An Awkward Hacking Attempt? Turns out, No.
- Zoloft
- Trustee
- Posts: 13981
- kołdry
- Joined: Wed Mar 14, 2012 11:54 pm
- Wikipedia User: Stanistani
- Wikipedia Review Member: Zoloft
- Actual Name: William Burns
- Nom de plume: William Burns
- Location: San Diego
- Contact:
An Awkward Hacking Attempt? Turns out, No.
Yesterday, someone tried to reset the root password on our host account.
It didn't succeed, of course, but then (using the same IP) they tried to register a second account on the forum here.
They already had an account here. That would be a [finger quotes] "sock."
It was a fumbling, awkward series of moves, like a drunk frat boy trying unsuccessfully to remove his first brassiere.
This sort of nonsense is fairly common.
It's just that this odd series of events was apparently performed by a sitting Wikipedia Arbcom member.
This is their notice that if they try such shenanigans again, I will inform the requisite authorities of the violation of law such intrusions represent.
The hosting company keeps accurate logs.
It didn't succeed, of course, but then (using the same IP) they tried to register a second account on the forum here.
They already had an account here. That would be a [finger quotes] "sock."
It was a fumbling, awkward series of moves, like a drunk frat boy trying unsuccessfully to remove his first brassiere.
This sort of nonsense is fairly common.
It's just that this odd series of events was apparently performed by a sitting Wikipedia Arbcom member.
This is their notice that if they try such shenanigans again, I will inform the requisite authorities of the violation of law such intrusions represent.
The hosting company keeps accurate logs.
My avatar is sometimes indicative of my mood:
- Actual mug ◄
- Uncle Cornpone
- Zoloft bouncy pill-thing
- lilburne
- Habitué
- Posts: 4446
- Joined: Thu Mar 15, 2012 6:18 pm
- Wikipedia User: Nastytroll
- Wikipedia Review Member: Lilburne
Re: An Awkward Hacking Attempt
NYB should be ashamed of himself.
They have been inserting little memes in everybody's mind
So Google's shills can shriek there whenever they're inclined
So Google's shills can shriek there whenever they're inclined
Re: An Awkward Hacking Attempt
Wow. Socking is one thing but hacking is an unlawful activity, and depending on circumstances and practicality of prosecution can carry a term of imprisonment as penalty. I imagine you've triplechecked your data and assumptions, Zoloft. Tens of thousands of people can use a single IP, I think, but realistically at a moderately trafficked site like this, I'd suppose you can review logs and probe with your tools and get pretty solid level of confidence it's the same guy (and site member!) poking around. I can't believe whoever would've been stupid enough to hack from his regular home Internet connection?!Zoloft wrote:Yesterday, someone tried to reset the root password on our host account. It didn't succeed, of course, but then (using the same IP) they tried to register a second account on the forum here. They already had an account here. That would be a [finger quotes] "sock." It was a fumbling, awkward series of moves, like a drunk frat boy trying unsuccessfully to remove his first brassiere.
This sort of nonsense is fairly common. It's just that this odd series of events was apparently performed by a sitting Wikipedia Arbcom member. This is their notice that if they try such shenanigans again, I will inform the requisite authorities of the violation of law such intrusions represent. The hosting company keeps accurate logs.
Humbly I'd suggest you challenge every assumption you have, triplecheck every datapoint, and invite the other sysops to review the incident. Times like these it'd be nice to have a checkuser on tap to run down the suspected Arbcom connection. It'd be indefensible for him or her to checkuser the Wikipedia account but perhaps fair game on the IP, given a tip-off that it's engaged in hacking and socking and believed to have a Wikipedia connection.
I'd like to see a front-page blog article on this, seems like it would get main-stream press attention, but I figure it'd be inherently difficult to get the high level of certainty needed. Again, wow.
PS: Nice work spotting and handling this event, Zoloft. It'd be a shame if someone got in and wiped out the database. I mean Wikipediocracy is not the Washington Post or Christian Science Monitor, but there've been some decent front page features, and even in the forum there's sometimes insightful and influential conversation amidst the chatter and routine.
Edited to insert postscript.
Triptych. A Live Journal I have under other pseudonym, w. email address: Tim Song Fan. My Arbcom Accountability Project: in German. In art.
