Hi guys.
CPCpowers website is down due do some hackers screwing us.
Are some of you well skilled in website security?
Please contact Kukulcan if you're a specialist in Website security. :'(
This is most annoying. :'(
Don't you have any idea of how the intrussion happened?
An SQL injection maybe?
Indeed, more details would be interesting... :(
/me runs to take backup of site.
I got an email from Kukulcan saying that they decided to destroy all and rebuilt another version of the website with less options and simple interface.
I'm not sure if this means there will be less material or less stuff on the rebuild, though it could be a disaster if this site is going to be dictated by hackers. >:( Would it be worthwhile having a CD/DVD of the site available for purchase?
Oh my this is worrying indeed... I wonder if the 'minimal' redesign is indeed related to the hack?
Active Record: Preventing SQL Injection Attacks (http://www.youtube.com/watch?v=s4QxOxGL1tI#ws)
(http://imgs.xkcd.com/comics/exploits_of_a_mom.png)
Quote from: Gryzor on 10:51, 21 April 13
Oh my this is worrying indeed... I wonder if the 'minimal' redesign is indeed related to the hack?
Yes it appears to be due to the hack unfortunately. :(
God damn.
Don't know whether Kukulcan is good at english, but I'm sure some of you may be of good advices to him...
Also he need the support from all of us, even if only moral. :(
Reminds me when this strange guy demanded the whole database from CPCwiki for obscure reason... really strange...
Why would any asshole do that though? Still the db, ok, but why destroy the site? What a sociopath... :(
Internet is a real jungle, also i've heard some massive attack against Israel were performed recently...
They need Zobmies and places to proxi or whatever, so I guess any "fragile" server or website could be used as "anonymous" base to attack a company/megacorpo/country... or be targeted by rogue applications and malwares in the process.
Yeah, I played too much Cyberpunk2020 Roleplayings when younger.
I wish it is just a lonely asshole, babyhacker on steroid that could be tracked back and found...
If he's from the other side of the world or with a real agenda, few chances to get him.
If it's a real kid playing, I hope we can kick his ass IRL.
I suspect a speccy or C64 fanboy otherwise. ;D
Yes, but it doesn't make any sense to bring the site down; it doesn't pay, since corrective steps will be taken. You need to be invisible to use the box as a bot...
Perhaps it would be great to talk about it at 4chan?
I mean despite not being a "personnal army", 4chaners may be willing to help...
They don't always like when "anonymous" is doing shit like this.
But to request such "help" would need to do a proper infographic with the facts and stuffs...Sorry i'm not the best to do it as I know shit in website and hacks.
Important as CPC-power might be for us, I doubt 4-chan will place much interest in any of the many little sites that are hacked every day... :(
Well, depends but you are right too.
Also I guess something like 3-4 topics (perhaps even more) on the matter when opened at different parts of this forum.
I guess it would be nice to get them all into one unique to rule them all... ;)
Quote from: Gryzor on 18:50, 21 April 13
Why would any asshole do that though? Still the db, ok, but why destroy the site? What a sociopath... :(
I got the impression from his email that he sent to me, that it got to the point where he couldn't do anything with the site except delete it.
Why anyone would want to mess up the site in the first place beats me.
Yes, that's what I understood too, but it doesn't mean there's not an offline backup or something, that's what I meant.
Quote from: MacDeath on 18:54, 21 April 13
I suspect a speccy or C64 fanboy otherwise. ;D
Well that would be an all time low if it were them simply wanting to hack our websites. >:(
I'd guess someone from the CPC community before someone from the others, but that's far-fetched too.
Quote from: Gryzor on 08:04, 22 April 13
Yes, that's what I understood too, but it doesn't mean there's not an offline backup or something, that's what I meant.
I think the site was backed up, though I'm not totally sure, a site that large I'd just assumed was backed up. :-X
How often it was backed up (assuming it was :-X ), I don't know.
