Hackers ?

[Dr.Flay]

The last couple of nights I have had major problems connecting to the site.
It varies between being incredibly slow, or showing me a database error, or not working at all.
Has their been any maintenance ?

If not, then can someone check if the host or site has been under attack between the hours of 3 and 5am GMT.
It has been about 4am GMT each time I visited.
+1 hour for the host in Hamburg.

[KingJosh]

I have been having the same problems as doc describes, sometimes it is slow to connect or cant connect at all. Although I didn't write down the exact hour / time that this occurred, but it has been doing this alot for the past several days.

[Carbon]

I read in another thread that Shade had to restart the server for some undisclosed reason, but I read nothing about being hacked or the like. Seems fine now.

[Feralidragon]

I told Shade about the site being down, and so far he couldn't figure out what was going on. A restart fixed it though, so it may have something to do with the temporary folder or the database going nuts.

[Chamberly]

I don't think there are hackers involved. Probably a little hic-cup somewhere where a problem happened every once in awhile.

[Dr.Flay]

When it first happened it was just very slow, so I tried to pump it through the Coral CDN.
It was there I noticed something odd.
Normally whenever you use the Cache, it will serve the site from one of many servers around the world.
Refresh the page and you hop to another server.
While this site was being "odd", I was permanently connecting to a server in Hong Kong. No matter how many times I refreshed I stayed in China.
The following day when it happened again, guess what ? Once again I could only get served from Hong Kong

I know security practices in the UT world are very poor. Often it shocks me with the level of chance people take hosting peoples accounts.
I just did a few tests and this site has a serious problem.
There is no functioning encryption, or any that you can safely use.
http://w3techs.com/sites/info/ut99.org
http://www.whynopadlock.com

Try going to your most sensitive part of the control panel. Your account data where you set your password, but this time force it to use HTTPS (this is what it should always use ! )
https://www.ut99.org/ucp.php?i=profile&mode=reg_details
And here we see the lack of SSL in Firefox with the Calomel plugin.

Opera is set to show me unknown certificates, and this is what I see when I force HTTPS

I had to over-ride Firefox's default TLS setting to accept the connection, and then I can see;

I thought, OK it may be simply because the certificate does not match this site, so I'll check the site the certificate is for.
https://panel.myservr.org
Guess what ?

panel.myservr (2).png (10.9 KiB) Viewed 2584 times

It is not even valid on their own site.

Unless any of you have specifically used HTTPS here, and forced your browser to accept a bad certificate, then all of the logins and tokens on this site are "in the clear", meaning plain raw ASCII.
Using a bad or unverifiable certificate puts you at risk of a "man in the middle" attack, but not using it means anyone can sniff the data.
Changing your passwords will not even help as they can read your new one as soon as you log back in.

Very simply this site needs a certificate that browsers will use or even recognise, or there is no point having one.
It could be worse. At least this site is not as bad as Unreal Admin. Not only have they have used a poor choice of encryption, it expired 7 years ago
Try forcing HTTPS https://www.unrealadmin.org
There is a reason why certificates are only temporary

http://my.opera.com/dr-flay/blog/security
http://my.opera.com/dr-flay/blog/online-anti-malware

[papercoffee]

To be true ...It's all Greek to me.
Sorry to be that blunt, but I never hosted anything or rented a server in my life.

[player]

At least this site is not as bad as Unreal Admin

No. This site is worse, https://www.unrealadmin.org works while https://www.ut99.org does not.
password field in the login form is md5-hashed in UA while here is in plaintext

[Dr.Flay]

That is still weak in 2014, and will only stop casual sniffers.
Are the server and database encrypted ? and if so how poorly ? and how old is that key ?

My point stands. They are both using poor encryption if you choose to use it.
Both have to be forced to be accepted (which you should never do), and again I have to over-ride Firefox 27 default minimum allowable SSL/TLS setting, or I am blocked

Once unlocked, FF then shows you the risks.

More than anything it shows how much any site gives a damn about security (theirs or yours).

Other than the fact that the certificate expired in 2007, looking at it also shows a lack of grasping the f*ckup they made.
Self-signed certificates are not for public use (unless you are a certificate vendor).
They are for private networks and personal communication.
By their nature they are only to be trusted on that network.

A self-signed key is only as trustworthy as the admin or anyone that has had admin access (hacker or otherwise) during the period of key use.
In this case the key in question has been around since 2005.
So in the last 9 years, have there really been no problems with staff or hackers ?
A lot of people have had the chance to backup the private key in that time.

The "cherry on the cake" for me, is the fact that as it is a home-made certificate, it was FREE and they could use any of the available better encryptions. It looks like someones first practice key, where they left it at basic defaults
At any time in the last 7 years another key could have been made

These days people find it more convenient and profitable to get access to the database, and cross reference your password and email with other sites they find you use.
The idea in not to attract attention, and not leave any obvious evidence. The damage is always done later.
Look at what happened to Adobe when they had their database copied. With that many emails addresses and passwords you can guarantee a jackpot, as many people use the same passwords everywhere.

All public sites that have members of the public join and login, need to encrypt their server and use PGP as the first choice of web SSL encryption.
https://www.eff.org/https-everywhere/deploying-https
Helpful plugins
https://www.eff.org/https-everywhere
https://calomel.org (Firefox only)
http://w3techs.com/sites

[Shade]

There was no attack. An application on the server just had a memory leak.

@Dr.Flay: The certificate has nothing to do with this incident. In addition, this certificate (which was created by a trustworthy person indeed) exists for a private purpose, for which this kind of certificate is completely enough. It was never meant for securing the data transmission of UT99.org.

Anyway, thank you for you concerns. Maybe, UT99.org will switch to HTTPS soon.

I will close this thread now. If anyone has still questions about the security of the server or the site (which is important for me), please contact me via PM.