OOTP Developments Forums - View Single Post - Hacker possibly targetting OOTP online leagues

Tony M · 12-03-2008, 09:14 AM

Just been chatting to gollum about this.

I raised an issue with Andreas a couple of days after this thread started about a potential problem and was promised an emergency patch the following day which hasn't materialised.

I don't know if this is how the hacker(s) have been compromising sites, but I was able to find the IP address of gollum's hacker within a couple of minutes of downloading his league and logging in to his ftp site and reading the log files. I could have quite easily at that point done all sorts of things to his site.

Until the emergency patch comes out there's nothing that can be done to prevent this potential way in, unless you are able to set up a separate FTP user that only has access to the OOTP directories and no access to forums, etc.

I'm not going to give the details of how this is done (for the obvious reasons that a searchable and indexed forum would put it into the public domain)

*waits for the proverbial to hit the fan now*

12-03-2008, 09:14 AM	#56
Tony M Global Moderator Join Date: Feb 2006 Location: Here Posts: 6,156	Just been chatting to gollum about this. I raised an issue with Andreas a couple of days after this thread started about a potential problem and was promised an emergency patch the following day which hasn't materialised. I don't know if this is how the hacker(s) have been compromising sites, but I was able to find the IP address of gollum's hacker within a couple of minutes of downloading his league and logging in to his ftp site and reading the log files. I could have quite easily at that point done all sorts of things to his site. Until the emergency patch comes out there's nothing that can be done to prevent this potential way in, unless you are able to set up a separate FTP user that only has access to the OOTP directories and no access to forums, etc. I'm not going to give the details of how this is done (for the obvious reasons that a searchable and indexed forum would put it into the public domain) waits for the proverbial to hit the fan now Last edited by Tony M; 12-03-2008 at 09:18 AM.