[Redact this title:]WARNING HACKER HERE!! "Advocate" responses exposes ID

General chit-chat

Moderators: AMod, iMod

Post Reply
Scott Mayers
Posts: 1706
Joined: Wed Jul 08, 2015 1:53 am
Location: Saskatoon, SK, Canada

[Redact this title:]WARNING HACKER HERE!! "Advocate" responses exposes ID

Post by Scott Mayers »

While I am not accusing the person labeled Advocate as the cause, I've discovered that his posts are ignoring normal protocols when submitting. It reveals the literal identity numbers that may be a step to a further problem. I've notified Admin on this but they may not be around until tomorrow. So I recommend caution in posting until the Admins look into it.

See viewtopic.php?p=470513#p470513 for an example of what it looks like. The underlying source code also shows that there is missing commands that should be automatic.

EDIT: This IS a hack. The nature of it exposing our numbers makes this GLOBALLY accessible to non-members and enables the hacker to use a bot to run a series of attempts to hack into the known account!

Correcting EDIT: Added the note of redaction. This title is no longer correct as of being informed of a normal switch on this site that allows for 'plain text'. It's unconventional use by Advocate threw me off. [I can see it being used to express markup this site uses without it being treated as a command.]
Last edited by Scott Mayers on Tue Sep 15, 2020 3:24 am, edited 1 time in total.
Scott Mayers
Posts: 1706
Joined: Wed Jul 08, 2015 1:53 am
Location: Saskatoon, SK, Canada

Re: WARNING HACKER HERE!! "Advocate" responses exposes ID

Post by Scott Mayers »

Looking at his posts thus far, I am not the only one with ID exposure. Look at his profile and where you see any ID of others, there accounts are at risk too. He's been posting for a while according to the posts and so many people here that he/she's been talking to has potential breach of security that may permit a bot to try passwords and to expose our IP addresses for further hacking.

I've contacted the Admins here but it may take a while for them to respond. Once exposed they cannot be unexposed and we may require further means to secure ourselves. Do not respond to Advocate until Admins can check this out. I don't know what else to suggest as of yet. But if you can, copy your threads or posts moving forward to back them up and be sure that you use a strong password that uses numbers, letters (cap and not) and symbols.
Atla
Posts: 2955
Joined: Fri Dec 15, 2017 8:27 am

Re: WARNING HACKER HERE!! "Advocate" responses exposes ID

Post by Atla »

Wouldn't worry too much about it, our ID numbers were always public. Just hower the mouse over my name, or open my profile.
Scott Mayers
Posts: 1706
Joined: Wed Jul 08, 2015 1:53 am
Location: Saskatoon, SK, Canada

Re: WARNING HACKER HERE!! "Advocate" responses exposes ID

Post by Scott Mayers »

Atla wrote: Fri Sep 11, 2020 8:15 am Wouldn't worry too much about it, our ID numbers were always public. Just hower the mouse over my name, or open my profile.
I cannot yet be absolutely certain but one would still require 'hovering', a task that requires Artificial Intelligence. If the information is in the post, the general public access as 'guest' permits bots to attempt passwords. The error that Advocate's posts bypass the 'submit' in posts and removes the normally hidden information that can be easier to read by bots. I noticed that his posts also do this arbitrarily for others. This cannot be a coincidental accident and should be occurring by all of us. It is possible that his computer is being hacked and he is innocent. But this is a real issue of security concerns because it bypasses the 'https' by revealing what is intended to be hidden.

I wouldn't trivialize this. It is better to be safe than sorry. And given the upcoming elections in the U.S. this can be a means to help identify and target particular people for identification.
Atla
Posts: 2955
Joined: Fri Dec 15, 2017 8:27 am

Re: WARNING HACKER HERE!! "Advocate" responses exposes ID

Post by Atla »

Scott Mayers wrote: Fri Sep 11, 2020 9:01 am
Atla wrote: Fri Sep 11, 2020 8:15 am Wouldn't worry too much about it, our ID numbers were always public. Just hower the mouse over my name, or open my profile.
I cannot yet be absolutely certain but one would still require 'hovering', a task that requires Artificial Intelligence. If the information is in the post, the general public access as 'guest' permits bots to attempt passwords. The error that Advocate's posts bypass the 'submit' in posts and removes the normally hidden information that can be easier to read by bots. I noticed that his posts also do this arbitrarily for others. This cannot be a coincidental accident and should be occurring by all of us. It is possible that his computer is being hacked and he is innocent. But this is a real issue of security concerns because it bypasses the 'https' by revealing what is intended to be hidden.