- DanMurphy
- Habitué
- Posts: 3136
- Joined: Sat Mar 17, 2012 11:58 pm
- Wikipedia User: Dan Murphy
- Wikipedia Review Member: DanMurphy
Re: An Awkward Hacking Attempt
You should bring it up with the appropriate authorities now. I'd name who you think it is too - otherwise too easy to dismiss as pot-stirring.Zoloft wrote:Yesterday, someone tried to reset the root password on our host account.
It didn't succeed, of course, but then (using the same IP) they tried to register a second account on the forum here.
They already had an account here. That would be a [finger quotes] "sock."
It was a fumbling, awkward series of moves, like a drunk frat boy trying unsuccessfully to remove his first brassiere.
This sort of nonsense is fairly common.
It's just that this odd series of events was apparently performed by a sitting Wikipedia Arbcom member.
This is their notice that if they try such shenanigans again, I will inform the requisite authorities of the violation of law such intrusions represent.
The hosting company keeps accurate logs.
- Peter Damian
- Habitué
- Posts: 4201
- Joined: Thu Mar 15, 2012 8:14 pm
- Wikipedia User: Peter Damian
- Wikipedia Review Member: Peter Damian
- Location: London
- Contact:
Re: An Awkward Hacking Attempt
I raised this at the Trustees' forum. I wanted to understand whether it was malicious or accidental. It doesn't seem as though it was accidental. I mean, I don't know really what a root password is for an internet server, and I wouldn't have the faintest idea where to look for one. This suggests that anyone actively looking to change it must have had some idea what they were doing. But I'm not an expert.
There is no doubt about the identity of the arbitrator, I'll say that much.
There is no doubt about the identity of the arbitrator, I'll say that much.
οὐκ ἀγαθὸν πολυκοιρανίη: εἷς κοίρανος ἔστω
- HRIP7
- Denizen
- Posts: 6953
- Joined: Thu Mar 15, 2012 2:05 am
- Wikipedia User: Jayen466
- Wikipedia Review Member: HRIP7
- Actual Name: Andreas Kolbe
- Location: UK
Re: An Awkward Hacking Attempt
It wasn't NYB.lilburne wrote:NYB should be ashamed of himself.
-
- Contributor
- Posts: 36
- Joined: Thu Aug 23, 2012 3:57 pm
- Wikipedia User: Reaper Eternal
- Actual Name: Brian Phillips
- Location: Ohio
Re: An Awkward Hacking Attempt
I don't think Newyorkbrad has the technical ability to perform such actions. Furthermore, he's a lawyer and would know what THAT would bring down on his head.lilburne wrote:NYB should be ashamed of himself.
No way in hell it was accidental IMHO. Attempting to reset the password on another poster's account MIGHT be accidental due to auto-form-fill-screwups filling in the wrong account name. Attempted resetting of the host's password requires knowledge of where to look.Peter Damian wrote:I wanted to understand whether it was malicious or accidental.
Are you sure? Pretty much anybody with the technical know-how to do it would know to use an open proxy, tor, or a VPN. Additionally, they'd know that resetting the password isn't going to work.Zoloft wrote:It's just that this odd series of events was apparently performed by a sitting Wikipedia Arbcom member.
Last edited by Reaper Eternal on Tue Aug 13, 2013 12:26 pm, edited 1 time in total.
- Michaeldsuarez
- Habitué
- Posts: 1764
- Joined: Sun Mar 18, 2012 2:10 am
- Wikipedia User: Michaeldsuarez
- Wikipedia Review Member: Michaeldsuarez
- Location: New York, New York
Re: An Awkward Hacking Attempt
Have you contacted ArbCom directly about your suspicions? There aren't any guarantees that the Arbitrators that visit this forum will bring the matter up on their mailing lists.Zoloft wrote:It's just that this odd series of events was apparently performed by a sitting Wikipedia Arbcom member.
This is their notice that if they try such shenanigans again, I will inform the requisite authorities of the violation of law such intrusions represent.
-
- Critic
- Posts: 294
- Joined: Sat May 05, 2012 8:07 am
- Wikipedia User: Worm That Turned
- Actual Name: Dave Craven
Re: An Awkward Hacking Attempt
I sent Zoloft the following PM when I first saw this post. Based on the further comments in this thread, i'll say it again here.
Given that NYB and I are the only two (to the best of my knowledge) sitting arbcom members who use Wikipediocracy, and the respect that I have NYB - I'm going to guess that you're pointing the finger at me.
