[an0n]

Got any?

PHP version, MySQL version, bandwidth usage, space usage?

There used to be a phpinfo file some fool left on from the forum installation, but that's apparently been removed.

[Styxx]

Ha ha.

[an0n]

Yes, yes - it's all fun and games till I have to poke out somebody's eye.

It's not like I can't find out. It's just a pain in the ass for me to do so and thus infintely more likely to make me Hulk-angry.

[Fury]

At least this time we know who's behind next downtime...

[an0n]

Thanks to a small bug in ProFTPd 1.2.10 (upon which GS operates) it's possible to determine valid and invalid usernames.

Now, the fix that's out is described as a "band aid" and, being professionals, I doubt the GS admins would be inclined to slap a half-assed patch onto the server.

So, knowing valid usernames, it may be possible to simply brute-force into the FTP using a dictionary list of popular gamer words and phrases and a sequential number inserter.

And given the general ignorance of site-admins like Virtu, it wouldn't take long to get a bite and onto the server even using a relatively slow attempt frequency across the various valid usernames (IE, without sending up red flags).

From there it's just a case of uploading the server info php file that comes with vBulletin and going to the URL with a browser.


This is all based on a glance at the bug info, mind.