PLEASE CHANGE YOUR LOGIN PASSWORD

I have taken the time to close Cross Site Scripting vulnerability in the form code that allowed a user to gain access to your account. The person who exploited it only did so for a few people.

I was going to issue new passwords to everyone but most of you seem to create temporary email accounts on @live or other free email services so sending you the new password would be pointless.

Please take the time to select the Profile option from the top menu and change your password.

*edit

If you can't login then use the "forgot your password" link on the login page and an email will be sent to the address you used when you opened the account. If you no longer have access to that email account then "to bad so sad".

-Dennis
Edited by Dennis on Nov 23, 2008 at 09:06 PM

Thanks dennis. I was bored with no forum to post on lul.

Thanks Dennis. Almost went insane with the forums down.

I'm glad you brought us back. Thanks Dennis, password changed. Your little vacation from us must have been nice though huh?

im glad halomaps is back to. at first when i saw the screen that said you had closed the forums down, i thought your friend had ordered like... twin lobsters for brunch or something.

I thought it was a test to see if we'd spend time with our family for Thanksgiving, or sit in front of the keyboard waiting for Halomaps to return.

ah, well. i know what im doing for thanksgiving now.
also everyone watch modacity open back up now. i know they were switching servers or something, but that was a damn good time to switch on their part

I love you dennis.

What a bad time to leave CE too. -.-

I told you that Dennis would reopen the forum...

Just wondering, what caused Dennis to shut down the forums?(I haven't been looking at forums recently)

Well that is pretty messed up.

Dennis, have you banned his account yet?
Edited by gamer 2point0 on Nov 23, 2008 at 07:08 PM

It doesn't matter if he gets banned again, he can just use something that makes his IP anonymous and join the forums again. Plus, he's a wiz at hacking, so nothing really will stop him from showing his awesome surf maps for CE.

if e3po is hacking into your servers dennis, isnt that considered a form of cyber terrorism? i did some research and if im not mistaken on what he actually did, i believe its a jailable offense and fines can reach 300,000 dollars.

If I found an exploit, I would PM the site owner, not mess with everyone...
Great to see the site back up!

Yay Thx Dennis

im not sure how to help you.......

The Exploit was just for the game forum not at the server level. The exploit allowed a Cross Site Scripting attack in the PM subject or Preview screens that would allow someone to steal your cookie, not your actual password. But then the cookie could be modified to allow the hacker to login as you.

As I have said before this forum software is not my design and it has many deficiencies. If Modacity had not been down I would have removed the forum entirely and never looked back. No one is doing me a favor, or anyone else, by exploiting the forum software. If the user had just told me about it before he actually used it on people, I might have thanked him and then scheduled the fix with no fanfare, but once a user account was breached I shut the site down. If there is a next time the forum goes away completely. I do not have the time or the desire to put up with these childish antics. It wouldn't bother me in the least to close it entirely.

Just change your Password and you will be OK. The accounts that I know about that were breached have already had their passwords changed and emails sent to their account address.

*edit

If you can't login then use the "forgot your password" link on the login page and an email will be sent to the address you used when you opened the account. If you no longer have access to that email account then "to bad so sad".
Edited by Dennis on Nov 23, 2008 at 09:05 PM

well then maybe you were one of the hacked users. Check your email

Got it, ty dennis, would never have known to use the forgot password thing
Edited by Advancebo on Nov 23, 2008 at 09:09 PM

Thanks for bringing the forum back...my password has been changed. It seems like there is always people out there who have to spoil things for everyone else abiding by the rules.

I'd just press charges agains him and get a nice sum of money. It's about that time that clown gets what he deserves, and you deserve to make some sort of money to recouperate from putting your resources into the site, especially in the state of the economy. Kids here don't take you seriously, perhaps this will change their mind and make them grow up.

And buy a new car =)

I'd say give him a fine of five thousand/hundered dollars.

First of all, who the hell are you? Second of all, why shouldn't E3po get what he deserve? Don't give me he was a great contributor bullcrap. He made surf maps and tryed to boost his fame with tools that didn't work, and he continued to lie to the community about them too.

He's a liar and a troublemaker and he gets what he deserves.

Oh yeah seriously masterz is a huge jerk who is not totally right, and he never puts any thought into his posts. Oh wait...

Dennis obviously shutdown registration

Oh thats why the fbi does it all the time!

Edited by ACoLOL on Nov 24, 2008 at 08:16 AM

i think this already happened to me on youtube: a guy posted "i love to touch myself hahaha" on my youtube channel with my account

Masterz's right. E3pO has crossed the line, and I agree he should be given some sort of punishment.
However, I seriously don't think Dennis is going to pursue those charges against a 13-year-old kid who has something against what is, after all, a HOBBY, and finding him is another difficult matter entirely. I'm pretty sure E3pO (unlike me) was smart enough to not post his real name anywhere, so all you have is his forum alias and an IP address which is probably fake and thus worthless.

So while it would be the right thing to do, it would be pretty much impossible for Dennis to do so.


As for that, the FBI is the product of a government which thinks it is above the law. Supposedly they could violate Constitutional rights for "National Security". It isn't right, but who's going to stop them?
Edited by Jay2645 on Nov 24, 2008 at 10:50 AM

E3PO Has Just Been A Complete Idiot In My Opinion.

We have (sucessfully) in the past, thanks to the legal clout of our corporate clients. In any case I would not be at liberty to discuss it regardless. Speculation on this subject is pointless.

I think you guys may be getting a little ahead of yourselves here; (not Dennis, obviously)
Right, e3pO may not be the brightest of people, he's made several mistakes and lied; but just because he screwed up, doesn't mean you need to make a witch hunt out of this.

As satisfactory sueing him could be; is it really going to change anything? Chances are he will still be an idiot and not much will change except for a change in money; he may be thrown on the streets. Despite doing something very foolish, he still doesn't deserve that; nobody really does.
You just need to chill and relax and instead prepare to educate the new people that do join the forums. More idiots will come, I can assure you that; if you want to make a difference, educate the new members accordingly and appropiately and you will find that you could probably prevent a problem like this in the first place...
(Also, you don't need to flame to educate people... >.>)

EDIT:
Coming to think about it, apart from his software glitch; what has e3pO done more wrongly than certain other 'blacklisted' members here? If you want to punish him, just ignore him; you don't even need to flame to do it; it will probably work too.
There is your simple, quick and clean solution; now chill o.O
Edited by Dhark on Nov 24, 2008 at 04:46 PM

hi, its called cyber terrorism. halomaps is hosted on the same servers the UXB clients have their sites hosted on. it could cause a huge loss of sales and jeopardize UXB. e3po hacks. you have never dealt with him personally, i have. although for a positive reason, he accessed my old laptop to remove some spyware i had. it worked a lot better after he accessed it, but regardless, he did.
its not about the site, its what e3po did. trust me, you would care a hell of alot more if it were YOUR site that YOU paid out of pocket for

also, masters, as much as i agree with you, dennis stated that the hack was NOT on the server level, just the forums level. because e3po wasnt actually mucking around inside the server i dont think that the same penalties apply. regardless, he deserves what he gets