I have no knowledge of the events you are describing, I did not perform them. What's more, I do not know how or where you could try to reset the rooot password on your host account.
If it is indeed me that you believe is the culprit, I would ask that you not "hold off", but instead go ahead and take the action that you mention.
Dave
-
- Retired
- Posts: 4130
- Joined: Thu Nov 01, 2012 1:40 pm
- Wikipedia User: Scott
- Location: London
- Contact:
Re: An Awkward Hacking Attempt
Just when you thought you were running short on ...
My question, to this esteemed Wiki community, is this: Do you think that a Wiki could successfully generate a useful encyclopedia? -- JimboWales
Yes, but in the end it wouldn't be an encyclopedia. It would be a wiki. -- WardCunningham (Jan 2001)
Yes, but in the end it wouldn't be an encyclopedia. It would be a wiki. -- WardCunningham (Jan 2001)
- Michaeldsuarez
- Habitué
- Posts: 1764
- Joined: Sun Mar 18, 2012 2:10 am
- Wikipedia User: Michaeldsuarez
- Wikipedia Review Member: Michaeldsuarez
- Location: New York, New York
Re: An Awkward Hacking Attempt
Newyorkbrad and you aren't the only Arbitrators here. I recall AGK posting here in this forums' early days. There might be more, but I don't recall.turnedworm wrote:I sent Zoloft the following PM when I first saw this post. Based on the further comments in this thread, i'll say it again here.
Given that NYB and I are the only two (to the best of my knowledge) sitting arbcom members who use Wikipediocracy, and the respect that I have NYB - I'm going to guess that you're pointing the finger at me.
I have no knowledge of the events you are describing, I did not perform them. What's more, I do not know how or where you could try to reset the rooot password on your host account.
If it is indeed me that you believe is the culprit, I would ask that you not "hold off", but instead go ahead and take the action that you mention.
Dave
I'm not sure what evidence Zololf is basing his suspicions on (Email address from the account creation attempt?), but I find the idea that an Arbitrator would do this hard to believe.
- lilburne
- Habitué
- Posts: 4446
- Joined: Thu Mar 15, 2012 6:18 pm
- Wikipedia User: Nastytroll
- Wikipedia Review Member: Lilburne
Re: An Awkward Hacking Attempt
HRIP7 wrote:It wasn't NYB.lilburne wrote:NYB should be ashamed of himself.
Ah I misread.It was a fumbling, awkward series of moves, like a drunk frat boy trying unsuccessfully to remove his first brassiere.
They have been inserting little memes in everybody's mind
So Google's shills can shriek there whenever they're inclined
So Google's shills can shriek there whenever they're inclined
Re: An Awkward Hacking Attempt
I read AGK was in Hong Kong at Wikimania 2013 living the high life on the charity's dime with Sue Gardner and Oliver Keyes, breaking only to cast the final "save Oliver" vote in his and Kiefer's arbitration. Wikimania ended Sunday, and AGK couldn't really have returned by yesterday (Monday) could he? Lilburne's first comment re: NYB was so absurd a prospect that I took it as humor. Wormthatturned has just issued a public and unequivocal denial. There could be yet other arbs with accounts here.Michaeldsuarez wrote:Newyorkbrad and you aren't the only Arbitrators here. I recall AGK posting here in this forums' early days. There might be more, but I don't recall. I'm not sure what evidence Zololf is basing his suspicions on (Email address from the account creation attempt?), but I find the idea that an Arbitrator would do this hard to believe.turnedworm wrote:I sent Zoloft the following PM when I first saw this post. Based on the further comments in this thread, i'll say it again here.
Given that NYB and I are the only two (to the best of my knowledge) sitting arbcom members who use Wikipediocracy...
I love a good whodunnit, and I think the thread is within the limits of propriety right now, but I caution the good people behind Wikipediocracy to avoid a direct statement of hacking against an other-than-merely-pseudonymous arbitrator, because I believe that would be an allegation of criminality. That is, unless you have a good faith and reasoned belief to do that.
Triptych. A Live Journal I have under other pseudonym, w. email address: Tim Song Fan. My Arbcom Accountability Project: in German. In art.
Re: An Awkward Hacking Attempt
What do you mean by this, exactly? The root of your own (presumably some flavor of unix) server on which this resides? Or did they click the "Forgot password" link on the support site, i.e. this ?Zoloft wrote:Yesterday, someone tried to reset the root password on our host account.
