« prev   random   next »

1
1

Patrick.net hacked!

By Patrick following x   2017 Sep 22, 7:15pm 4,740 views   69 comments   watch   sfw   quote     share    


Someone badly fucked with the site. Sorry for the delay in getting it back.

« First    « Previous     Comments 27 - 66 of 66     Last »

30   Ceffer   ignore (1)   2017 Sep 22, 11:18pm   ↑ like (3)   ↓ dislike (0)   quote        

Yup, my one banner is gone. However, I still have my deluded follower.

31   Booger   ignore (1)   2017 Sep 23, 6:21am   ↑ like (2)   ↓ dislike (0)   quote        

jvolstad says

Does a Realtor live near you?

Like a Realtor has the skills to hack a website!

32   HEY YOU   ignore (7)   2017 Sep 23, 7:51am   ↑ like (0)   ↓ dislike (0)   quote        

jazz_music says

he's snarky, disingenuous, self-glorifying and droll.

Thought that was a general description of all Patnetters!
....

Those that are so engrossed with technology will do nothing to stop hackers so could you please STFU.

33   Quigley   ignore (0)   2017 Sep 23, 8:04am   ↑ like (3)   ↓ dislike (0)   quote        

jazz_music says

So is this Strategist's homepage now?

Was the reason the site came down to defeat banning the fucking trolls?

If you are such a delicate snowflake that you can't stand to read different opinions, kindly butt out and leave this site to those with a little more intestinal fortitude! The sheer arrogance of your position is obvious to everyone but you.

34   Booger   ignore (1)   2017 Sep 23, 8:29am   ↑ like (1)   ↓ dislike (0)   quote        

anonymous says

Benghazi !

DNC Headquarters Hackers !

RNC Headquarters Hackers !

Inside job by a disgruntled member ! ( How come we never see the term "gruntled" when describing someone ? )

CiC's Revenge !

False Flag and Conspiracy ! (Any moulage kits or smoking guns left behind ? )

A Trumpette !

A Clintonette !

Benghazi !

Antifa.

35   curious2   ignore (1)   2017 Sep 23, 6:31pm   ↑ like (0)   ↓ dislike (0)   quote        

Patrick says


Patrick.net hacked!


@Patrick, is there any information on what the hacker(s) did besides briefly knocking the site offline? I'm wondering if the hack might presage a doxing campaign and/or adding people to an ISIL/Daesh kill list, in support of the "Muslim world plan against blasphemous content" that our government enables Pakistan to lead.
36   Booger   ignore (1)   2017 Sep 23, 7:04pm   ↑ like (0)   ↓ dislike (0)   quote        

Pictures still not working.

37   Patrick   ignore (0)   2017 Sep 23, 7:19pm   ↑ like (1)   ↓ dislike (0)   quote        

Yes, will get pictures back soon.

38   Patrick   ignore (0)   2017 Sep 23, 7:22pm   ↑ like (2)   ↓ dislike (0)   quote        

curious2 says

is there any information on what the hacker(s) did besides briefly knocking the site offline?

I think they just found some data that was indigestible to my site by trying lots of things.

There was a flurry of hits from lots of different places, and some attempts to inject sql right before it went down. I can see that much from the nginx logs.

Unfortunately, the way I brought the site back was to restore the database from the previous night. I should have kept a copy of the bad data for analysis, but did not.

39   Ceffer   ignore (1)   2017 Sep 23, 7:23pm   ↑ like (0)   ↓ dislike (0)   quote        

Can't upload images any more from my end.

40   Dan8267   ignore (3)   2017 Sep 23, 10:05pm   ↑ like (2)   ↓ dislike (1)   quote        

Strategist says
And there are people like Jazz and Dan, who keep putting me on ignore, because they hate facts.


Facts?
41   Dan8267   ignore (3)   2017 Sep 23, 10:06pm   ↑ like (0)   ↓ dislike (0)   quote        

Patrick says
Patrick.net hacked!


