Vorenus 0 Posted December 23, 2016 RWI is growing and growing. Sooner or later all sites that causes eeven a tiny blip on the radar is subject for some sort of attack. Sux giant balls but thats Interwebs for ya. I just hope my default home get online soon. Personally I dont think the attack had any connection to our hobby at all. Im positive that the larger Swiss watch companies had nothing to do with but then again one has been surpricsed before.... See ya all on RWI soon guys <3 Share this post Link to post
BenjaminButton 149 Posted December 23, 2016 Fucking fuckers fuck fuck whole fucking day. So fucking eloquent. No fecking fecker can fuck a fuck like Sir Onze. Merry mother fucking Christmas one and all. God bless ye merry gentlemen........ Share this post Link to post
GenTLe 1,497 Posted December 23, 2016 God that means idiots like twatdog may be coming here while it's down You still whining Dumb Fucking Qunt ? God that means idiots like twatdog may be coming here while it's down Bring it on - I have a proper man crush on fuckdog. Your balls seem to be so much bigger on this forum than RWI . . . Share this post Link to post
trailboss99 994 Posted December 23, 2016 Oke just for the sake of clarification. Archive.org for getting old site information: https://web-beta.arc...ica-watch.info/ The Forum software is running on the folowing vBulletin version: Powered by vBulletin® Version 4.2.3 Beta 4 Which dates from Wed 2nd Jul 2014, 10:01am and is never updated by the administrator of Replica-Watch.info. https://www.vbulleti...-4-is-available Oke, now whe have the folowing information: vBulletin® Version 4.2.3 Beta 4 (very old) Lets look for SQL injection exploits on vBulletin > YEH! found one on vBulletin 4.2.3 and lower... this includes version 4.2.3 Beta 4 https://www.exploit-...exploits/40751/ https://enumerated.w...m/2016/07/11/1/ With this information whe are now able to do the folowing: SELECT, UPDATE and REMOVE all database objects from the www.replica-watch.info database. This also includes extracting all userinformation Username, encrypted password+salt, emailaddress, etc... So guys: CHANGE YOUR PASSWORDS ON ALL SITES U USE THIS PASSWORD.... (preferably use RANDOM PASSWORDS on every site) For the administrator: If you updated your forum software this could have been all been prevented.... probably.... Latest version: vBulletin 4.2.3 Patch Level 2 (Mon 1st Aug 2016, 5:16pm) https://www.vbulleti...-2-3-4-2-4-beta I collected all this information wihtin 5 minutes using historical and public information only.... So no wild goose chases or conspiracy theories. Actually that info is wrong, I'm not sure how but its wrong. No doubt DR3M3L can tell you how. As for passwords no data bases were touched and it wouldn't matter anyway since passwords have extra encryption, no one got 'em. As for those who believe that the gen makers had anything to do with this . . . Share this post Link to post
SamsonAusKognito 31 Posted December 23, 2016 I hope it's back up soon That's what she said. A classic onze Share this post Link to post
dfq23 126 Posted December 23, 2016 God that means idiots like twatdog may be coming here while it's down You still whining Dumb Fucking Qunt ? God that means idiots like twatdog may be coming here while it's down Bring it on - I have a proper man crush on fuckdog. Your balls seem to be so much bigger on this forum than RWI . . . Welcome to RWG fuckdog the home of DFQ and friends. After your pseudo mod activities on RWI accusing DFQ of trying to profiteer on his sales...... my thoughts about you are you can royally feck off. My balls are average size. But I definitely have more of a potty mouth this side of the replica sea. RWI is a place for minding ones p's and q's RWG is not. It's all theatre darling so don't take it to heart dear. I think dfq gets kickbacks from retailers... fucking shill Kidding rofl Not so many now Ali is rep free.... Share this post Link to post
greg_r 81 Posted December 23, 2016 Gotta say that the level of cluelessness in this thread is exceeding my already high expectations. Share this post Link to post
FiloViridae 0 Posted December 23, 2016 Thing is guys, no one else did get hit. My belief is that the idea was to destroy our google ranking and various trust ratings by having us spew spam. That has so much longer lasting an effect than just taking the place down for a few days (and they could have). The adverts are not legit, companies like Bet365 do not use spam advertising tactics. I just did some research on it, and it looks we were the only one hit that I can tell.. Crazy shit. I wonder what the motive behind the person(s) was, besides this.. I mean, i'm not sure if it was a person, we have this crazy hacking computer at Columbia.. But, no matter. You guys got it under control. Good luck Boss Very interesting theories.... where can I send money to to help support the research of these trheories. Ay, I got a research grant you put it into! I promise, it'll go to good things, like science, reps, science, more science, vacation, etc! Minimum is $5000 though.. Share this post Link to post
voxxx 0 Posted December 23, 2016 As the Mafia guys would say "nothing personal ..it's just business". The people responsible for the hack are only looking to enrich their pockets ... the sites being re-directed to weren't pulled out of their ass. Much like magazine subscriptions , the more hits you can generate to X sites, the more your service is a valuable commodity. It's a glorified click-bait scheme hidden layers deep inside the WWW. Share this post Link to post
sobaje 0 Posted December 23, 2016 (edited) The question here what they really got with the hack...we know that there are few dealers mods etc etc that operate via PM....did the intruders got access to that ..... Edited December 23, 2016 by sobaje Share this post Link to post