If it's the latter, that may be on a bit shakier grounds irt "hacking", if the authorities get involved.
"The world needs bad men. We keep the other bad men from the door."
- lilburne
- Habitué
- Posts: 4446
- Joined: Thu Mar 15, 2012 6:18 pm
- Wikipedia User: Nastytroll
- Wikipedia Review Member: Lilburne
Re: An Awkward Hacking Attempt
I take it that when Z says host account he's not talking about the phpBB or wordpress apps but fastdomain account.
They have been inserting little memes in everybody's mind
So Google's shills can shriek there whenever they're inclined
So Google's shills can shriek there whenever they're inclined
-
- Retired
- Posts: 2723
- Joined: Wed Mar 14, 2012 11:32 pm
- Wikipedia User: tiucsibgod
Re: An Awkward Hacking Attempt
As the speculation isn't helpful let's be clear what the events were.Tarc wrote:What do you mean by this, exactly? The root of your own (presumably some flavor of unix) server on which this resides? Or did they click the "Forgot password" link on the support site, i.e. this ?Zoloft wrote:Yesterday, someone tried to reset the root password on our host account.
If it's the latter, that may be on a bit shakier grounds irt "hacking", if the authorities get involved.
1) We got the standard security email along the lines of "Someone has tried to change the password for the hosting package".
2) Zoloft was able to tie that via the IP address used to a new account request named obviously as related to the old account.
3) The old account was then able to log in at about the same time.
I am inclined to the thought that there was a confusion that led to trying to reset the password rather than a deliberate hacking attempt, as there wasn't any attempt at disguising the user. However, there are other possibilities (compromised account, stupidity, maliciousness). We were just surprised that if someone fell down the rabbit hole and found themselves at the door, trying to force the door is inappropriate (though I can understand rattling the door handle out of curiosity).
The point of Zoloft's post is that if someone was having some bright idea, they have been warned off, but as mentioned, it is not exactly clear and we should not put down to maliciousness what can easily be explained by beer or incompetence.
Time for a new signature.
-
- Retired
- Posts: 4130
- Joined: Thu Nov 01, 2012 1:40 pm
- Wikipedia User: Scott
- Location: London
- Contact:
Re: An Awkward Hacking Attempt
That sounds like massive technology skills failure to me, rather than an attempt at hacking. Particularly because of the "named obviously as related to the old account".
My question, to this esteemed Wiki community, is this: Do you think that a Wiki could successfully generate a useful encyclopedia? -- JimboWales
Yes, but in the end it wouldn't be an encyclopedia. It would be a wiki. -- WardCunningham (Jan 2001)
Yes, but in the end it wouldn't be an encyclopedia. It would be a wiki. -- WardCunningham (Jan 2001)
- Captain Occam
- Gregarious
- Posts: 886
- Joined: Sun Nov 11, 2012 12:08 am
Re: An Awkward Hacking Attempt
As someone who was hacked multiple times several years ago, and knew exactly who was doing it, I have to say it isn't very likely you'd be able to get the authorities to prosecute whoever was responsible for this. When I tried to do that in my own case, what I learned is that any offense that's committed across state lines falls under FBI jurisdiction, but the FBI doesn't have the resources to investigate any attack that causes less than $5000 worth of damage. That was in 2005, but I don't imagine this is likely to have changed since then.
Another thing you can do is report them to their ISP, but ISPs won't typically take action about things like this unless they have a string of complaints from multiple sources about a single customer.
If the perpetrator really is a member of ArbCom, and you determine that it really was an actual attempt at hacking, I think the best thing you can do is publicize the identity of who was responsible. It's going to be a major embarrassment for someone in a position of authority to have it revealed they were doing this.
Another thing you can do is report them to their ISP, but ISPs won't typically take action about things like this unless they have a string of complaints from multiple sources about a single customer.
If the perpetrator really is a member of ArbCom, and you determine that it really was an actual attempt at hacking, I think the best thing you can do is publicize the identity of who was responsible. It's going to be a major embarrassment for someone in a position of authority to have it revealed they were doing this.
