MOCpages : Share your LEGO® creations
LEGO models my own creation MOCpages toys shop MOCPages Help Forum
Welcome to the world's greatest LEGO fan community!
Explore cool creations, share your own, and have lots of fun together.  ~  It's all free!
Conversation »
City Creator´s account was hacked
Join to comment
City Creator´s account was hacked http://www.moc-pages.com/group.php/26096
Permalink
| November 8, 2017, 11:05 am
 Group admin 
Thanks, I've notified Sean so he can look into it.
Permalink
| November 9, 2017, 6:35 pm
And here is the next one:

http://www.moc-pages.com/home.php/29138
Permalink
| November 13, 2017, 2:55 pm
Deus also got hit it seems: http://www.moc-pages.com/moc.php/443180

At first I thought it was something of a prank/hoax/call for attention and need for fixing, but now I’m a bit concerned.

Well, time to create the longest password ever.
Permalink
| November 13, 2017, 2:57 pm
Quoting Dark Aeon
Deus also got hit it seems: http://www.moc-pages.com/moc.php/443180

At first I thought it was something of a prank/hoax/call for attention and need for fixing, but now I’m a bit concerned.

Well, time to create the longest password ever.

I was able to use some anti-hacking to recover Deus' account. I sent him his email and password so that he can sign in. I also changed his password so that the hacker can no longer sign in. I will see if I can recover the other two hacked accounts later today, but I'm not sure that my strategy will work.
Permalink
| November 13, 2017, 3:02 pm
Quoting Dark Aeon
Deus also got hit it seems: http://www.moc-pages.com/moc.php/443180

At first I thought it was something of a prank/hoax/call for attention and need for fixing, but now I’m a bit concerned.

Well, time to create the longest password ever.

Does the password even matter, though? It sounds like he's getting in some other way, or getting the password some how.

Permalink
| November 13, 2017, 3:12 pm
Quoting Daniel H.
Does the password even matter, though? It sounds like he's getting in some other way, or getting the password some how.

I don't think that changing your password will help with anything. They are probably just signing into people's accounts somehow and then changing their password. Luckily I was able to guess the password they used to sign into these accounts and could therefore recover them. (So far, Deus and Magma's have been fixed, next I'll try fixing City's account). This doesn't solve the problem however, because they can still hack more accounts.
Permalink
| November 13, 2017, 4:00 pm
I have seen this stuff around before on here, but to be honest, I am kind of scared. Any suggestions to prevent getting hacked? I made a really big password to help. :I
Permalink
| November 13, 2017, 4:10 pm
Quoting Angelo Filipelli
I have seen this stuff around before on here, but to be honest, I am kind of scared. Any suggestions to prevent getting hacked? I made a really big password to help. :I

I did the same but I don´t know if it can help :(
Permalink
| November 13, 2017, 4:18 pm
I just made a 93 character PW and added an alias email to my account. We'll see if this helps. Also, I'm locking my groups down for now.
Permalink
| November 13, 2017, 6:23 pm
Quoting Classical Bricks
I was able to use some anti-hacking to recover Deus' account. I sent him his email and password so that he can sign in. I also changed his password so that the hacker can no longer sign in. I will see if I can recover the other two hacked accounts later today, but I'm not sure that my strategy will work.

3 cheers for classical!

Hip hip, HORRAY!

:D

Thanks with helping the community Classical! I have to arm myself with anti-hacking capabilities as well.
Permalink
| November 13, 2017, 6:24 pm
Quoting Angelo Filipelli
I have seen this stuff around before on here, but to be honest, I am kind of scared. Any suggestions to prevent getting hacked? I made a really big password to help. :I

Make the most complicated password you can think of and create an email alias, so if they spam you you can delete it.
Permalink
| November 13, 2017, 6:26 pm
Quoting Lo var Lachland
Make the most complicated password you can think of and create an email alias, so if they spam you you can delete it.

Gotcha. I guess I will have to get used to typing one beast of a password; i'll write it down. I almost never get emails, but I will take care of the danger.

Permalink
| November 13, 2017, 8:10 pm
Quoting Angelo Filipelli
Quoting Lo var Lachland
Make the most complicated password you can think of and create an email alias, so if they spam you you can delete it.

Gotcha. I guess I will have to get used to typing one beast of a password; i'll write it down. I almost never get emails, but I will take care of the danger.
I'm just copying/pasting
Permalink
| November 13, 2017, 9:59 pm
 Group admin 
I can only assume that this is not exploiting a site vulnerability, or at least that there's more to it. If they were able to access anyone's account it would get far more attention to hack Sean Kenney's account or one of the moderators, so since they didn't do that I don't think they have full access to things.

Odds are they knew the email address of the people who were hacked and guessed at a bunch of passwords. Or worst case scenario they were able to get the email address from MOCpages somehow, but still had to guess the password.

I could be wrong though, hopefully we're able to figure out what's going on here.
Permalink
| November 14, 2017, 1:07 am
 Group admin 
Quoting LukeClarenceVan The Revanchist
I can only assume that this is not exploiting a site vulnerability, or at least that there's more to it. If they were able to access anyone's account it would get far more attention to hack Sean Kenney's account or one of the moderators, so since they didn't do that I don't think they have full access to things.


Yeah, I wondered about that, myself. I did send Sean another reminder yesterday. But, I've still not heard back from him.

By the way, I took a moment to change your status to Admin for the group. Seemed appropriate - hope you don't mind.

