We recently had some entries submitted to the Portal that have been changing the user info of any logged in user who views them. This is very bad and we will have this problem fixed soon. Until we announce things are safe we recommend all users log out of their accounts before viewing new portal entries. After you watch it and close the window you can log in and then place your vote.

If your account was over taken it was probably renamed to "idiot" followed by some numbers. However, someone may have logged into your account since it was changed to info they knew and changed the name. If your account has vanished you can search NG for your reviews, portal submissions, bbs post. If you find something you posted, submitted, etc, view the profile and copy the user ID, username, etc, and email me as much info as possible! Include your previous username. The more info you can give me the better. Email: wade@newgrounds.com

We apologize for this security breech and we are taking steps to make sure this never happens again. In the mean time we have extensive logging in place so we can track down the offenders and bring them to justice if they continue submitting these malicious entries.

At 1/17/04 09:26 PM, WadeFulp wrote: We recently had some entries submitted to the Portal that have been changing the user info of any logged in user who views them. This is very bad and we will have this problem fixed soon. Until we announce things are safe we recommend all users log out of their accounts before viewing new portal entries. After you watch it and close the window you can log in and then place your vote.

That's exactly what I advised people do, but I wasn't positive it would work perfectly. Thanks for confirming that's a good method.

If your account was over taken it was probably renamed to "idiot" followed by some numbers. However, someone may have logged into your account since it was changed to info they knew and changed the name. If your account has vanished you can search NG for your reviews, portal submissions, bbs post. If you find one email me with the username that you see associated with it and I will take it from there.

Probably even better if they send you the user ID as well. Some of these assholes are renaming the account several times, and it could change by the time you get the mail about it.

We apologize for this security breech and we are taking steps to make sure this never happens again. In the mean time we have extensive logging in place so we can track down the offenders and bring them to justice if they continue submitting these malicious entries.

Great!

There's also been a ton of Evil Bird entries that don't do anything THAT malicious, but end up getting protected with way-too-high scores and twice as many votes as views. Malicious, but to a lesser degree than the one that changed all those usernames and passwords.

Ohhhhhhh MAN

Awww this is just sick SHIT those bad users are damaging NG.

Hey Wade, Man why dont these people are brought to justice with there accounts being deleted and if he doesnt use AOL also block his IP. It sucks when a user poops on NG with his sick Submission. And it specially outrages me.

Now we have to log out first, then close the window and then login then vote. This has added two more steps before voting!

Holy shit...
Who would be stupid enough to do this? Is it just me or as of late, Newgrounds has been invaded by morons posting malicious animations in the portal ? Wade, if you ever find the motherfucker, just sue his little hacker ass off, he deserves it!

At 1/17/04 09:34 PM, gfoxcook wrote: There's also been a ton of Evil Bird entries that don't do anything THAT malicious, but end up getting protected with way-too-high scores and twice as many votes as views.

Exactly Wade. There is a lot of talk about That EvilBird submission. And the submission has nothing but a face. That's it. STRICT MEASURES are to be taken Wade. Or else it poses a threat to Boat of NG. Please do so, I request!

Very Spooky. Especially Considering that several recent Movies I have seen have been reviewed by someone claiming their account had been stolen.

The last movie I have reviewed - A tutorial on Flash MX - is now a weird clock movie called "Spade & Chrono Clock". Initially, I thought my account had been hacked and reviews switched around or something I had a look at the reviews and one User reviews"AHHHH How could you steal my account!? ARGGGGHHHH!! After looking at the other reviews, it did dawn on me that the author swapped her submission with another, yet it still seems a bit strange.

So in summary, i'm not sure whether it's a matter of time before my account is hacked...

That makes me happy. Hope it is done soon.

GREAT!!! luckily nothing like this happened to me. but how can ppl do that? it porves that the security needs to be improved. good thing the problem is being fixed.

Those people suck.

this truely sucks
wade
but these guys can kiss my ass goodbye
cause they be in trouble now

damn this sucks......the only way my unitelegent mind can come up with to stop this is make a portion of ur servers auto-view submissions b4 they are viewable to the public.....and im sure theres a way u can make it detect specific kinds of scripts i mean my macafee can do it to webpages(unfortunatly not flash tho......)and there has to be a way to pin or register the ip of the person submitting suff to the portal onto their submissions that way if it is malicous then u can ban them.....

and on a side note why the HELL ISNT EVILBIRD BANNED? i sent in a screenshot(i cant convert it to jpeg or gif so i cant post it here and it's kinda big)of his entry with over 1k votes and only 700+ views.......like i said i think ng's needs some new stuff like actual safety features......my idea of the auto-view might be a bad idea because it will slow down ng's alot and cause errors but im sure this wont deture(i think i misspelled that)us ng's fans from spending 3/4's(or more) of our lives here

This could get REALLY crappy, or maybe we're just over reacting. Specially for the authors with lots of content in NG. Everyday i see the all the stuff wade, lil jim, and tom go through and wonder...
"Why do these guys do all this stuff for free?!"
I mean seriously guys terrific work, there could be 50 malicious movies updated daily, but that wouldn't stop you would it?
Keep up the good work and catch those asshole's!

ok suggestion to ng's fans....

in ur profile(right-click view properties)there is an id number like all the submissions have u should probable all go look at that and write it down because i dont think that number can change and that way wade can get ur acct back faster(i think)

oh and i just realized that u CAN change ur name.....ok kewl i got some ideas for a new name cuz esplinthevampire doesnt sound that kewl.....

Good idea, Esplin.

