Heya everyone!! there is a hacker on IRC trying to break a pass or so electrofreak thinks. yea.... duffman he is operating thru ur computer. yea.... =(

So who is it. Im stil lost. lol

are you refering to a bot of his?

we think its a hackers bot running off of Duffmans machine thru a trojan tryng to break a password.. mainly hamma's

* Eine|BFV huggles his friend, Electrofreak
<Electrofreak|EVE> aital, before playtests yeah
*** O33296288 ([email protected]) has joined channel #ps-universe
<Electrofreak|EVE> there was 500 ppl in there last time
<Cyberkiller> http://www.planetside-universe.com/forums/showthread.php?t=24670
*** Signoff: O33296288 (Quit: Bye!)
<Electrofreak|EVE> and when servers go down
* Eine|BFV huggles his friend, Electrofreak, again
<Electrofreak|EVE> thanks eine
<Eine|BFV> np :)
<Cyberkiller> i need a huggle =(
<Electrofreak|EVE> U R 4 TR00 FR13n|)
*** O91852013 ([email protected]) has joined channel #ps-universe
<Cyberkiller> Hello, do you mind telling us WTF you are doing trying to hack this little ol' irc server??? we have your information and well yea. piss of ya bloody wanker.
*** Signoff: O91852013 (Quit: O91852013)
<Electrofreak|EVE> lol
<Electrofreak|EVE> i was gonna write a script
<Electrofreak|EVE> then i realized it would be too spamtastic
<Cyberkiller> its nto a script
<Cyberkiller> lol
<Electrofreak|EVE> ah
<Electrofreak|EVE> well i saved logs of all the shit
<Cyberkiller> i dotn have the slightest idea how to write scripts
<Cyberkiller> how do i save a log?
<Aital> read the help it explains teh commands
<Aital> 8)
<Eine|BFV> magic for teh win
*** O36696366 ([email protected]) has joined channel #ps-universe
*** Signoff: O36696366 (Quit: O36696366)
<Electrofreak|EVE> you save everything in your buffer by right clickin channel name, and clickin save as
*** Signoff: CDL-Incompetent (Connection reset by peer)
<Eine|BFV> | /\/ |) 33 |)
<Electrofreak|EVE> and it saves everything in your channel
*** O15765210 ([email protected]) has joined channel #ps-universe
*** Signoff: O15765210 (Quit: O15765210)
<Electrofreak|EVE> im getting sick of you
<Electrofreak|EVE> ah damn missed :p
<Cyberkiller> ok
<Aital> saves everything as in teh conversation?
<Cyberkiller> r33t
<Cyberkiller> got it
<Electrofreak|EVE> it saves everything in the IRC chat
<Electrofreak|EVE> as far as you can scroll uo
<Aital> its a log?
<Electrofreak|EVE> at a certain point it stops recording chat
<Electrofreak|EVE> yeah it logs it
<Aital> yea i know
<Electrofreak|EVE> you want to log if its going to be longer than that
*** O95979322 ([email protected]) has joined channel #ps-universe
*** Signoff: O95979322 (Quit: O95979322)
<Cyberkiller> gawd im gettin heavy traffic on the ZA
*** O50962407 ([email protected]) has joined channel #ps-universe
<Cyberkiller> Hello, do you mind telling us WTF you are doing trying to hack this little ol' irc server??? we have your information and well yea. piss of ya bloody wanker.
*** Signoff: O50962407 (Quit: O50962407)
<Cyberkiller> what i dotn get is
<Cyberkiller> he is giving away what he is doing
<Aital> maybe he doesnt know what he doing
*** O23913212 ([email protected]) has joined channel #ps-universe
*** Signoff: O23913212 (Quit: O23913212)
*** CDL-Incompetent ([email protected]) has joined channel #ps-universe
<Aital> its not a new spider is it?
<Cyberkiller> a new wha?
<Aital> thing keeping track of rooms
<Aital> nm
<Cyberkiller> oh
<Cyberkiller> no
<Cyberkiller> its too fast for a spider
*** O47455502 ([email protected]) has joined channel #ps-universe
<Aital> maybe its hamma playing peakaboo
*** Signoff: O47455502 (Quit: O47455502)
<Cyberkiller> know what woul dbe funny? if this all had somethign to do with www.ilovebees.com
<Aital> on crack
<Cyberkiller> In 2 days this medium will metastasize.
*** O41059133 ([email protected]) has joined channel #ps-universe
<Cyberkiller> phase 2 in 2 days
*** Signoff: O41059133 (Quit: O41059133)
<Cyberkiller> Electro where r u?
<Aital> what the fuck is that cyber?
<Cyberkiller> in the new halo 2 trailer at the end www.xboxcom changes to www.ilvoebees.com for a second and ges back
*** O75863769 ([email protected]) has joined channel #ps-universe
*** Signoff: O75863769 (Quit: O75863769)
<Cyberkiller> everyone is thinking its leading up to an early release of halo 2
<Cyberkiller> but noone knoes
<Cyberkiller> knows*
<Aital> i still have my free thingy from my vid card 8)
<Cyberkiller> phase 2 is in 2 days
<Cyberkiller> for?