-
- Retired
- Posts: 2723
- Joined: Wed Mar 14, 2012 11:32 pm
- Wikipedia User: tiucsibgod
Re: An Awkward Hacking Attempt
As I said, it isn't really clear whether this was incompetence or otherwise, so we are awaiting an explanation. It might have been better to await the explanation (or failure to explain) before posting this thread in retrospect, consider it an irritated outburst for now.Captain Occam wrote:If the perpetrator really is a member of ArbCom, and you determine that it really was an actual attempt at hacking, I think the best thing you can do is publicize the identity of who was responsible. It's going to be a major embarrassment for someone in a position of authority to have it revealed they were doing this.
Time for a new signature.
- The Devil's Advocate
- Habitué
- Posts: 1906
- Joined: Thu Jun 14, 2012 12:19 am
- Wikipedia User: The Devil's Advocate
Re: An Awkward Hacking Attempt
Kirill also has an account here, though he hasn't used it. NuclearWarfare has an account and made one post.Michaeldsuarez wrote:Newyorkbrad and you aren't the only Arbitrators here. I recall AGK posting here in this forums' early days. There might be more, but I don't recall.
"For those who stubbornly seek freedom around the world, there can be no more urgent task than to come to understand the mechanisms and practices of indoctrination."
- Noam Chomsky
- Moonage Daydream
- Habitué
- Posts: 1855
- Joined: Tue Mar 20, 2012 12:41 pm
Re: An Awkward Hacking Attempt
Why do drunk frat boys put on brassieres in the first place if they have trouble getting them off? Is it a rite of passage?
- Midsize Jake
- Site Admin
- Posts: 9872
- Joined: Mon Mar 19, 2012 11:10 pm
- Wikipedia Review Member: Somey
Re: An Awkward Hacking Attempt
It's mutual assurance of trust. The initiate puts on the brassiere to show that he trusts the other frat boys not to put video of him wearing the brassiere on Youtube. Likewise, the other frat boys know they can trust him, because he's demonstrated his trust in them, and of course they wouldn't hesitate to put the video on Youtube if the initiate were to betray the frat in any way whatsoever. As for being unable to get the brassiere off, that's mostly due to the fact that frat boys are idiots.Moonage Daydream wrote:Why do drunk frat boys put on brassieres in the first place if they have trouble getting them off? Is it a rite of passage?
- Michaeldsuarez
- Habitué
- Posts: 1764
- Joined: Sun Mar 18, 2012 2:10 am
- Wikipedia User: Michaeldsuarez
- Wikipedia Review Member: Michaeldsuarez
- Location: New York, New York
Re: An Awkward Hacking Attempt
I wasn't saying that it was AGK. I was just telling turnedworm that he or she and Newyorkbrad aren't the only two Arbitrators who have posted here in the past.Triptych wrote:I read AGK was in Hong Kong at Wikimania 2013 living the high life on the charity's dime with Sue Gardner and Oliver Keyes, breaking only to cast the final "save Oliver" vote in his and Kiefer's arbitration. Wikimania ended Sunday, and AGK couldn't really have returned by yesterday (Monday) could he?Michaeldsuarez wrote:Newyorkbrad and you aren't the only Arbitrators here. I recall AGK posting here in this forums' early days. There might be more, but I don't recall. I'm not sure what evidence Zololf is basing his suspicions on (Email address from the account creation attempt?), but I find the idea that an Arbitrator would do this hard to believe.turnedworm wrote:I sent Zoloft the following PM when I first saw this post. Based on the further comments in this thread, i'll say it again here.
Given that NYB and I are the only two (to the best of my knowledge) sitting arbcom members who use Wikipediocracy...
Last edited by Michaeldsuarez on Tue Aug 13, 2013 5:00 pm, edited 1 time in total.
- Zoloft
- Trustee
- Posts: 13981
- Joined: Wed Mar 14, 2012 11:54 pm
- Wikipedia User: Stanistani
- Wikipedia Review Member: Zoloft
- Actual Name: William Burns
- Nom de plume: William Burns
- Location: San Diego
- Contact:
Re: An Awkward Hacking Attempt
The person involved has contacted us via our support email.
I will report more details here in a little while.
I will report more details here in a little while.
My avatar is sometimes indicative of my mood:
- Actual mug ◄
- Uncle Cornpone
- Zoloft bouncy pill-thing
- TungstenCarbide
- Habitué
- Posts: 2592
- Joined: Thu Apr 05, 2012 1:51 am
- Wikipedia User: TungstenCarbide
- Wikipedia Review Member: TungstenCarbide
Re: An Awkward Hacking Attempt
Hahaha ... true for most young men, not just frat boys.Midsize Jake wrote:... that's mostly due to the fact that frat boys are idiots.
