Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

Don't use LEB IRC for now - Avante Hosting Did This

Don't use LEB IRC for now - Avante Hosting Did This

SpencerSpencer Member
edited October 2012 in General

Well the owner of Avante Hosting (Chris) has just done an IRC channel takeover. Lets see how this plays out.

«1

Comments

  • SpiritSpirit Administrator

    T/O at freenode? Heh...

  • What?

    I am no longer affiliated with IPXcore.
  • Log:

    - Hackintech joined
    - ChanServ set mode: +o Hackintech 
    - Hackintech set mode: -o+b TheHackBox *!*TheHackBo@*2607:5300:20:201::1:2772 
    - TheHackBox left (Kicked by Hackintech with the foliowing reason: TheHackBox)
    - Hackintech set mode: -bbbb *!*TheHackBo@*2607:5300:20:201::1:2772 *!*@gateway* *!*d86ce1f1@*.216.108.225.241 *!*@2002:d826:1fb0::d826:1fb0 
    - Hackintech set mode: -bbbb ChrisK*!*@* *!*4532c930@*.69.50.201.48 *!*182e070c@*.24.46.7.12 *jews*!*@* 
    - Hackintech set mode: -bbbb *!*@has.been.strangled.net *!*lebot@*.mikho.net Jacob_Phone!*@* *!*@*/naruto 
    - Hackintech set mode: -bbbb Naruto!*@* *!*[email protected]* *!*Ubuntu@*2607:5300:40:201::1:3298 Jacob_LET!*@* 
    - Hackintech set mode: -bbbb desktop_!*@* *!*desktop@*.17-2.cable.virginmedia.com *!*[email protected]* *!*[email protected]* 
    - Hackintech set mode: -bbb *!*@149.254.234.235 *!*@cpc1-know11-2-0-cust490.know.cable.virginmedia.com *!*[email protected]* 
    - TheHackBox joined
    - Hackintech set mode: +b *!*TheHackBo@*2607:5300:20:201::1:2772 
    - TheHackBox left (Kicked by Hackintech with the foliowing reason: TheHackBox)
    what is going on
    - Hackintech is now known as [HTP]
    - popcorn112 joined
    hello everyone
    - popcorn112 is now known as ChrisK_
    - [HTP] set mode: -o+b dmmcintyre3 *!*@italy.d3vm.net 
    - dmmcintyre3 left (Kicked by [HTP] with the foliowing reason: dmmcintyre3)
    - [HTP] set mode: -o+b Humza *!*@199.192.231.35 
    - Humza left (Kicked by [HTP] with the foliowing reason: Humza)
    - [HTP] set mode: -o+b Kate *!*@66.154.99.146 
    - Kate left (Kicked by [HTP] with the foliowing reason: Kate)
    - [HTP] set mode: -o+b WilliamEDIS *!*@this.reverse.dns.is.as.hot.as.william.ir 
    - WilliamEDIS left (Kicked by [HTP] with the foliowing reason: WilliamEDIS)
    - [HTP] set mode: -o+b Zigara *!*@pdpc/supporter/gold/zigara 
    - Zigara left (Kicked by [HTP] with the foliowing reason: Zigara)
    - [HTP] set mode: -o+b [Derek] *!*@unaffiliated/derek/x-8562683 
    - [Derek] left (Kicked by [HTP] with the foliowing reason: [Derek])
    - [HTP] set mode: +o ChrisK_ 
    - ChanServ set mode: -o ChrisK_ 
    <[HTP]>op #lowendbox ChrisK_
    wtf just happened.
    - grabspopcorn left (Kicked by [HTP] with the foliowing reason: grabspopcorn)
    - grabspopcorn joined
        - Whois list of [HTP]
        - Realname: LBr
        - Hostmask: [HTP]![email protected] *
        - [HTP] is on: @#lowendbox 
        - Server: pratchett.freenode.net (Rennes, France)
        - is using a secure connection ([HTP])
        - [HTP] is authed as Hackintech
        - End of /WHOIS list.
    that is interesting
    a channel takeover on freenpode
    freenode *
    - [HTP] left
    - [HTP] joined
    - [HTP] is now known as Hackintech
    - ChanServ set mode: +o Hackintech 
    - Hackintech set mode: +v joepie91 
    - Hackintech set mode: -v joepie91 
    - Hackintech set mode: +v joepie91 
    - Hackintech set mode: -v joepie91 
    [...snip...]
    - Hackintech set mode: +v joepie91 
    - Hackintech set mode: -v joepie91 
    - Hackintech set mode: +v joepie91 
    - Hackintech set mode: -v joepie91 
    - Hackintech set mode: +vvvv _garrett_ aaaaron AGoodName alina_ 
    - Hackintech set mode: +vvvv anounyym1 Atlas averell Backtogeek 
    - Hackintech set mode: +vvvv balltongu ben1066 BigTim Boltersdriveer 
