I may never understand why people have reasons for sending crap in the first place... perhaps they seek revenge on others for no reason. Meanwhile, I can't even tell if movies are malicious like this or not because NOTHINGS LOADING RIGHT NOW FOR ME!!!

whovever posted that is a n00b

At 1/18/04 09:10 PM, _the_face_and_I_ wrote: I may never understand why people have reasons for sending crap in the first place... perhaps they seek revenge on others for no reason. Meanwhile, I can't even tell if movies are malicious like this or not because NOTHINGS LOADING RIGHT NOW FOR ME!!!

Its because they F***IN SUCK! Only people who F***IN SUCK would do this because maybe everyone knows theyre assholes! Or their crap got blammed and they couldnt admitt that it sucked. Or they just wanted wanted to see how bad people would freak out without their newgrounds for a day. Well people ARE freakin out. All I ever wanted was to make it to level 4 and get that dumb little band around my wrist. *sniff* its not fair...i only had 10 more points to go :(

This are bad to us and this make me angry like Richard Kiel in Total Recall!!!

Thnak you Wade. I finally got my account back. SodaClock(my 'other' name) suck.

At 1/19/04 01:37 AM, daft_guy wrote: Thnak you Wade. I finally got my account back. SodaClock(my 'other' name) suck.

Damn, I was so happy that I mispelled my 'thank'. Ok. Thank you again Wade.

Just an idea, and i bet alot of ppl have beaten me too it, but i rekon it would be smart for anyone with there account accessed or stolen to post their new/old username on the bbs boards. That way others can watch out for reveiws and such written by these ppl - so we know its a fake and the apropriate measures can be taken. If we know who to look out for - we can fix it 1 screwball at a time, and correct others accounts (if we know the new username, we can delete reviews written by the imposters, and sumhow (dont ask me) fix the imposter voting) This probably dont make any sense, but i rekon it will help.

If Ive got the wrong idea of whats happening, or the idea has been tried/found faulty - just ignore this post.

Newgrounds got hacked, huh?

Based on the "tribute" I saw, it looks like it takes advantage of a scripting-like extension that Unix/Linux systems use, where if the first line is a BASH shell comment, whatever follows #! is treated as a path to a program that is meant to do something with the file.

You'll see a lot of these under Linux that have #!/bin/bash in them or #!/usr/local/bin/perl in them, that are shell and Perl scripts respectively.

Then again the guy who made the "tribute" may have been guessing....

BTW, I may be able to help because of a webbot I wrote several months earlier that monitors the Newgrounds flash portal... I may be able to dig up the offending .SWF files. I recall some days earlier playing some flash movies my webbot obtained that caused my copy of Macromedia's standalone Flash player to become unresponsive (by which I mean it hung for 30 seconds and then said something about ActionScript). I'm on AIM!

On closer examination of the tribute Flash the text shown in the tribute was just a bunch of random text to look like code... gotta avoid jumping to conclusions...

I would also like to point out that my webbot only takes a snapshot of the flash movie when it is first uploaded (typically the bot finds it within 1-2 minutes---thank god for DSL) before proceeding to wait for another submission to appear. If the bastard changed it after that I might not have the .SWF that did this.

But I'm looking into my webbot's storage folders nonetheless...

#145751 - "beaners suck rule": looks like it might be a .FLA or Word document
#145752 - "good very good": same as #145751

At 1/18/04 02:24 PM, DuelMasterP wrote:

At 1/17/04 09:26 PM, WadeFulp wrote: We recently had some entries submitted to the Portal that have been changing the user info of any logged in user who views them.

Those sad bastards! Don't they have anything better to do? You banned thier ip's right? What if the friggin point any way? I can't see what they hope to accomplish!

Testify.

Some people in this post mentioned the "ALIEN HOMNID PREVIEW!11!" movie as suspect, right? All my webbot has for that is a flash movie with "VOTE 5 FOR PR0N!" and *cringe* Tricky The Clown.