Permalink
| November 14, 2017, 7:23 am
 Group admin 
Quoting Mark Kelso

Yeah, I wondered about that, myself. I did send Sean another reminder yesterday. But, I've still not heard back from him.

By the way, I took a moment to change your status to Admin for the group. Seemed appropriate - hope you don't mind.


Sounds good, hopefully we'll hear from him. And thanks, I've just gone through moderating some of the comments in the group and found that MOCpages only allows for one deletion and one allowance each time you moderate comments, rather than applying your changes to every comment on the page - perhaps another change worth looking into if we're ever able to look behind the hood on the site.
Permalink
| November 15, 2017, 8:34 am
I think it's good that they're bringing attention to Potential vulnerabilities, but obviously they're doing it in the wrong way
Permalink
| November 15, 2017, 10:56 am
Their aim was to bring the site down. (Source- them).
These vulnerabilities had not been accessed in 10 years, if they wanted to help Mocoages they would inform a staff member privately of the danger and suggest ways to prevent it.

They wouldn't have hurt the innocent users of the site. Sure, bank account hackers are just showing vunrebilites.

I'm sure you wouldn't say that if your bank account was hacked.
Permalink
| November 15, 2017, 3:05 pm
This hacking is getting concerning. Look at some of the most active groups.
Permalink
| November 18, 2017, 5:08 am
The groups?

That isn't hacking, like even I know how to do that. Everyone does. Every so often (every few months, twice a year or more) a teen decides to hit the entire pages, but it's easy to fix.
Permalink
| November 18, 2017, 12:26 pm
Quoting James Douglas
The groups?

That isn't hacking, like even I know how to do that. Everyone does. Every so often (every few months, twice a year or more) a teen decides to hit the entire pages, but it's easy to fix.

By getting rid of the teens?
Permalink
| November 18, 2017, 12:44 pm
Quoting matt rowntRee
By getting rid of the teens?


No because it's a tiny minortiy of them and we need more then 5 members.

I mean whislt it is annoying we can just edit something and then problem solved (for now)
Permalink
| November 18, 2017, 12:47 pm
Quoting James Douglas
The groups?

That isn't hacking, like even I know how to do that. Everyone does. Every so often (every few months, twice a year or more) a teen decides to hit the entire pages, but it's easy to fix.

I don't know how it works.
Permalink
| November 19, 2017, 6:27 am
Quoting MCLegoboy !
I don't know how it works.


Really?
Permalink
| November 19, 2017, 11:07 am
Quoting James Douglas

Really?

I don't either.
Permalink
| November 19, 2017, 2:05 pm
Quoting Ty S.
I don't either.

Same here. And I'm not even a kid anymore. :D

I would have fixed many of my groups a lot faster, if I knew how it worked.
Permalink
| November 22, 2017, 2:42 pm
Quoting MCLegoboy !
I don't know how it works.

It's so simple that once you figure it out you wonder how others figured it out first.
Permalink
| November 22, 2017, 3:09 pm
Quoting David .
It's so simple that once you figure it out you wonder how others figured it out first.

Well I'm not the type of person that goes snooping... Okay, I'll do that occasionally, but I still have no idea how this whole hacking thing works. I live under a rock, and it's nice and comfortable underneath.

https://katiewelchmpmena.files.wordpress.com/2014/01/patrick-star-under-a-rock-party-hard.gif
Permalink
| November 22, 2017, 7:10 pm
 Group admin 
Quoting MCLegoboy !
Well I'm not the type of person that goes snooping... Okay, I'll do that occasionally, but I still have no idea how this whole hacking thing works. I live under a rock, and it's nice and comfortable underneath.

https://katiewelchmpmena.files.wordpress.com/2014/01/patrick-star-under-a-rock-party-hard.gif


The worst part is that it should be such a simple fix. In an afternoon I'm betting it could be patched, or maybe a week if there's something really wrong. Fingers crossed that Sean'll get in touch at some point and let me take a crack at it, or find someone else who can.
Permalink
| November 22, 2017, 7:43 pm
Quoting LukeClarenceVan The Revanchist

The worst part is that it should be such a simple fix. In an afternoon I'm betting it could be patched, or maybe a week if there's something really wrong. Fingers crossed that Sean'll get in touch at some point and let me take a crack at it, or find someone else who can.

No, the worst part is that there are many out there willing to fix the site for free, there are many out there willing to devote their valuable time and money, and there are many out there like yourself that are trying to make strides in that direction and all have told this to Sean. No, Lachlan, the worst part is that Sean doles out just the right amount of false hope to keep all of us jumping at the possibility and yet still does nothing. He made you and Chris mods but failed to endow either of you with any power to enact anything. You have been selected to help Mark and Phipson keep the site somewhat tidy. I would call that more janitorial than administrative. Sorry for the tone, it is most assuredly not directed towards you. But my fingers are crippled enough as they are, crossing them further won't help much and I am fairly certain that it wouldn't convince Sean to act responsibly.

But I do hope that I am someday proven wrong, I actually look forward to eating these words.
Permalink
| November 22, 2017, 11:05 pm
Other topics
« City Creator´s account was hacked Updated Wednesday
TEPBC group was hacked Updated Tuesday



LEGO models my own creation MOCpages toys shop MOCPages Help Forum


You Your home page | LEGO creations | Favorite builders
Activity Activity | Comments | Creations
Explore Explore | Recent | Groups
MOCpages is an unofficial, fan-created website. LEGO® and the brick configuration are property of The LEGO Group, which does not sponsor, own, or endorse this site.
©2002-2017 Sean Kenney Design Inc | Privacy policy | Terms of use