Quote from: Gryzor on 08:07, 22 April 13
I'd guess someone from the CPC community before someone from the others, but that's far-fetched too.
Seems monstrous that someone with an CPC would decide to undermine valued CPC resources. I'd probably stick that riddler Roger dude as a possible suspect.
Why, is that something that hasn't happened before, almost with disastrous effects? :D
Roger has nothing to do with it, how on earth did you figure that?
CPC-Power has some backups, so the content can't be lost like that.
(only the online is a problem actualy)
Well, that is something at least.
Quote from: Gryzor on 08:23, 22 April 13
Why, is that something that hasn't happened before, almost with disastrous effects? :D
Roger has nothing to do with it, how on earth did you figure that?
I figure that he likes to rip-off people with software, so what better way than to shut down the competition? I can speculate can't I? :-X
Quote from: AMSDOS on 09:13, 22 April 13
I figure that he likes to rip-off people with software, so what better way than to shut down the competition? I can speculate can't I? :-X
Are you talking about Roger Howett Sam Coupe 6mhz z80 split raster memory dos loader turbo plz help?
Quote from: McKlain on 12:46, 22 April 13
Are you talking about Roger Howett Sam Coupe 6mhz z80 split raster memory dos loader turbo plz help?
So it was you all along!!??!! McKlain is Roger Howett! :D
Bryce.
Quote from: McKlain on 12:46, 22 April 13
Are you talking about Roger Howett Sam Coupe 6mhz z80 split raster memory dos loader turbo plz help?
Well it doesn't have to
be them, if
you don't want. ;D
Quote from: AMSDOS on 08:05, 22 April 13Well that would be an all time low if it were them simply wanting to hack our websites. >:(
On behalf of the Commodore 64 community[1] i'd just like to say "feck off" - if C64 coders had hacked the site, it'd be
better than before with trainers and PAL/NTSC compatibility!!
Seriously though, as others have noted the odds are that the damage was done by someone who possibly isn't even
aware of the CPC wanting to leverage privileges in order to install malware or something like a fake bank login page for phishing. Some people can do this well, many more will screw the target site up in the process but none of them care as long as their scam runs for a few days.
[1] i have no authority to speak on behalf of the Commodore 64 community.
It wasn't a good idea to delete the content if you wanted to find out what happened - I wish I'd read this topic sooner now, to provide that warning. I work in software security, and although my area is binary analysis/reverse engineering rather than network/internet security, I could have asked someone to have a look at a dump. Having said that, chances are it was a known vulnerability that could have been avoided by keeping up to date with security patches.
Guys,
I just downloaded this: http://www.cpc-power.com/gamebasecpc/index.php?page=full (http://www.cpc-power.com/gamebasecpc/index.php?page=full)
It seems to be the V20 version of something calleds the Game Base CPC.
I have 3 questions now:
1) Is this the data which was on CPCpower?
2) Is there a way to download the last version, apparently V23?
3) Where are the installers? I don't want to browse this with Microsoft Access only.
Oh, to download V23 you'll need one of these: http://www.dcbnet.com/datasheet/v23sa.jpg (http://www.dcbnet.com/datasheet/v23sa.jpg)
It might take a while too, they weren't all that fast :D
Bryce.
:laugh:
Anyways it's a real shame what happened to CPCPower.
Any good alternative while they re-create the page, hopefully with enhanced security?
Quote from: cwpab on 14:36, 24 April 13
3) Where are the installers? I don't want to browse this with Microsoft Access only.
Here
GameBase - Universal Emulator frontend and Database Utility (http://www.bu22.com/)
I won't be able to use it if it's going to be like this. :'(
If the site was a FTP then that would work for me, cause then I could just go in, download stuff from the relevant section and add anything if necessarily & I think a FTP would be a lot more hassle for a hacker to hack.
Quote from: cwpab on 18:46, 24 April 13
Any good alternative while they re-create the page, hopefully with enhanced security?