See him joining/quitting? thats it.

:lol:

anyone got a hack to force someone to stay in an irc?

Basically heres what happened. A random number nick started joining and leaving every several seconds on IRC. I pulled up an Info on him one time when he came in and saw that he was joining a channel #duff along with #ps-universe every time he joined. So I went into #duff and waited for him. Sure enough, he popped in and this happened:

"* Now talking in #duff
* O32348345 has joined #duff
<O32348345> Optix_Pro_v1.32_Server_Online:_{Ip_address:_[192-168-0-100]}{Computer_Name:_MATT}{Current_User_Name:_Matty}{I dentification_name:_Joe_Bloggs_Returns}{Installed_ Trojan_Port:_3410}{Installed_Trojan_Password:_NONE }{Windows_Version:_Windows_XP_5.1_2600_Service_Pac k_1}{Webcam:_No}
<Electrofreak|EVE> hello
* O32348345 has quit IRC (Quit: Bye!)
* O88796770 has joined #duff
<O88796770> Optix_Pro_v1.32_Server_Online:_{Ip_address:_[192-168-0-100]}{Computer_Name:_MATT}{Current_User_Name:_Matty}{I dentification_name:_Joe_Bloggs_Returns}{Installed_ Trojan_Port:_3410}{Installed_Trojan_Password:_NONE }{Windows_Version:_Windows_XP_5.1_2600_Service_Pac k_1}{Webcam:_No}
* O88796770 has quit IRC (Quit: O88796770)
* O70343840 has joined #duff
<O70343840> Optix_Pro_v1.32_Server_Online:_{Ip_address:_[192-168-0-100]}{Computer_Name:_MATT}{Current_User_Name:_Matty}{I dentification_name:_Joe_Bloggs_Returns}{Installed_ Trojan_Port:_3410}{Installed_Trojan_Password:_NONE }{Windows_Version:_Windows_XP_5.1_2600_Service_Pac k_1}{Webcam:_No}
* O70343840 has quit IRC (Quit: O70343840)
* ChanServ sets mode: +ntr
* O56298705 has joined #duff
<O56298705> Optix_Pro_v1.32_Server_Online:_{Ip_address:_[192-168-0-100]}{Computer_Name:_MATT}{Current_User_Name:_Matty}{I dentification_name:_Joe_Bloggs_Returns}{Installed_ Trojan_Port:_3410}{Installed_Trojan_Password:_NONE }{Windows_Version:_Windows_XP_5.1_2600_Service_Pac k_1}{Webcam:_No}
* Electrofreak|EVE sets mode: +b *!*@psu-1056B821.client.comcast.net
* O56298705 has quit IRC (Quit: O56298705)"

As you can see, I'd registered the server and banned him. He no longer can join #duff.

However, he continues to join and leave, and no ops are around. We think that he may have created a private channel, so we are unable to see where he is to stop him.

After a bit of checking people's info, I noticed that DUffman had the EXACT same address as the person joining. So we now know whoevers doing it is going through duffman at least. I wouldn't be quick to accuse Duff, its quite likely that someone put a trojan on his comp and is working through it to avoid detection. Also, if we ban duff, he can just infect someone else and continue.

Lastly, as we talked about this in IRC, CyberKiller reported that his Norton had just intercepted a virus, but was unable to access it. After running an online virus scan a trojan virus was detected and quarentined on his computer. Whether it was the one that just dropped onto his comp, we dont know. He then put up his zone alarm and started getting heavy traffic on it, so someone might have been trying to infect him.

Also, the regularity of the joining and leaving and random nick each time seems to me that this is a bot that attempts to crack passwords. As far as I know, IRC limits the number of times you can enter a password, so that would explain why he is quitting and rejoining with a new nick every few seconds.

Anyhow NONE of the ops are awake and whoever it is is probably working through duffman, so I guess the only thing right now is to ban duff and put a quick stop to this until things can get worked out. Since CK was hit, everyone kinda have your firewalls up and crap while ur in IRC, could an mIRC exploit of some kind or something.

edit- Lartnev just came in and banned *!*@psu-1056B821.client.comcast.net (duffman's address) so hopefully this nick joining will stop. I'm just worried that if it IS a hacker, its going to just find someone else to work through.

The hackers you really need to worry about are the ones you don't see. This guy is obviously novice.

omgomg they are stealing our megahurtz :rolleyes:

The hackers you really need to worry about are the ones you don't see. This guy is obviously novice.
yep if he had been smart he woulda used a hidden channel in the first place.
Not to mention, hes incredibly lucky he managed to join/leave that long without getting a ban. We need more late-night ops
:doh:

I think we should give him hammas password just for trying! 8p

...or not

I think so! Hammas password is__________ <---- enter password here next post!