I wouldn't trivialize this. It is better to be safe than sorry. And given the upcoming elections in the U.S. this can be a means to help identify and target particular people for identification.
I don't know what the hell Advocate is doing and yeah it's not normal. But it's not about hovering itself, I looked at the source code of this page, and your ID appears 9 times in it. Any bot can extract that. That's just the number of your nickname, it says nothing about the password.

Anyway, a lot of the stuff you did on the internet during the last 10-20 years probably got logged and added to huge databases. Also, where you went, what you said on the phone, what sms messages you sent etc. I'd say they can identify you pretty much any time they want. (That's why I never type down my actual solution to philosophy hehe, it could put me at danger in the extremely unlikely event that some others would actually understand it and take it seriously.)
Scott Mayers
Posts: 1706
Joined: Wed Jul 08, 2015 1:53 am
Location: Saskatoon, SK, Canada

Re: WARNING HACKER HERE!! "Advocate" responses exposes ID

Post by Scott Mayers »

Atla wrote: Fri Sep 11, 2020 9:25 am
Scott Mayers wrote: Fri Sep 11, 2020 9:01 am
Atla wrote: Fri Sep 11, 2020 8:15 am Wouldn't worry too much about it, our ID numbers were always public. Just hower the mouse over my name, or open my profile.
I cannot yet be absolutely certain but one would still require 'hovering', a task that requires Artificial Intelligence. If the information is in the post, the general public access as 'guest' permits bots to attempt passwords. The error that Advocate's posts bypass the 'submit' in posts and removes the normally hidden information that can be easier to read by bots. I noticed that his posts also do this arbitrarily for others. This cannot be a coincidental accident and should be occurring by all of us. It is possible that his computer is being hacked and he is innocent. But this is a real issue of security concerns because it bypasses the 'https' by revealing what is intended to be hidden.

I wouldn't trivialize this. It is better to be safe than sorry. And given the upcoming elections in the U.S. this can be a means to help identify and target particular people for identification.
I don't know what the hell Advocate is doing and yeah it's not normal. But it's not about hovering itself, I looked at the source code of this page, and your ID appears 9 times in it. Any bot can extract that. That's just the number of your nickname, it says nothing about the password.

Anyway, a lot of the stuff you did on the internet during the last 10-20 years probably got logged and added to huge databases. Also, where you went, what you said on the phone, what sms messages you sent etc. I'd say they can identify you pretty much any time they want. (That's why I never type down my actual solution to philosophy hehe, it could put me at danger in the extremely unlikely event that some others would actually understand it and take it seriously.)
Thanks for the positive take on it. If I'm coming off too paranoid, this would be better than let the concern be trivialized because this is precisely what makes it hard to curb hacking. [I don't have much of a threat to be concerned about but am willing to be the one to point out that the 'Emperor-is-naked where others would stay silent.]
commonsense
Posts: 2560
Joined: Sun Mar 26, 2017 6:38 pm

Re: WARNING HACKER HERE!! "Advocate" responses exposes ID

Post by commonsense »

Atla wrote: Fri Sep 11, 2020 9:25 am
(That's why I never type down my actual solution to philosophy hehe, it could put me at danger in the extremely unlikely event that some others would actually understand it and take it seriously.)
:lol:
Atla
Posts: 2955
Joined: Fri Dec 15, 2017 8:27 am

Re: WARNING HACKER HERE!! "Advocate" responses exposes ID

Post by Atla »

commonsense wrote: Sat Sep 12, 2020 11:46 pm
Atla wrote: Fri Sep 11, 2020 9:25 am
(That's why I never type down my actual solution to philosophy hehe, it could put me at danger in the extremely unlikely event that some others would actually understand it and take it seriously.)
:lol:
What if it involves your death for example. I guess it's also more humane if people don't know what's probably coming.
User avatar
vegetariantaxidermy
Posts: 9144
Joined: Thu Aug 09, 2012 6:45 am
Location: Narniabiznus