Gone hiking. also, beware of women with crazy head gear and a dagger.
- Vigilant
- Sonny, I've got a whole theme park full of red delights for you.
- Posts: 31484
- Joined: Thu Mar 29, 2012 8:16 pm
- Wikipedia User: Vigilant
- Wikipedia Review Member: Vigilant
Re: An Awkward Hacking Attempt
Young?TungstenCarbide wrote:Hahaha ... true for most young men, not just frat boys.Midsize Jake wrote:... that's mostly due to the fact that frat boys are idiots.
Hello, John. John, hello. You're the one soul I would come up here to collect myself.
- Zoloft
- Trustee
- Posts: 13981
- Joined: Wed Mar 14, 2012 11:54 pm
- Wikipedia User: Stanistani
- Wikipedia Review Member: Zoloft
- Actual Name: William Burns
- Nom de plume: William Burns
- Location: San Diego
- Contact:
Re: An Awkward Hacking Attempt
The Arbitrator (no need to smudge him further) admitted to going to our server host, entering the domain name, and clicking on 'change password.'Hex wrote:That sounds like massive technology skills failure to me, rather than an attempt at hacking. Particularly because of the "named obviously as related to the old account".
The password change confirmation was sent to our admin email.
I can't see any reason to do that, but he claims he thought that was how you changed your forum password. He expected another dialog box asking for his account name.
Why didn't he just ask for help? Because he doesn't trust us.
I have given the member a new password and details on how to use the reset and password recovery features in the forum.
Because I do trust him.
Changing the topic title a bit to reflect reality.
My avatar is sometimes indicative of my mood:
- Actual mug ◄
- Uncle Cornpone
- Zoloft bouncy pill-thing
Re: An Awkward Hacking Attempt
Did you read him his Carmen Miranda rights first?Zoloft wrote: I have given the member a new password and details on how to use the reset and password recovery features in the forum.
Because I do trust him.
Seriously, though, it's another example with Wikipedia where you can't decide whether they are idiots first and douchebags second, or the other way around.
Re: An Awkward Hacking Attempt
Bravo to the arb for addressing this alarming matter head on. I don't know what the particular screen looked like, or how he happened to get there, but when one has sixteen windows open or whatever, and one's attention is distracted, it seems plausible enough to me.Zoloft wrote: The Arbitrator (no need to smudge him further) admitted to going to our server host, entering the domain name, and clicking on 'change password.' The password change confirmation was sent to our admin email. I can't see any reason to do that, but he claims he thought that was how you changed your forum password. He expected another dialog box asking for his account name.
Because he wasn't named, the arbitrator was not "smudged." Perhaps Arbcom generally was smudged, but how could one tell? It's a smudgery already.
Triptych. A Live Journal I have under other pseudonym, w. email address: Tim Song Fan. My Arbcom Accountability Project: in German. In art.
- Moonage Daydream
- Habitué
- Posts: 1855
- Joined: Tue Mar 20, 2012 12:41 pm
Re: An Awkward Hacking Attempt
Sounds plausible. Glad this got sorted out before it became messy.Zoloft wrote:The Arbitrator (no need to smudge him further) admitted to going to our server host, entering the domain name, and clicking on 'change password.'Hex wrote:That sounds like massive technology skills failure to me, rather than an attempt at hacking. Particularly because of the "named obviously as related to the old account".
The password change confirmation was sent to our admin email.
I can't see any reason to do that, but he claims he thought that was how you changed your forum password. He expected another dialog box asking for his account name.
Why didn't he just ask for help? Because he doesn't trust us.
I have given the member a new password and details on how to use the reset and password recovery features in the forum.
Because I do trust him.
Changing the topic title a bit to reflect reality.
- Captain Occam
- Gregarious
- Posts: 886
- Joined: Sun Nov 11, 2012 12:08 am
Re: An Awkward Hacking Attempt? Turns out, No.
Even now that we've learned this apparently wasn't malicious, I still think it might be beneficial for the Wikipedia community to know who it was, because not knowing how to reset one's password on a forum shows a lot of naivety about web-based software. By being trusted with the checkuser tool, and being given the responsibility to determine which account are and aren't sockpuppets, arbitrators are expected to have a certain level of technical knowledge. From what I've heard, making correct judgements using checkuser requires considerably more technical skill than resetting a forum password. If a member of ArbCom honestly didn't know how to do the latter, I think maybe the Wikipedia community should have the opportunity to make a judgement about whether the same person should be trusted to do the former.
