1
0

Patrick.net hacked!


 invite response                
2017 Sep 22, 7:15pm   14,682 views  60 comments

by Patrick   ➕follow (55)   💰tip   ignore  

Someone badly fucked with the site. Sorry for the delay in getting it back.

« First        Comments 41 - 60 of 60        Search these comments

41   Patrick   2017 Sep 27, 9:38pm  

justme says
Patrick, how old are your backups? How much is lost? New or old stuff?


There's a backup of the database every night at 3am. So posts and comments from 3am to 6pm on Sept 22nd were lost.

I should really have some more granular system for backing up. Maybe mysql replication.
42   just_passing_through   2017 Oct 5, 8:31pm  

So today I decided to google my email address. Until recently all one would find are some posts in a frog forum.

Well today shows my email address linked up with my pat net profile on some site that seems to mirror patnet:

https://whatdidyoubid.com/
I wonder if this is somehow related to the recent hack event?
43   just_passing_through   2017 Oct 5, 8:34pm  



This is a screen shot from google - I've erased my email address.
44   Patrick   2017 Oct 5, 8:34pm  

Woah, send me a screenshot: p@patrick.net

whatdidyoubid.com was a previous site of mine, run from the same server.
45   just_passing_through   2017 Oct 5, 8:37pm  

Interesting. Somehow google crawled it and picked off my email addy?
46   WookieMan   2017 Oct 5, 8:38pm  

Saw just_passing-though's post. My email account is a burner and nothing linked to it. Did a search and here's a screenshot of the search result.
47   just_passing_through   2017 Oct 5, 8:46pm  

WookieMan says
My email account is a burner


I should have done the same. However, if Pat is able to take it down I suspect it'll eventually become un-indexed or something. Whatever happens in the long run with stale links.

Assuming Pat can take it down. O_o
48   just_passing_through   2017 Oct 5, 8:55pm  

Just some googling around and I found other ways people's email addresses are exposed. Notice the URLs are different:

49   just_passing_through   2017 Oct 5, 9:13pm  

Wow, if I search my email address on duckduckgo.com it takes me directly to my patnet profile:

/user/just_passing_through
Not sure why. My email address isn't in the page or page source. Perhaps in some metadata?
50   WookieMan   2017 Oct 5, 9:17pm  

I didn't get the same result with duckdckgo.com that you did. Google linked me back with my email to whatdidyoubid.com site.
51   WookieMan   2017 Oct 5, 9:18pm  

I'm also no longer getting any hits on my email with google either.
52   NoYes   2017 Oct 5, 9:20pm  

Must be left wing globalist damocrats evils at work
53   just_passing_through   2017 Oct 5, 9:21pm  

Status is still the same on my end. I'll just sit tight for now.
54   WookieMan   2017 Oct 5, 9:33pm  

just_passing_through says
Status is still the same on my end. I'll just sit tight for now.

WTF. My screen shot was legit. I've now searched that email in two different browsers, logged into different email clients and that search result is gone that I posted with the screen shot. Even searched the exact address in the screenshot and all the info is gone on my end.
55   Patrick   2017 Oct 5, 10:37pm  

Ugh, this is terrible.
56   RC2006   2017 Oct 5, 11:01pm  

Just shot you an email Patrick.
57   curious2   2017 Oct 6, 1:13am  

just_passing_through says
if I search my email address on duckduckgo.com it takes me directly to my patnet profile:


@Patrick, I get the same result searching my e-mail address via Google. DuckDuckGo returns a bunch of pages that don't have my e-mail address.
58   curious2   2017 Dec 19, 1:07pm  

@Patrick, when using Chrome to view PatNet in recent days, Malwarebytes blocked attempts to load several adware/malware sites. I have added them to my hosts file, with zeroes:

0.0.0.0 lenz.mx.com
0.0.0.0 popcash.net
0.0.0.0 oclaserver.com
0.0.0.0 tradexchange.com
0.0.0.0 venturead.com

The behavior seems specific to PatNet, and seems blocked by blocking scripts on the site and zeroing the domains in the hosts file. Repeated ADWCleaner and Malwarebytes scans of my system have found nothing on my machine.

In addition, the e-mail disclosure issue persists:

curious2 says
just_passing_through says
if I search my email address on duckduckgo.com it takes me directly to my patnet profile:


@Patrick, I get the same result searching my e-mail address via Google. DuckDuckGo returns a bunch of pages that don't have my e-mail address.
59   Patrick   2017 Dec 21, 8:59pm  

@curious2 I don't see any of those domains in any post or comment, so not sure why Malwarebytes would connect them to this site. Do you know which pages triggered the blocks? The only external scripts come from Youtube or Vimeo.
60   curious2   2017 Dec 22, 1:03am  

Patrick says
Do you know which pages triggered the blocks?


It happened when loading the home page in Firefox just a minute ago. Malwarebytes doesn't expressly connect the malware domains to this site, but when I load PatNet, Malwarebytes pops up repeatedly saying it blocked one site after another. It doesn't seem to happen elsewhere, at least not nearly so often.

I've been zeroing each in my hosts file, though one (barisderin.com) was already there:

0.0.0.0 admeridian.com
0.0.0.0 anytimeastrology.com
0.0.0.0 addiliate.com
0.0.0.0 barisderin.com
0.0.0.0 clickppcbuzz.com
0.0.0.0 digitaldsp.com
0.0.0.0 hotchatdate.com
0.0.0.0 lenz.mx.com
0.0.0.0 lvmobi.com
0.0.0.0 oclaserver.com
0.0.0.0 popcash.net
0.0.0.0 reimageplus.com
0.0.0.0 searchdimension.com
0.0.0.0 securesourcetofreecontent.bid
0.0.0.0 thegreatandstablecontents.download
0.0.0.0 tradeadxchange.com
0.0.0.0 venturead.com

I keep scanning my machine with ADWcleaner and Malwarebytes but they find nothing.

« First        Comments 41 - 60 of 60        Search these comments

Please register to comment:

api   best comments   contact   latest images   memes   one year ago   random   suggestions