Re: WARNING HACKER HERE!! "Advocate" responses exposes ID

Post by vegetariantaxidermy »

It's all very strange. His response has disappeared from this thread when that shouldn't even be possible (because it was in the middle of the thread) and he's the only member whose posts appear in the way that they do. He's also been digging up ancient threads, and his writing is incomprehensible==as if he's using google translate. Last night his account disappeared and now it's back again. Hmmm...
commonsense
Posts: 2560
Joined: Sun Mar 26, 2017 6:38 pm

Re: WARNING HACKER HERE!! "Advocate" responses exposes ID

Post by commonsense »

Maybe he’s a spy from another forum.
Scott Mayers
Posts: 1706
Joined: Wed Jul 08, 2015 1:53 am
Location: Saskatoon, SK, Canada

Re: WARNING HACKER HERE!! "Advocate" responses exposes ID

Post by Scott Mayers »

vegetariantaxidermy wrote: Mon Sep 14, 2020 7:31 pm It's all very strange. His response has disappeared from this thread when that shouldn't even be possible (because it was in the middle of the thread) and he's the only member whose posts appear in the way that they do. He's also been digging up ancient threads, and his writing is incomprehensible==as if he's using google translate. Last night his account disappeared and now it's back again. Hmmm...
At least I'm not alone in recognizing a potential concern. I actually got an email indicating he responded here as you say but see that it is not here. I too thought that posts were prevented from deletion except by the OP or administration. We can alter the underlying markup code for our specific instance to block out things like blockups sometimes. But this only alters its appearance for your own browser at the time you do it, not change things that affect the code and certainly not the phpBB code that is encrypted to the owner of this site.
FlashDangerpants
Posts: 2465
Joined: Mon Jan 04, 2016 11:54 pm

Re: WARNING HACKER HERE!! "Advocate" responses exposes ID

Post by FlashDangerpants »

[quote="Scott Mayers" post_id=471268 time=1600128401 user_id=11118]
[quote=vegetariantaxidermy post_id=471214 time=1600108264 user_id=8006]
It's all very strange. His response has disappeared from this thread when that shouldn't even be possible (because it was in the middle of the thread) and he's the only member whose posts appear in the way that they do. He's also been digging up ancient threads, and his writing is incomprehensible==as if he's using google translate. Last night his account disappeared and now it's back again. Hmmm...
[/quote]

At least I'm not alone in recognizing a potential concern. I actually got an email indicating he responded here as you say but see that it is not here. I too thought that posts were prevented from deletion except by the OP or administration. We can alter the underlying markup code for our specific instance to block out things like blockups sometimes. But this only alters its appearance for your own browser at the time you do it, not change things that affect the code and certainly not the phpBB code that is encrypted to the owner of this site.
[/quote]

I think you should stop guessing how computers work Scott. All you have to do to acheive this worthless effect is go to your user profile, hit board preferences > posting defaults, and tell it to stop automatically parsing BBCode.

It's not hacking if they give you a radio button to do it. And it's not interfering with your computer or anyone elses. If you need to know the details, use Chrome browser, hit f12, and in the elements tab start opening up the tags you see. This post here has a quote up there which you will see written out in plain text, BB tags and all.

Now if you look at one where somebody else has done a quote, and so the same, those bits that say [quote...] will have been removed, and replaced with an object living between <blockquote> tags. It's only there to be pretty, because without that feature this post is ugly and hard to read.

I will be removing the feature now I have deomnstrated it. Advocate will not, because he has a severe personality disorder and constantly needs to feel special, which is why he does all that insane ranting and boasting.
FlashDangerpants
Posts: 2465
Joined: Mon Jan 04, 2016 11:54 pm

Re: WARNING HACKER HERE!! "Advocate" responses exposes ID

Post by FlashDangerpants »

FlashDangerpants wrote: Tue Sep 15, 2020 2:21 am
Scott Mayers wrote: Tue Sep 15, 2020 1:06 am
vegetariantaxidermy wrote: Mon Sep 14, 2020 7:31 pm It's all very strange. His response has disappeared from this thread when that shouldn't even be possible (because it was in the middle of the thread) and he's the only member whose posts appear in the way that they do. He's also been digging up ancient threads, and his writing is incomprehensible==as if he's using google translate. Last night his account disappeared and now it's back again. Hmmm...
At least I'm not alone in recognizing a potential concern. I actually got an email indicating he responded here as you say but see that it is not here. I too thought that posts were prevented from deletion except by the OP or administration. We can alter the underlying markup code for our specific instance to block out things like blockups sometimes. But this only alters its appearance for your own browser at the time you do it, not change things that affect the code and certainly not the phpBB code that is encrypted to the owner of this site.
I think you should stop guessing how computers work Scott. All you have to do to acheive this worthless effect is go to your user profile, hit board preferences > posting defaults, and tell it to stop automatically parsing BBCode.