    - Hackintech set mode: +vvvv br45 breton Buglouse bullfrog3459 
    - Hackintech set mode: +vvvv catatonic chrtr contempt Cr4zi3 
    - Hackintech set mode: +vvvv CyberSix damian dbc DimeCadmium 
    - Hackintech set mode: +vvvv djvdorp droobox duckstep dx 
    - Hackintech set mode: +vv dxrt eggburt 
    - Hackintech set mode: +vvvv ElectRo` emilv epsilon figaro 
    - Hackintech set mode: +vvvv fixi flotwig FRCorey FreeSpencer 
    - Hackintech set mode: +vvvv frog Fudgely ganeshanator giod 
    - Hackintech set mode: +vvvv grabspopcorn graphics grummund guppy 
    - Hackintech set mode: +vvvv HalfEatenPie hawtiepy^ hazardous heroux 
    - Hackintech set mode: +vvvv hifi illunatic Ishaq ispirto 
    - Hackintech set mode: +vvvv Jam666 JamUnix jbiloh-cc JElliot 
    - Hackintech set mode: +vvvv jgeboski JoeMerit joepie91 Johnston 
    - Hackintech set mode: +vvvv kanzure katten kbar KriZtoV 
    - Hackintech set mode: +vvvv kro[au] ksx4system KuJoe lbft 
    - Hackintech set mode: +vvvv lemon-tree LowEndLiam Lrrr luke911 
    - Hackintech set mode: +vvvv Maccer makaze_ matt[scrdspd] maxexcloo 
    - Hackintech set mode: +vvvv mercutio mikho MissionCritical miTgiB 
    - Hackintech set mode: +vvvv MorkBork mpkossen ndempiz Nick_A 
    - Hackintech set mode: +vv nickmoeck nickzxcv 
    - Hackintech set mode: +vvvv phuzion Pixelz portalgo1 premeteus 
    - Hackintech set mode: +vvvv rain` Red_M riake riddle 
    - Hackintech set mode: +vvvv Ritche rkantos rm rodgort 
    - Hackintech set mode: +vvvv Rolz Roph RurouniKenshin satellite 
    - Hackintech set mode: +vvvv sentabi sergeys Shenni skskill__ 
    - Hackintech set mode: +vvvv sonitty_ SpeedBus-Away spindritf Spirit 
    - Hackintech set mode: +vvvv Spitfire Stoob__ StudioD sungem 
    - Hackintech set mode: +vv Timmi TobiasTheViking 
    - Hackintech set mode: +vvvv tuvwx unique vin vldcnst 
    - Hackintech set mode: +vvv Voss Wintereise Woet 
    - Hackintech set mode: +vvvv novaflash nunim oliau onepound 
    - Hackintech set mode: +vvvv Oriona Paretsky TommehM toxic 
    - Hackintech set mode: +vvvv tuv Zen_LET zenitraM zu0 
    - Whois list of Hackintech
    - Realname: LBr
    - Hostmask: Hackintech![email protected] *
    - Hackintech is on: @#lowendbox 
    - Server: pratchett.freenode.net (Rennes, France)
    - is using a secure connection (Hackintech)
    - Hackintech is authed as Hackintech
    - End of /WHOIS list.
    - Hackintech is now known as HTP
        - NickServ: Information on Hackintech (account Hackintech):
        - NickServ: Registered : Apr 04 00:40:18 2011 (1 year, 27 weeks, 2 days, 23:58:22 ago)
        - NickServ: Last addr  : [email protected]
        - NickServ: Last seen  : Oct 12 00:38:40 2012 (0 seconds ago)
        - NickServ: User seen  : now
        - NickServ: Flags      : HideMail
        - NickServ: *** End of Info ***
    - TheHackBox joined
    - TheHackBox left (Kicked by HTP with the foliowing reason: TheHackBox)
    - TheHackBox joined
    - HTP is now known as TheHackedBox
    - TheHackBox left (Kicked by TheHackedBox with the foliowing reason: TheHackBox)
    - TheHackBox joined
    - ChanServ set mode: +o TheHackBox 
    - TheHackBox set mode: +b *!*[email protected]* 
    - jeffree joined
    - TheHackBox left (Kicked by TheHackedBox with the foliowing reason: TheHackBox)
    - TheHackedBox left (Kicked by TheHackBox with the foliowing reason: TheHackedBox)
    - TheHackBox joined
    - ChanServ set mode: +o TheHackBox 
    - TheHackBox set mode: +b *!*ChrisK@*.cpe.net.cable.rogers.com 
    - TheHackedBox joined
    - TheHackedBox is now known as Hackintech
    - TheHackBox set mode: +b *!*[email protected]* 
    - Hackintech left (Kicked by TheHackBox with the foliowing reason: Hackintech)
    

    Interesting thing to note: ChrisK used Hackintech as alternative nick, see the NickServ information with ChrisK's ident.

    Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox

  • @Spencer What're you talking about?

  • Don't come to watch internet drama? YOU WOULD HAVE TO BE AN IDIOT TO MISS OUT ON THIS FREE ENTERTAINMENT! /popcorn_in_the_microwave

    When you find that perfect VPS, KEEP IT.

  • SpiritSpirit Administrator
    edited October 2012

    @LAKid - It seems like one of #lowendbox channel operators was owned and IRC channel temporary taken (or they are just joking?) which is at freenode network (network with channel services) pretty much useless thing to do.

  • @joepie91 said: ChrisK used Hackintech as alternative nick, see the NickServ information with ChrisK's ident.

    AFAIK Hackintech is one of TheHackBox's nicknames, his cloak contained it.

    Perhaps the attacker compromised that NickServ account.

  • @Spirit said: It seems like one of channel operators was owned and IRC channel temporary taken (or they are just joking?) which is at freenode network (network with channel services) pretty much useless thing to do.

    Nope that is exactly what happened.

  • I got it under control for now.

    This signature is brought to you by the NSA. Spying on the entire world since 1952!

  • @lbft said: AFAIK Hackintech is one of TheHackBox's nicknames, his cloak contained it.

    Perhaps the attacker compromised that NickServ account.

    So it seems. Regardless, it's clear that it was ChrisK that actually did the takeover.

    Oh, also, goodies: the NickServ info contains his home IP :)

    Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox

  • @TheHackBox Should use better security, 'password' is a bad password...

    When you find that perfect VPS, KEEP IT.

    Thanked by 1lbft
  • I did not do the actual takeover, someone opped me once it was done.

  • TheHackBoxTheHackBox Member
    edited October 2012

    @ChrisK said: I did not do the actual takeover, someone opped me once it was done.

    -NickServ- Hackintech!~ChrisK@REMOVED has just authenticated as you (Hackintech)
    

    you were saying.

    This signature is brought to you by the NSA. Spying on the entire world since 1952!

  • In case there's doubt about the authenticity of the login notice / NickServ info:

    image

    Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox

  • ChrisKChrisK Member
    edited October 2012

    Yes they gave me access after they had gotten your password.

  • Also btw I am Hackintech, TheHackBox is another nick I go by (to stop any confusion)

    This signature is brought to you by the NSA. Spying on the entire world since 1952!

  • @ChrisK said: Yes they gave me access after they had gotten your password.

    Well you're done. @Chief is going to love this.

    This signature is brought to you by the NSA. Spying on the entire world since 1952!

  • [INFO] This channel is invite-only. You must have an invite from an existing member of the channel to join.

    D=

    SupremeBytes, LLC - Damien Burke

  • ChrisKChrisK Member
    edited October 2012

    There was a person who I know named chippy1337 and he told me to run a few commands, in which I authenticated myself... Note I'm not an IRC expert, I'm quite inexperienced

  • @ChrisK Have you not learned from the dozens of people before you that were busted on LET for lying?

    When you find that perfect VPS, KEEP IT.

  • @TheHackBox If you could control your rage banning I'm sure that would make the world a better place.

  • SpiritSpirit Administrator
    edited October 2012

    @ChrisK said: Note I'm not an IRC expert.

    Not that I am defending him but this part is most likely true. He was rare #lowendtalk user who IRC most of the time from localhost and use webchat instead real IRC client.

    @ChrisK doing this or only being part of this is really dumbt thing to do. You gain nothing with that at freenode network.

  • @Spirit I wish I wasn't apart of this, it seems it wasn't my choice. I just got a message with with a command, copy/pasted and bam I was another user and was op. Surely if I planned to do this I wouldn't do it under my real IP or nickname..

  • SpiritSpirit Administrator
    edited October 2012

    It was your choice. You don't blindly follow commands from "unknown" people from internet or do you? And even without causing any real damage (it's just little useless spam flood after all) people will be pissed off everytime they will see your nickname here. Counterproductive.