At 1/17/04 10:56 PM, Rector wrote: Good idea, Esplin.

see the idea i had is a gewd one....once i learn how to make programs like the one i discribes i wanna do that for a living.....but first i must beat the california high skewl system and take the new proficiency exam to skip it all!!!!!!!

oh and i have a new idea for the voting system.....make the links to vote on a submission into pictures of numbers that computers cant see (like the free site makers have....) and make the numbers apear in random order and throw in one or two fake numbers(that you can see are not part of the voting system) that way we can stop this auto-voting thing dead without having to make ppl do anything extra!!!!!!!!!!!!!!!!!!!

ima genious (or im insane and taling to myself to much.....)

i blammed that movie can i get my point for my blam lol

that sucks really it does some scumbag did that
i also hate those auto voting movies that sucks espally when its a sucky movie

how the hell doe people do that shit and think they wont get caught??

i flagged one of evilbirds movies yesterday (that divine intervention bullshit) and he is still here. WTF happend? has he been making a lot of acounts and has not been banned? that divine intervention 2 thing is just a decompield version of the first one (or he got the FLA of it) well anyway, its nice how after the flow of bullshit, this site is still free. this is the best site there is in my opinion. through the outwar and geocities sites, maliciousness, apamming, i would have given up and sold the site by now...

At 1/17/04 09:26 PM, WadeFulp wrote: We recently had some entries submitted to the Portal that have been changing the user info of any logged in user who views them. This is very bad and we will have this problem fixed soon. Until we announce things are safe we recommend all users log out of their accounts before viewing new portal entries. After you watch it and close the window you can log in and then place your vote.

I have this feeling there may be a group of people who are doing this, I remember last week there was another breech with malicious submisions...perhaps you should log the IP of whoever logs into their account so you can spot hackers when the get into an account. They'd have a different IP and if anything was changed maliciously, you can block their IP (am I correct?)
I hope you guys can find a way to lower these threats...

At 1/17/04 11:20 PM, ReD-VII wrote: i flagged one of evilbirds movies yesterday (that divine intervention bullshit) and he is still here. WTF happend? has he been making a lot of acounts and has not been banned? that divine intervention 2 thing is just a decompield version of the first one (or he got the FLA of it) well anyway, its nice how after the flow of bullshit, this site is still free. this is the best site there is in my opinion. through the outwar and geocities sites, maliciousness, apamming, i would have given up and sold the site by now...

with a site as succesful as this don't be surprised if somebody does something stupid like hacking, doing staff imitations, making malicious submissions, ect... It's the flow of an extremely popular site's lifeline. There are always those few very jealous people who wuold go as far as hacking the site and such.
btw, if you look in the temporary inter net files folder in the WINDOWS folder in drive C, you can look at any flash movies you've watched within a day of seeing it on the net. Also goes for ads, pictures, music, ect. Basically, he just submitted the file in the temporary internet files.
Aside from that, thanks for clearing up al the errors Tom+Wade!

wtf is there problem its not like they acomplish anything yay they get to tell there hacker buddies they changed a name to idiot omg im amasing fuck em isnt there a way to find there accounts unless they decided to go out with a bang before leaving ng

good luck hope it gets fixed

So whos doing this anyway?

hmmm, never noticed that. i guess then i'll have to keep an eye out for my account.

I believe that those security holes are called CSRF (cross-site request forgeries).

I do not know what is the exact type of CSRF vulnerability NG has, but here are some general ideas on preventing CSRF attacks.

1. Use POST instead of GET.

2. Set servers to check for referrer information

3. Use server-generated session IDs to make sure the query request is valid.

I hope this helds.

I HAVE AN IDEA!
"Blammers WE NEED YOU to blam all the crap from Evilbird!"
That's right...YOU!
Anyway, so he's just going to keep posting shit even thought its through multiple accounts, well so be it!
There's one thing blammers are good at,
AND THAT'S BLAMMING! :P
So find yourself some good use, turn on some country music, get some cooler ranch doritos and sit on you chair like a psycho waiting to get that dude's crap before it gets you! It's the obvious way to stop the guy RIGHT?! Still i think this could cause so much bullshit as i said before author's that are hosting they're flash in NG will probably be very, VERY mad. Apart from that it could also cause trouble as some people reviewing movies and saying they're malicious even thought they're not, and other people blamming it. Maybe im just stating the obvious again.

my account, formerly ColombianDrugLord, got ninja'ed by the bastard. they changed the name to synj_hax0red. the id is 166655. luckily I have this backup.

what are we supposed to do about getting our accounts back?

sorry for the double post, but I forgot to mention that it was some Flash tutorial by everblayde that I had last viewed before my account was taken. I was writing a review for it and when I went to submit, it said my account didn't exist. I thought Wade had banned me and was going to write a "WTF?" email when I noticed this update : )

hope that helps.

Ok, thanks for the heads up.

Man this is just weird now.Hope Wade catches the idiot that started this.I never really trusted those new flash movies.man seems like Newgrounds is being attack by a bunch of idoits, someobody save NEWGROUNDS!

just did some research of my own, it's probably the submission directly UNDER everblayde's RPG tutorial (currently called "Alien Homnid Preview!11!" or something like that) submitted by n00b_101 user-id 724786. The submission was marked already, so just look out for other shit by him. EvilBird also has something with a 4.34/5.00, pretty funny, he's a little bitch too. Wonder if it's the same guy?

At 1/18/04 12:11 AM, Magikoopa wrote: my account, formerly ColombianDrugLord, got ninja'ed by the bastard. they changed the name to synj_hax0red. the id is 166655. luckily I have this backup.

what are we supposed to do about getting our accounts back?

EMAIL ME YOUR INFO!!!