OH NOES!

incoming bit packets
batton down the bandwidth
STOL0RZ OUR M3G4HURTZ OFF THE PORT BOW!!!!!!

Ban-aital

since it's a trojan, chances are that it's an automated thing, not someone actively working on it; if it were a person, he'd switch to a new channel after being banned from duff

anyone got a hack to force someone to stay in an irc?

Now I knew you were stupid, but that's just... :doh:

Fixed :D

It's not a hacker, its some form of Drone that Duff must have installed.

wtfhax.
all our b0x0rz r b3l0ng 2 h4x

It's not a hacker, its some form of Drone that Duff must have installed.

IT IS A HACKER HAMMA HE IS TRYING TO CRACK OUR CHANNEL PASSWORD OMG OMG!!!

:lol: :lol: :lol: :lol:

we're all doomed...DOOOOOOMED

Now now... perfectly symetrical violence won't solve anything.

It's not a hacker, its some form of Drone that Duff must have installed.
Drone? Wuzzat?

Something bad, let's just say you don't want one on your computer :)

we are DOOMED! oh no! DOOOOOOOMED

lol Duff is CDL.

Off topic:
<Cyberkiller> everyone is thinking its leading up to an early release of halo 2
<Cyberkiller> but noone knoes
It's to do with a demo of Halo2 on a PCGaming magazine, isn't it?

http://www.computerproblems.com/kenscolumns/column.cfm?id=10255

LOL, it aint duff hacking, this all could be solved with a virus scan.

I bet you 10/1 Duff was on some warez/porn IRC server, someone /msg'd him "cheqe out diz awesome pics of birtneh spizzeras nakeeid! www.omglinktonekkid.com"
and he Dled some trojan

I bet you 10/1 Duff was on some warez/porn IRC server, someone /msg'd him "cheqe out diz awesome pics of birtneh spizzeras nakeeid! www.omglinktonekkid.com"
and he Dled some trojan

:nod: QFT

Hamma, do you know exactly what that drone of duffman's was trying to do? I'm interested. Judging by the output text in #duff with the "{Installed_ Trojan_Port:_3410}{Installed_Trojan_Password:_NONE }" I assumed the bot was running off of a trojan like Sub7. In any case, is DUffman banned, or what happened? I spent a good several hours last night workin on this and I'll admit im curious about the details...

I assume he's been banned until he cleans off the trojan.

Aren't those supposed to be onetime use?

Not these ones..... if only eh? :)

(and yeah, I know what you're refering to :P~ )

Now just to find out if it was a "Shared Sensation" or "Her Pleasure" trojan :lol:
(sorry DUffman, but we're pretty sure it isnt a "Magnum" :p j/k man lol)

Edit- Looking the #duff info over once again, I realized that he was running the Optix Pro 1.32 Remote Access Trojan (says it right there in the text, dunno why I never noticed it!). Very similar to Sub7 (actually, it looks like it is just a modified version of Sub7), it has a bot for use against IRC servers.
Info: http://www.megasecurity.org/trojans/o/optix/Optixpro1.32.html

http://pestpatrol.com/PestInfo/Images/Optixpro1.32.gif


Most likely someone infected DUffman via an Optix Pro trojan binded to a .exe file that he downloaded off of KaZaA or any other peer-to-peer client or a private website. They then ran a bot through him on the IRC channel.

Duff is CDL... why would he hack hamma's IRC?

Actually, on Sub7 (and I'm assuming Optix Pro) you can run a bot that simply is a means to allow the trojan's server to contact you with the IP of a person when his computer is infected. Could be that this bot malfunctioned, and was just joining and leaving constantly.

It works like this. You set up the server to contact a specific IRC channel with the IP address of the person you've infected. Then, when your trojan's server sucessfully nests itself onto the victim's computer, it connects via IRC to the bot and provides the IP. The hacker can now control the victim's computer.

Either A) DUffman was doing this and running the bot on irc.planetside-universe.com so that he could collect IP addresses (doing no damage to the server of course, just using it as a means for the Trogan's server to contact him)

or B) Someone else had infected DUffman with the trojan, then uploaded the bot to DUffman's computer and ran the bot through him to cover his tracks.

I'd originally assumed that someone was using this bot AGAINST the IRC server, but it seems somebody was just using PSU IRC as a means to retrieve the IP addresses of the computers he has infected with his Trojan.

Incoming MAX Units!

Hamma: I'd tighten security in IRC if I were you.

yep if he had been smart he woulda used a hidden channel in the first place.
Not to mention, hes incredibly lucky he managed to join/leave that long without getting a ban. We need more late-night ops
:doh:
I would of been on but I was away all since thurs. :cool:

Yay! Ivan's back, PSU IRC is SAVED! :p

Saved? I'd rather think Doomed! :evil: :brow:

I would of been on but I was away all since thurs. :cool:
BS. You're a bot.

BS. You're a bot lover.
Fixed.

:nazi:

oops, wrong smilie

:love:

much better :D