- lilburne
- Habitué
- Posts: 4446
- Joined: Thu Mar 15, 2012 6:18 pm
- Wikipedia User: Nastytroll
- Wikipedia Review Member: Lilburne
Re: An Awkward Hacking Attempt? Turns out, No.
It takes a certain amount of technical nouse to track down a websites hosting service.
Last edited by lilburne on Tue Aug 13, 2013 9:25 pm, edited 2 times in total.
They have been inserting little memes in everybody's mind
So Google's shills can shriek there whenever they're inclined
So Google's shills can shriek there whenever they're inclined
Re: An Awkward Hacking Attempt? Turns out, No.
Bollocks.
No way anyone even halfway competant gets to the server host domain password reset page by accident. It would be difficult for a non techie to do it in ignorance. How did they find the page? Its hardly easy to find. There is no way anyone trusted with the technical tools and access to restricted info on enwp would make that mistake.
So yes, bollocks. Report it to the relevant authorities, forget about it after that. AGF does not mean you are blind and dumb.
-edit- I see lilburne pipped me to it. Remember quite a few people on this forum are far more than tech-literate, as an ex sysadmin, attacks on the server where you can identify the culprits are not tolerated. Seriously, they went with they thought they were changing their forum password? Pah!
No way anyone even halfway competant gets to the server host domain password reset page by accident. It would be difficult for a non techie to do it in ignorance. How did they find the page? Its hardly easy to find. There is no way anyone trusted with the technical tools and access to restricted info on enwp would make that mistake.
So yes, bollocks. Report it to the relevant authorities, forget about it after that. AGF does not mean you are blind and dumb.
-edit- I see lilburne pipped me to it. Remember quite a few people on this forum are far more than tech-literate, as an ex sysadmin, attacks on the server where you can identify the culprits are not tolerated. Seriously, they went with they thought they were changing their forum password? Pah!
Last edited by Anroth on Tue Aug 13, 2013 9:31 pm, edited 1 time in total.
- Midsize Jake
- Site Admin
- Posts: 9872
- Joined: Mon Mar 19, 2012 11:10 pm
- Wikipedia Review Member: Somey
Re: An Awkward Hacking Attempt? Turns out, No.
Not if you've been getting lots of e-mails from other Wikipedians that "helpfully suggest" who to contact when you want to file a spurious legal complaint...?lilburne wrote:It takes a certain amount of technical nounce to track down a websites hosting service.
- Peter Damian
- Habitué
- Posts: 4201
- Joined: Thu Mar 15, 2012 8:14 pm
- Wikipedia User: Peter Damian
- Wikipedia Review Member: Peter Damian
- Location: London
- Contact:
Re: An Awkward Hacking Attempt? Turns out, No.
The explanation was plausible to me at least. Putting in http://wikipediocracy.com/controlpanel redirects you here https://my.bluehost.com/cgi/account/cpanel?goto_uri=/ . The subdirectory 'controlpanel' is apparently standard on some other boards.Anroth wrote:Bollocks.
No way anyone even halfway competant gets to the server host domain password reset page by accident. It would be difficult for a non techie to do it in ignorance. How did they find the page? Its hardly easy to find. There is no way anyone trusted with the technical tools and access to restricted info on enwp would make that mistake.
So yes, bollocks. Report it to the relevant authorities, forget about it after that. AGF does not mean you are blind and dumb.
-edit- I see lilburne pipped me to it. Remember quite a few people on this forum are far more than tech-literate, as an ex sysadmin, attacks on the server where you can identify the culprits are not tolerated. Seriously, they went with they thought they were changing their forum password? Pah!
Perhaps it should have been clear at this point that they had reached the page of the host, not of the website, but perhaps they failed to notice due to stress at having lost the password.
If you then click ‘forgot password’ it takes you to this https://my.bluehost.com/cgi/forgot , which also identifies the page as belonging to the host, not the website. If you go any further (please don't as the moderators will be cross with me) it emails the administrator account at Wikipediocracy.
Last edited by Peter Damian on Tue Aug 13, 2013 9:31 pm, edited 1 time in total.