It's not hacking if they give you a radio button to do it. And it's not interfering with your computer or anyone elses. If you need to know the details, use Chrome browser, hit f12, and in the elements tab start opening up the tags you see. This post here has a quote up there which you will see written out in plain text, BB tags and all.

Now if you look at one where somebody else has done a quote, and so the same, those bits that say [quote...] will have been removed, and replaced with an object living between <blockquote> tags. It's only there to be pretty, because without that feature this post is ugly and hard to read.

I will be removing the feature now I have deomnstrated it. Advocate will not, because he has a severe personality disorder and constantly needs to feel special, which is why he does all that insane ranting and boasting.
And there you see, within one minute I had told my user profile to enable BB code by default, and we are back to normal with nothing to be afraid of.
Scott Mayers
Posts: 1706
Joined: Wed Jul 08, 2015 1:53 am
Location: Saskatoon, SK, Canada

Re: WARNING HACKER HERE!! "Advocate" responses exposes ID

Post by Scott Mayers »

FlashDangerpants wrote: Tue Sep 15, 2020 2:21 am
Scott Mayers wrote: Tue Sep 15, 2020 1:06 am
vegetariantaxidermy wrote: Mon Sep 14, 2020 7:31 pm It's all very strange. His response has disappeared from this thread when that shouldn't even be possible (because it was in the middle of the thread) and he's the only member whose posts appear in the way that they do. He's also been digging up ancient threads, and his writing is incomprehensible==as if he's using google translate. Last night his account disappeared and now it's back again. Hmmm...
At least I'm not alone in recognizing a potential concern. I actually got an email indicating he responded here as you say but see that it is not here. I too thought that posts were prevented from deletion except by the OP or administration. We can alter the underlying markup code for our specific instance to block out things like blockups sometimes. But this only alters its appearance for your own browser at the time you do it, not change things that affect the code and certainly not the phpBB code that is encrypted to the owner of this site.
I think you should stop guessing how computers work Scott. All you have to do to acheive this worthless effect is go to your user profile, hit board preferences > posting defaults, and tell it to stop automatically parsing BBCode.

It's not hacking if they give you a radio button to do it. And it's not interfering with your computer or anyone elses. If you need to know the details, use Chrome browser, hit f12, and in the elements tab start opening up the tags you see. This post here has a quote up there which you will see written out in plain text, BB tags and all.

Now if you look at one where somebody else has done a quote, and so the same, those bits that say [quote...] will have been removed, and replaced with an object living between <blockquote> tags. It's only there to be pretty, because without that feature this post is ugly and hard to read.

I will be removing the feature now I have deomnstrated it. Advocate will not, because he has a severe personality disorder and constantly needs to feel special, which is why he does all that insane ranting and boasting.
Thank you. I am qualified for computer logic but not as familiar with the markup languages beyond their general logic. I assumed phpBB blocked such options in post windows and especially given this site turns off most of the options, I did not expect this here. Normally, since certain characters are part of the language, some 'escape character' can be used. So when I didn't see these in his posts, I was rightfully suspect. I don't have anything against Advocate's content and so cannot comment on his personality.
Scott Mayers
Posts: 1706
Joined: Wed Jul 08, 2015 1:53 am
Location: Saskatoon, SK, Canada

Re: [Redact this title:]WARNING HACKER HERE!! "Advocate" responses exposes ID

Post by Scott Mayers »

I was incorrect of Advocate's use here. Although I did express to him that this was possibly done TO him without assuming he was at fault, it still might incorrectly mislead others into assuming HE was hacking. So the redaction is to close this issue but still maintain the history of the thread.

I see that the switch could be used to express code better than the 'code' option above and can actually be helpful where used in good context. His use threw me off.

[Close of thread]
Post Reply