Was that why it was down yesterday?
42   Patrick   ignore (0)   2017 Sep 23, 10:07pm   ↑ like (0)   ↓ dislike (0)   quote        

Yes, I don't know exactly how they did it, but fixed a few possible holes and have better monitoring in place now.
43   WatermelonUniversity   ignore (1)   2017 Sep 24, 6:27pm   ↑ like (0)   ↓ dislike (1)   quote        

patnet needs a security consultant. and i mean a REAL one, not curious2.
44   NuttBoxer   ignore (2)   2017 Sep 27, 11:18am   ↑ like (1)   ↓ dislike (0)   quote        

They were after the porn!!
45   justme   ignore (0)   2017 Sep 27, 11:38am   ↑ like (0)   ↓ dislike (0)   quote        

@Patrick, how old are your backups? How much is lost? New or old stuff?
46   anonymous   ignore (null)   2017 Sep 27, 12:11pm   ↑ like (0)   ↓ dislike (0)   quote        

It was the russians, we were getting close to the truth so they attacked with lucifer 6.66
47   Patrick   ignore (0)   2017 Sep 27, 9:38pm   ↑ like (0)   ↓ dislike (0)   quote        

justme says
Patrick, how old are your backups? How much is lost? New or old stuff?


There's a backup of the database every night at 3am. So posts and comments from 3am to 6pm on Sept 22nd were lost.

I should really have some more granular system for backing up. Maybe mysql replication.
48   just_passing_through   ignore (0)   2017 Oct 5, 8:31pm   ↑ like (0)   ↓ dislike (0)   quote        

So today I decided to google my email address. Until recently all one would find are some posts in a frog forum.

Well today shows my email address linked up with my pat net profile on some site that seems to mirror patnet:

https://whatdidyoubid.com/
I wonder if this is somehow related to the recent hack event?
49   just_passing_through   ignore (0)   2017 Oct 5, 8:34pm   ↑ like (0)   ↓ dislike (0)   quote        



This is a screen shot from google - I've erased my email address.
50   Patrick   ignore (0)   2017 Oct 5, 8:34pm   ↑ like (0)   ↓ dislike (0)   quote        

Woah, send me a screenshot: p@patrick.net

whatdidyoubid.com was a previous site of mine, run from the same server.
51   just_passing_through   ignore (0)   2017 Oct 5, 8:37pm   ↑ like (0)   ↓ dislike (0)   quote        

Interesting. Somehow google crawled it and picked off my email addy?
52   WookieMan   ignore (0)   2017 Oct 5, 8:38pm   ↑ like (0)   ↓ dislike (0)   quote        

Saw just_passing-though's post. My email account is a burner and nothing linked to it. Did a search and here's a screenshot of the search result.
53   just_passing_through   ignore (0)   2017 Oct 5, 8:46pm   ↑ like (0)   ↓ dislike (0)   quote        

WookieMan says
My email account is a burner


I should have done the same. However, if Pat is able to take it down I suspect it'll eventually become un-indexed or something. Whatever happens in the long run with stale links.

Assuming Pat can take it down. O_o
54   just_passing_through   ignore (0)   2017 Oct 5, 8:55pm   ↑ like (1)   ↓ dislike (0)   quote        

Just some googling around and I found other ways people's email addresses are exposed. Notice the URLs are different:

55   just_passing_through   ignore (0)   2017 Oct 5, 9:13pm   ↑ like (0)   ↓ dislike (0)   quote        

Wow, if I search my email address on duckduckgo.com it takes me directly to my patnet profile:

https://www.patrick.net/user/just_passing_through
Not sure why. My email address isn't in the page or page source. Perhaps in some metadata?
56   WookieMan   ignore (0)   2017 Oct 5, 9:17pm   ↑ like (0)   ↓ dislike (0)   quote        

I didn't get the same result with duckdckgo.com that you did. Google linked me back with my email to whatdidyoubid.com site.
57   WookieMan   ignore (0)   2017 Oct 5, 9:18pm   ↑ like (0)   ↓ dislike (0)   quote        

I'm also no longer getting any hits on my email with google either.
58   NoYes   ignore (2)   2017 Oct 5, 9:20pm   ↑ like (0)   ↓ dislike (0)   quote        

Must be left wing globalist damocrats evils at work
59   just_passing_through   ignore (0)   2017 Oct 5, 9:21pm   ↑ like (0)   ↓ dislike (0)   quote        

Status is still the same on my end. I'll just sit tight for now.
60   WookieMan   ignore (0)   2017 Oct 5, 9:33pm   ↑ like (1)   ↓ dislike (0)   quote        

just_passing_through says
Status is still the same on my end. I'll just sit tight for now.