#145787 - "dont watch this it is a t" is (according to my webbot's snapshot) an incomplete movie about a snowman

I don't seem to have it, he/she must have uploaded the malicious SWF or whatever after the judgement phase (which my webbot doesn't track). Sorry. I say "SWF or whatever" because I've already found (using the webbot) plenty of portal submissions that AREN'T flash! Most of them are just .FLA files uploaded by n00bs and others are text files with insulting messages (there's one I found in the 20000-80000 range that's actually an .MPG file if I remember correctly). So, anything can slip into the portal this way.

Perhaps one line of defense would be to modify the SWF uploading logic a bit so that it takes the file and puts it in a harmless location (e.g. some temporary folder with no 'execute' permissions), then examines the file to make sure it's a flash movie and not something else. A simple test could be implemented now to differentiate .FLA from .SWF or .TXT or .MPG: read the first three characters. If it doesn't read as ASCII "SWF" or "CWF" (case is important!) reject the file and don't put it in the portal. This will also avoid allowing anything with "#!" in the portal since accessing that causes a program (script author's choice, perhaps #!/bin/perl) to run and cause potential havoc (a Linux feature apparently). You might provide a friendly error message if the script doesn't recognize the movie as worthy :).

Macromedia makes the Flash file format specification available on their website (just sign up as a developer and download it), so deeper analysis of the .SWF file might be possible. For example, the script could analyze the .SWF and look for Actionscript that auto-spawns popups (Macromedia clearly defines what and where the Actionscript is stored). You could also write the script to reject files that are corrupted or incomplete. Just a suggestion but it might make the Portal a safer place :)

OMG sorry!

I got it wrong! The ASCII signature at the beginning of .SWF files is either "FWS" (SWF backwards, all Flash movies that aren't compressed) or "CWS" (compressed SWF, Flash MX and beyond).

Modify the uploading logic to check for this signature and reject if it's not there, and you'll keep a lot of potentially malicious non-Flash out of the portal.

In response to this evil bird thing why are you not just blowing the whistle on his pointless films?

At 1/19/04 07:18 AM, chakaflange wrote: In response to this evil bird thing why are you not just blowing the whistle on his pointless films?

Some people do, but one got protected really quickly (it's either auto-voting or mass voting).
The following have submitted those evil bird flashes: X2Cube, Evilbird, pacifiestar, Cheeezoid, AbrahamLincoln (hope that's spelt right) and MR_ANTENNA.

At 1/19/04 07:18 AM, chakaflange wrote: In response to this evil bird thing why are you not just blowing the whistle on his pointless films?

He makes new accounts, so there is no way to tell if it's him submitting something new. So there WILL be people that are effected by it no matter what. They are trying to stop it from happening in the future so no one will be effected. Even if enough people could somehow guess that a movie was submitted by him and blow the whistle, there will still be a few clueless people that will be effected.

kick whoever did it kick there asses i learn to be a hacker just to destroy ther comp

At 1/19/04 07:18 AM, chakaflange wrote: In response to this evil bird thing why are you not just blowing the whistle on his pointless films?

Because I'm not always there 24/7 to do that (I like Newgrounds and all but I have a social life too you know!)

Aww crap. Damn trolls.

this was eventually going to happen to ng, but shit, i know, it sucks, this blows the legs right off of saddam.

Is this the end of NG???? PLEASE GOD NO. I WOULD DIE!!

In the mean time we have extensive logging in place so we can track down the offenders and bring them to justice if they continue submitting these malicious entries.

good that dumbass should burn in hell. i had to go without newgrounds for a whole weekend

omg! are u gonna be ok!?

a whole weekend with no NG?! holy shit.

haha.. you are all so computer dependent.

just out of total curiousity, what kind of moron would do something like this?
they must have no life or have way too much free time on their hands. if they want to mess up a site, don't do it to newgrounds. i mean, come on, NG is the best. do it to some crap site or something

I hope that none of that stuff Effects my Profile, I have put a lot of Effort into everything I've done here on Newgrounds.

lets stop those sons-a-bitches

good to know this...i have been leaving my gold account window open throughout my voting and reviewing process...people are idiots...if you dont like the site then find something else to do...

i hope this shit dosent mess up the site that much. its just a site
but its like one of the most frequently visited and popular sites.