    Thanked by 1[Deleted User]
  • @ChrisK said: I wish I wasn't apart of this, it seems it wasn't my choice. I just got a message with with a command, copy/pasted and bam I was another user and was op. Surely if I planned to do this I wouldn't do it under my real IP or nickname..

    Thats not what you said on skype!

    image

    Note that the only reason I wanted OP was so I could ban you and unban TheHackBox, per TheHackBox instructions.

  • @ChrisK said: Note I'm not an IRC expert.

    You are living proof you just can't fix stupid

    Hostigation High Resource Hosting - SolusVM OpenVZ/KVM VPS
  • Luckily I don't go on IRC too often, and I don't enjoy it that much anyway. It seems @TheHackBox gets upset easily and bans people who think a certain way.

  • @ChrisK said: Luckily I don't go on IRC too often, and I don't enjoy it that much anyway. It seems @TheHackBox gets upset easily and bans people who think a certain way.

    That's cute.

    This signature is brought to you by the NSA. Spying on the entire world since 1952!

    Thanked by 1djvdorp
  • Why don't you all just go to #lowendtalk?

    SupremeBytes, LLC - Damien Burke

  • SpiritSpirit Administrator
    edited October 2012

    @miTgiB said: You are living proof you just can't fix stupid

    Just think about all stupid things you did in your past and look at you now... we all love you! :)

    (sorry, I couldn't resist ;-)

  • @Spencer As I said, chippy1337 provided me with a password used by an opped user.. Thanks for your comment though!

  • alexalex Member
    edited October 2012

    [double post]

    DomainAgent - a smart tool for keeping details of domains you own. We're on twitter too!
  • @ChrisK said: I wish I wasn't apart of this, it seems it wasn't my choice. I just got a message with with a command, copy/pasted and bam I was another user and was op. Surely if I planned to do this I wouldn't do it under my real IP or nickname..

    unless you're a moron

    DomainAgent - a smart tool for keeping details of domains you own. We're on twitter too!
  • @Alex

    Right, which I'm not.

  • SpiritSpirit Administrator
    edited October 2012

    @DamienSB said: Why don't you all just go to #lowendtalk?

    What for? It's freenode. Channel was back in right hands in few minutes. All this was just little stupid meaningless excess. We have something to talk about now but not real damage done (apart from @TheHackBox auth pass ownage - that's the only real nasty thing done).

  • So I ate a sandwich today.

    wait is this the Cest Pit?

    Catalyst Host - Pie Approved!
    Thanked by 3lbft Legendlink djvdorp
  • If you go into #lowendtalk that chippy1337 guy is there

  • @ChrisK said: There was a person who I know named chippy1337 and he told me to run a few commands, in which I authenticated myself...

    Even if I believed that (I don't) I'm glad that I never trusted my data to someone who would copy-and-paste commands from someone else without knowing what they do.

  • @lbft Its IRC.

  • ihatetonyyihatetonyy Member
    edited October 2012

    image

    @ChrisK: Most clients have commands that can directly execute things on the machine..

    "We are in a prison drama. This is like The Shawshank Redemption, only with more tunneling through shit and no fucking redemption."
  • @alex said: unless you're a moron @ChrisK said: @Alex Right, which I'm not.

    image

    When you find that perfect VPS, KEEP IT.

  • @ChrisK said: @lbft Its IRC.

    Yes. It's IRC. RFC 1459 (and followups). Unless you were trying to imply that it being a certain protocol somehow gave you a free pass to be an idiot?

    Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox

  • @Joepie91 There is no need to be rude. As I said someone named 'chippy1337' contacted me on IRC..

  • @ChrisK said: There is no need to be rude.

    Why do you play this card every time you avoid answering anything?

    Hostigation High Resource Hosting - SolusVM OpenVZ/KVM VPS
  • @ChrisK said: @Joepie91 There is no need to be rude. As I said someone named 'chippy1337' contacted me on IRC..

    I think that 'need to be rude' originates from your involvement in this whole thing.

    Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox

    Thanked by 1Chief
  • This isn't where I parked my car.

    jarland.me | Read about my new hosting experiment.

  • TazTaz Disabled

    Let the party hit the floor. Let the party hit the floor.

    Time is good and also bad. Life is short and that is sad. Dont worry be happy thats my style. No matter what happens i won't lose my smile!

  • @Taz hate to break it to you... but if you were thinking of the song by Drowning Pool, then it's "Let the bodies hit the floor".

    awkward turtle

    VPN.sh - Secure and affordable VPN services

  • TazTaz Disabled

    Just pulled it off my head lol.

    Time is good and also bad. Life is short and that is sad. Dont worry be happy thats my style. No matter what happens i won't lose my smile!

Sign In or Register to comment.