WTF. My screen shot was legit. I've now searched that email in two different browsers, logged into different email clients and that search result is gone that I posted with the screen shot. Even searched the exact address in the screenshot and all the info is gone on my end.
61   Patrick   ignore (0)   2017 Oct 5, 10:37pm   ↑ like (0)   ↓ dislike (0)   quote        

Ugh, this is terrible.
62   RC2006   ignore (0)   2017 Oct 5, 11:01pm   ↑ like (0)   ↓ dislike (0)   quote        

Just shot you an email Patrick.
63   curious2   ignore (1)   2017 Oct 6, 1:13am   ↑ like (1)   ↓ dislike (0)   quote        

just_passing_through says
if I search my email address on duckduckgo.com it takes me directly to my patnet profile:


@Patrick, I get the same result searching my e-mail address via Google. DuckDuckGo returns a bunch of pages that don't have my e-mail address.
64   curious2   ignore (1)   2017 Dec 19, 1:07pm   ↑ like (0)   ↓ dislike (0)   quote        

@Patrick, when using Chrome to view PatNet in recent days, Malwarebytes blocked attempts to load several adware/malware sites. I have added them to my hosts file, with zeroes:

0.0.0.0 lenz.mx.com
0.0.0.0 popcash.net
0.0.0.0 oclaserver.com
0.0.0.0 tradexchange.com
0.0.0.0 venturead.com

The behavior seems specific to PatNet, and seems blocked by blocking scripts on the site and zeroing the domains in the hosts file. Repeated ADWCleaner and Malwarebytes scans of my system have found nothing on my machine.

In addition, the e-mail disclosure issue persists:

curious2 says
just_passing_through says
if I search my email address on duckduckgo.com it takes me directly to my patnet profile:


@Patrick, I get the same result searching my e-mail address via Google. DuckDuckGo returns a bunch of pages that don't have my e-mail address.
65   Patrick   ignore (0)   2017 Dec 21, 8:59pm   ↑ like (0)   ↓ dislike (0)   quote        

@curious2 I don't see any of those domains in any post or comment, so not sure why Malwarebytes would connect them to this site. Do you know which pages triggered the blocks? The only external scripts come from Youtube or Vimeo.
66   curious2   ignore (1)   2017 Dec 22, 1:03am   ↑ like (0)   ↓ dislike (0)   quote        

Patrick says
Do you know which pages triggered the blocks?


It happened when loading the home page in Firefox just a minute ago. Malwarebytes doesn't expressly connect the malware domains to this site, but when I load PatNet, Malwarebytes pops up repeatedly saying it blocked one site after another. It doesn't seem to happen elsewhere, at least not nearly so often.

I've been zeroing each in my hosts file, though one (barisderin.com) was already there:

0.0.0.0 admeridian.com
0.0.0.0 anytimeastrology.com
0.0.0.0 addiliate.com
0.0.0.0 barisderin.com
0.0.0.0 clickppcbuzz.com
0.0.0.0 digitaldsp.com
0.0.0.0 hotchatdate.com
0.0.0.0 lenz.mx.com
0.0.0.0 lvmobi.com
0.0.0.0 oclaserver.com
0.0.0.0 popcash.net
0.0.0.0 reimageplus.com
0.0.0.0 searchdimension.com
0.0.0.0 securesourcetofreecontent.bid
0.0.0.0 thegreatandstablecontents.download
0.0.0.0 tradeadxchange.com
0.0.0.0 venturead.com

I keep scanning my machine with ADWcleaner and Malwarebytes but they find nothing.

« First    « Previous     Comments 27 - 66 of 66     Last »





The Housing Trap
You're being set up to spend your life paying off a debt you don't need to take on, for a house that costs far more than it should. The conspirators are all around you, smiling to lure you in, carefully choosing their words and watching your reactions as they push your buttons, anxiously waiting for the moment when you sign the papers that will trap you and guarantee their payoff. Don't be just another victim of the housing market. Use this book to defend your freedom and defeat their schemes. You can win the game, but first you have to learn how to play it.
115 pages, $12.50

Kindle version available


about   best comments   contact   one year ago   suggestions