwords. Just choose them wisely and logically. Don't use passwords you can find in any dictionary. If using words, use logical ones, but their meaning shouldn't make sense.

- If you're afraid of keyloggers, use auto-complete where you can (browsers, FTP applications, etc.). This may compromise your information on a virus infection though, if you use popular (often commercial) software.

- Never use any of your personal passwords on a shared service. This speaks for itself.

- Never use any applications that use plain text passwords. If you do use them, you shouldn't use any of your stronger passwords on them. If you do so, you may compromise your pattern of creating strong passwords (if you use similar passwords).

- Never run any executables you get by mail, instant messaging or IRC and which you didn't ask for. If your virus scanner doesn't do anything, it certainly doesn't mean it's not infected. If you're a bit more skilled: open a PE executable viewer and check the calls it's using. If it's using any socket calls while it's supposed to be an off-line application, dump it.

People you can trust are usually those:

- that own a domain with correctly supplied information, or

- you have known for several years, or

- you work with, in a project, or

- that don't use hotmail or gmail, but rather paid-for or non-free domain mailboxes, or

- that can mention at least 8 different operating systems within 15 seconds after you ask them, or

- that study on a university, or

- that participa(ted) in large (software) projects, or

- have their own portfolio's, or

- that own a company, or

- that have MSN Messenger display names without l33tspeak, english quotes or names of other people, or

- that try to avoid using MSN, and use (excessive) IRC instead

Just remember that if you don't follow most of these rules in some kind of way.. I guess you're severely compromising yourself right now.

Pseudo-wannabe-hackers, often mispronounced as "hackers" imo, should NEVER be able to get into all your stuff with the same password.

Oh, and never use those stupid "I forgot my password"-questions either.

Some things may sounds like a joke, but just think about it.

[Jigga]

If there was no "or" I would think something bad bout IJs

[Azu]

What doesn't going to a university have to do with trusting people.=P

[:Rob]

The g00ns get their kicks from people hailing them as some great bunch of fearsome E-Pirates.

Fact is, they're a bunch of assholes who think because they dick around with peoples websites / other shit, that they're some group of macho kick ass gods.

I woudln't even bother with them, personally. I think "The fags ruining your online experience" is a bit too drama'ish for me.

[Jani]

The g00ns get their kicks from people hailing them as some great bunch of fearsome E-Pirates.

Fact is, they're a bunch of assholes who think because they dick around with peoples websites / other :~, that they're some group of macho kick ass gods.

I woudln't even bother with them, personally. I think "The ruining your online experience" is a bit too drama'ish for me.

Correction, they get their kicks out of raging people (making them angry) and from your post it looks like they've succeeded.

[welder]

Exactly

Although, to us it was a security lesson. Didnt really make us too upset

[Vicer/Spitfire]

It's a good idea to warn others though.

[Guest]

wow i thought that guy was a jerk when i played him a while back

[fusion]

- only give admin access to people you have known for a long time

- make sure your website encrypts passwords upon registration in MD5

- alert users whenever a password does not get encrypted

- make sure no one but trusted webmaster can get access to the website

- use different passwords on different sites, preferably every single account on any site/mail/service should need a different password

- don't hand out passwords from servers to people who don't need it. Don't put them on a team forum but only send them to those who really need it in a more secure way

- put a registrar lock on your domains. Makes it more difficult to hijack them. Also use a trusted firm and if possible ask them to notify you by phone when someone requests a transfer by e-mail.

I Would Suggest Salted MD5

Normal MD5 Is Becoming Easier To Crack Nowdays...

[:Rob]

The g00ns get their kicks from people hailing them as some great bunch of fearsome E-Pirates.

Fact is, they're a bunch of assholes who think because they dick around with peoples websites / other :~, that they're some group of macho kick ass gods.

I woudln't even bother with them, personally. I think "The ruining your online experience" is a bit too drama'ish for me.

Correction, they get their kicks out of raging people (making them angry) and from your post it looks like they've succeeded.

Nah, you misinterpret my post. I'm not angry, I'm just in a state of shock that of all the things you could waste your existence on, they do it on being a pain in peoples asses. It's a waste of the worlds carbon and oxygen, and a sad one at that. Don't get me wrong though, I muse over how they think they're cool, not pissed at what they do.

[Aeron]

4 years active in MTA and still they don't trust me

For example this link:

http://www.keihardeporno.nl/

But yeah, pretty sad. Maybe myg0t can help (s0beit etc.).

Edited January 15, 2007 by Guest

[:Rob]

As of 1:30 AM PST, Jan. 15 2007

http://img177.imageshack.us/img177/8616/g00nsuj2.png

Added:

Don't know why the hell the scrollbar is disabled, but here's a link to the full size pic, because you can't post big pics on the forums without it being gayed up -.-

[paul527]

This could be a sticky giving useful security advise. When the new MTA:SA:DM comes out, it may become a even larger community, and admins that are new to the scene could use this advise when settings up their forums, servers, and websites.

[jhxp]

I've edited your post Rob, so it won't mess up the page. Btw, their site domain is .net , afaik

On a side note, I don't know why you guys are doing such a big deal about them (apart from the ruckus they've caused, of course), since it's exactly why they're raging, as Jani pointed out.

Best option would be to forget about them, and maybe to try making the clan's points of interest more secure (as seen that they might be not secure at all).