who is stealing your grex account?

Feb 24 16:34 UTC 2007

My triludaa account has been jacked, erased, and mis-used by someone -- this
could happen to you, let us see how grex handles this security issue. 


It's long been know that grex has security holes left and right compounded
with this issue is Steve and his inability to fix them. Here we see a rampant
abuse of su to mask that nharmon (most likely)  has jacked my account with
or without staff support:

-------------------------------------------
triluda   ttypd    localhost                Tue Feb 20 20:55 - 20:57  (00:01)
triluda   ttypp    localhost                Tue Feb 20 09:02 - 09:16  (00:14)
triluda   ttypu                             Mon Feb 19 08:14 - 08:15  (00:01)
----------------------------------------------
triludaa  ttypu                             Mon Feb 19 08:16 - 08:18  (00:01)
----------------------------------------

More to the point we all know that Steve (in a shady way) gave richard my
password for my triluda account due to ./forward error (on my part). Instead
of closing the account he gave it and my info to richard which is silly and
bad practice.

The triluda account was inactive for well over the 3 months that accounts
should be reaped, however, it never was.

More importantly, someone on the Feb 19th, 2007 has hi-jacked my triludaa
account and erase all my files and emails. How they gained access to my
account i don't know. My .forward file was aimed at /dev/null (as it still
is) so that can.t be used as an excuse. However, it happened i can only assume
was not legal. I also know I did not endorse it.

I am not sure who did the account jacking, only staff will be able to peice
this together and return to me my triludaa account. 

If one were to guess who did it though,  i would have to tie it to nharmon
via this (party excerpt from 02-24-2007:

<nharmon laughs>
---- trig joining (Feb 24 09:59)
---- triludaa joining (Feb 24 10:00)
---- triludaa leaving (Feb 24 10:02)
---- triluda joining (Feb 24 10:02)
triluda:  Yes Ma'am
---- triluda leaving (Feb 24 10:02)
---- triludaa joining (Feb 24 10:03)
triludaa: That's my mama.
---- triludaa leaving (Feb 24 10:03)
---- nharmon leaving (Feb 24 10:03)
---- trig leaving (Feb 24 10:03)
---- nharmon joining (Feb 24 10:08)
---- nharmon leaving (Feb 24 10:29)
---- nharmon joining (Feb 24 10:29)

-----------------------

&& this last log from feb 19th and 20th  2007:

nharmon   ttypb    cblmdm72-241-38-5.buckeyecom.net Tue Feb 20 20:55 - 20:57
(00:01)
nharmon   ttypi    cblmdm72-241-38-5.buckeyecom.net Mon Feb 19 08:18 - 21:28
(1+13:09)
nharmon   ttypu    cblmdm72-241-38-5.buckeyecom.net Mon Feb 19 08:13 - 08:13
(00:00)

Now I can.t prove nharmon jacked my account, nor is it my job to do so, this
is the job of staff so lets get on it guys.

I would like my triludaa account returned to me, although there is no
accounting for my lost (deleted by whomever jacked the account) files or
emails the account should be returned to me and the user who jacked my
accounts should be banned from the system. OR at the very least lose their
account(s).

Also the triluda account should be either re-banned, returned to me, or set
to reap in the 3 month period.

Like me, hate me, or indifferent to me if you let these kinds of exploits go
unchecked it is only a matter of time before grex goes totally down the drain
with users getting their accounts jacked thusly losing all of their info via
a delete. 

response 2 of 15:

Feb 24 17:12 UTC 2007

See item 3 in Agora.

response 4 of 15:

Feb 24 17:44 UTC 2007

In what way did you use it last, three weeks ago?  It didn't update the
lastlog file, nor wtmp:

: grex 96; last triludaa
triludaa  ttypm    ukato.freeshell.ORG      Sat Feb 24 12:08 - 12:08  (00:00)
triludaa  ttypu                             Mon Feb 19 08:16 - 08:18  (00:01)
triludaa  ttypw    adsl-68-94-11-201.dsl.rcsntx.swbell.net Sun Nov 19 02:43 -
1) triludaa  ttypO    adsl-68-94-14-82.dsl.rcsntx.swbell.net Thu Oct 26 12:09 -
12) triludaa  ttyp9    adsl-68-94-14-82.dsl.rcsntx.swbell.net Thu Oct 26 12:07
- 12) ^C interrupted Mon Oct  9 18:53:46  : grex 97; 

response 6 of 15:

Feb 25 00:58 UTC 2007

Three accounts of interest were reaped on Feb 18: trilud, triluda, and
triludaa.  All for the same reason: "Not used for 90 days."

February 18, 2007, was the first reap since the migration to OpenBSD,
although some accounts have been removed individually in the interim.

I, too, am interested in your answer to cross's question.

response 8 of 15:

Mar 8 22:08 UTC 2007

re #0
Even with the pain in the ass that you are, I don't see anyone from
staff going about doing this, or helping with it.

FWIW, I don't think anyone would bother with expending the effort.

response 10 of 15:

Mar 16 03:03 UTC 2007

krokus, please, please for the love of God go fuck yourself, no one asked you
what your insight was on this, even though you got a quick easy chance to
insult, just go fuck yourself.

response 12 of 15:

Mar 20 10:18 UTC 2007

hahha, nharmon is being a total douche bag idiot over this. in short, fuck
you and your wife beating self.

response 14 of 15:

Apr 9 17:51 UTC 2007

whoa