kdo2milger 0 Posted December 23, 2016 It was one of the disgruntled mates that was thrown into the brigg lol Share this post Link to post
jms2016 0 Posted December 23, 2016 (edited) Imo alot of "hacking" (lol) groups go around looking specifically for sites with an exploit like this and just launch an attack because they can. It's a lot more common than you would expect. Especially if it's something as big as RWI just having that large of a target with an exploitable hole will attract unsavories who have nothing better to do. My point being, it may not have been anyone even associated with the watch world at all. Rep or otherwise. It may not have even been anything personal with RWI. It could simply just be one of the thousands of "hacker" groups (really just script kiddies and exploiters) who just lucked out on finding a big target and these dumb groups swarm pretty hard. Again this is more common than you know . Edited December 23, 2016 by jms2016 Share this post Link to post
andyboy 5 Posted December 23, 2016 No conspiracy theory TB just thought he would give himself and the rest of the RWI staff an extended Christmas holiday. Greg_r is going to do the same for us next year Share this post Link to post
yllekp 1,684 Posted December 23, 2016 No conspiracy theory TB just thought he would give himself and the rest of the RWI staff an extended Christmas holiday. Greg_r is going to do the same for us next year Damn the cover is blown. You were not supposed to tell anyone. Share this post Link to post
GhostInTheFog 0 Posted December 24, 2016 It was Putin, of course. Didn't you guys see what he did to Hillary? What about the "angry white men" that Bill Clinton spoke of? Like Bernie Sanders? Share this post Link to post
paristoto 0 Posted December 24, 2016 I can't wait for the day when you realized you fucked up... Merry Xmas Share this post Link to post
timesshopnet 0 Posted December 24, 2016 I believe this isn't a targeted attack, but instead simply a vulnerability with Tapatalk being exploited on a larger scale. The attack hasn't actually shut down the site, but instead has injected ads into the site, which brings in revenue to the owner of these ads. I can guarantee that other sites have been infected in a similar way to allow for more of these ads to be shown to a wide range of users, which creates a revenue stream for the person behind the attack. If this was a targeted attack against RWI, this group would have easily been able to shut the site down, due to them already having access to the underlying code base, but instead they chose to simply inject ads to create revenue. From how things went, it appears as if they found a vulnerability in RWI and other sites with similar backend setups, and created an automated process to inject these ads into the code base, meaning the people behind this most likely never even accessed the site themselves, and instead had their automated 'bot' take care of injecting the ads. So to reiterate the above into: This doesn't look like a targeted attack specifically in RWI, but instead a wide range attack to sites with the same vulnerabilities to allow for a revenue stream of whoever is behind this. yes. i believe this is the real reason. Our website since the attack, use iphone to open our web site often appear a lot of advertising, do not know where to come from. Share this post Link to post
Carlytoss 0 Posted December 24, 2016 Robots automatically search for vulnerabilities and exploit them when found. It was either a hole in Tapatalk, or a hole in the forum software and affected many running the same configurations. Don't take it personal. B Here we have someone who knows what he's talking about. Pure and random attack, it's that simple. Share this post Link to post
Stilian 0 Posted December 24, 2016 I think that it is random as well. If the swiss watch industry wanted to do a damage I think it would have happend earlier. Share this post Link to post
JohnG 41 Posted December 24, 2016 I haven´t read the whole thread, has anyone mentioned other forums? Because this reeks of Homage Forum. They took down Wristcheck.com and Fakey´s site too, so I would be looking hard at them. Of course, they couldn´t have done it without help from the Spartans. At least, that´s what Breitbart news is saying. . Share this post Link to post
onzenuub 305 Posted December 24, 2016 I haven´t read the whole thread, has anyone mentioned other forums? Because this reeks of Homage Forum. They took down Wristcheck.com and Fakey´s site too, so I would be looking hard at them. Of course, they couldn´t have done it without help from the Spartans. At least, that´s what Breitbart news is saying. . Cann't you fucking read fucker? http://www.rwg.bz/board/index.php?showtopic=126043&hl=&fromsearch=1 Share this post Link to post
JohnG 41 Posted December 24, 2016 I haven´t read the whole thread, has anyone mentioned other forums? Because this reeks of Homage Forum. They took down Wristcheck.com and Fakey´s site too, so I would be looking hard at them. Of course, they couldn´t have done it without help from the Spartans. At least, that´s what Breitbart news is saying. . Cann't you fucking read fucker? http://www.rwg.bz/bo...l=&fromsearch=1 You are saying WE hacked them to steal their grand total of 1,000 members? A bit extreme for such a tiny reward, no? . Share this post Link to post
onzenuub 305 Posted December 24, 2016 I haven´t read the whole thread, has anyone mentioned other forums? Because this reeks of Homage Forum. They took down Wristcheck.com and Fakey´s site too, so I would be looking hard at them. Of course, they couldn´t have done it without help from the Spartans. At least, that´s what Breitbart news is saying. . Cann't you fucking read fucker? http://www.rwg.bz/bo...l=&fromsearch=1 You are saying WE hacked them to steal their grand total of 1,000 members? A bit extreme for such a tiny reward, no? . No. Share this post Link to post