οὐκ ἀγαθὸν πολυκοιρανίη: εἷς κοίρανος ἔστω
- lilburne
- Habitué
- Posts: 4446
- Joined: Thu Mar 15, 2012 6:18 pm
- Wikipedia User: Nastytroll
- Wikipedia Review Member: Lilburne
Re: An Awkward Hacking Attempt? Turns out, No.
Hmmm cant see a reset password link next to login I'm trying to make. Search emails for hosting site, navigate through that to find link to reset another password. We should be glad he didn't go of and try to reset the root password for the internet.Midsize Jake wrote:Not if you've been getting lots of e-mails from other Wikipedians that "helpfully suggest" who to contact when you want to file a spurious legal complaint...?lilburne wrote:It takes a certain amount of technical nounce to track down a websites hosting service.
They have been inserting little memes in everybody's mind
So Google's shills can shriek there whenever they're inclined
So Google's shills can shriek there whenever they're inclined
Re: An Awkward Hacking Attempt? Turns out, No.
Still not buying it. Controlpanel is standard yes, but its standard for admin tools. Not user level. Also this is basically a stock forum, half the people here who have admin'd on similar forums could navigate it blindfolded.Peter Damian wrote:The explanation was plausible to me at least. Putting in http://wikipediocracy.com/controlpanel redirects you here https://my.bluehost.com/cgi/account/cpanel?goto_uri=/ . The subdirectory 'controlpanel' is apparently standard on some other boards.
- Moonage Daydream
- Habitué
- Posts: 1855
- Joined: Tue Mar 20, 2012 12:41 pm
Re: An Awkward Hacking Attempt? Turns out, No.
So they are technically competent enough to know that it was the hosting control panel but at the same time they are so technically incompetent they thought that they could "hack" the server by clicking a link? There was no harm done. They've offered a plausible explanation. Let's leave it there instead of making into something that it isn't.Anroth wrote:Still not buying it. Controlpanel is standard yes, but its standard for admin tools. Not user level. Also this is basically a stock forum, half the people here who have admin'd on similar forums could navigate it blindfolded.Peter Damian wrote:The explanation was plausible to me at least. Putting in http://wikipediocracy.com/controlpanel redirects you here https://my.bluehost.com/cgi/account/cpanel?goto_uri=/ . The subdirectory 'controlpanel' is apparently standard on some other boards.
Last edited by Moonage Daydream on Tue Aug 13, 2013 10:02 pm, edited 1 time in total.
- Zoloft
- Trustee
- Posts: 13981
- Joined: Wed Mar 14, 2012 11:54 pm
- Wikipedia User: Stanistani
- Wikipedia Review Member: Zoloft
- Actual Name: William Burns
- Nom de plume: William Burns
- Location: San Diego
- Contact:
Re: An Awkward Hacking Attempt? Turns out, No.
Once again, for people who need help with the forum or the blog or the wiki, our support is available at:
support @ wikipediocracy . com
Just remove the spaces.
support @ wikipediocracy . com
Just remove the spaces.
My avatar is sometimes indicative of my mood:
- Actual mug ◄
- Uncle Cornpone
- Zoloft bouncy pill-thing
- thekohser
- Majordomo
- Posts: 13406
- Joined: Thu Mar 15, 2012 5:07 pm
- Wikipedia User: Thekohser
- Wikipedia Review Member: thekohser
- Actual Name: Gregory Kohs
- Location: United States
- Contact:
Re: An Awkward Hacking Attempt? Turns out, No.
Yes, agreed. They forgot their password on a site where they are too afraid of contacting the hosts to get the password reset. Typical hare-brained, clumsy, doddering muckety-muck who is perfectly suited to arbitrate Wikipedia's most difficult user cases.Moonage Daydream wrote:They've offered a plausible explanation.
"...making nonsensical connections and culminating in feigned surprise, since 2006..."
- Zoloft
- Trustee
- Posts: 13981
- Joined: Wed Mar 14, 2012 11:54 pm
- Wikipedia User: Stanistani
- Wikipedia Review Member: Zoloft
- Actual Name: William Burns
- Nom de plume: William Burns
- Location: San Diego
- Contact:
Re: An Awkward Hacking Attempt? Turns out, No.
I think we're pretty much done here.
If you believe you need to add more, PM me.
If you believe you need to add more, PM me.
My avatar is sometimes indicative of my mood:
- Actual mug ◄
- Uncle Cornpone
- Zoloft bouncy pill-thing