You could try CPCrulez (http://cpcrulez.fr). It contains a huge amount of information and lots of magazine articles, but it can be a bit difficult to navigate and find what you're looking for!
If you want to download games, NVG is still up and running! ;) The full list of programs is available at the URL below:
ftp://ftp.nvg.ntnu.no/pub/cpc/00_index.html (http://ftp://ftp.nvg.ntnu.no/pub/cpc/00_index.html)
(don't know if said before). I've read this hint in amstrad.es: you can go to http://archive.org/web/web.php (http://archive.org/web/web.php) and write the name of the web cpc-power in the blank. It shows you different backups of the site.
(from cpcwiki too :D )
Quote from: Joss on 22:12, 25 April 13
(don't know if said before). I've read this hint in amstrad.es: you can go to http://archive.org/web/web.php (http://archive.org/web/web.php) and write the name of the web cpc-power in the blank. It shows you different backups of the site.
(from cpcwiki too :D )
This will help me with those type-ins, I cannot refine my search options, though at least I can download articles of type-ins. Do you know how long the archive will store that site for, or is it a permanent backup?
As far as I know, it's permanent. I've seen there some websites in wich I worked more than 10 years ago.
Unfortunately I was sadly mistaking. Archive doesn't capture the articles which were on CPC-Power. :'( By the looks of it, some of the stuff I thought I was already downloading, I already had, hence the confusion, so Archive will show the Type-ins, the articles it has for them and what's available.
Quote from: Nich on 19:50, 25 April 13
You could try CPCrulez (http://www.bbc.co.uk/programmes/b01rv4z1).
Try this (http://cpcrulez.fr/) if you're not looking for the BBC. ;D
Quote from: AMSDOS on 23:44, 25 April 13
Try this (http://cpcrulez.fr/) if you're not looking for the BBC. ;D
Oops! There's my taste in music revealed to everyone! :-[ I've fixed my post above - although the forum software still won't link to FTP sites properly. :(
Quote from: Nich on 19:52, 26 April 13
Oops! There's my taste in music revealed to everyone! :-[ I've fixed my post above - although the forum software still won't link to FTP sites properly. :(
Hmm, used to work fine for me when I was using IE, seemed to be an issue with the browser that was being used, so I'm not sure if this is gonna work from my Mac now.
ftp://ftp.nvg.ntnu.no/pub/cpc/00_index.html (ftp://ftp.nvg.ntnu.no/pub/cpc/00_index.html)
Kukulcan informs me he'll need a few weeks to make a comeback for the website. :D
@TMR: nice answer :) But yeah, I highly doubt it it was someone from another scene. If nothing else, I'm 100% that even if it was, it wouldn't be a 'scene' action but an individual one, so the discussion is moot anyway.
@Munchausen: who knows, maybe there's an offline backup, but these things tend to be extremely demoralising so, although I disagree with the deletion, I can see the reason...
I talked with Kukulcan.
He will put the game archive online again, but with less functionality.
So he will not use any SQL database or also no extensive php scripts / javascripts.
Hi DevilmarkusDid Kukulcan mention something about restoring links to individual pieces of software? ... otherwise we have a lot of rotten links on the Wiki! :( Regards,
Ygdrazil
Quote from: Devilmarkus on 13:33, 27 April 13
I talked with Kukulcan.
He will put the game archive online again, but with less functionality.
So he will not use any SQL database or also no extensive php scripts / javascripts.
Quote from: Ygdrazil on 13:20, 06 May 13
Hi Devilmarkus
Did Kukulcan mention something about restoring links to individual pieces of software? ... otherwise we have a lot of rotten links on the Wiki! :(
Regards,
Ygdrazil
That's a good point... damn.
Good question ;)
Perhaps you should ask him himself?
He's also registered here. So, best, send him a PM and ask.
I don't see him online, daily... But I'm sure, he reads a PM, when sent...?!?
When I meet him next time online I'll ask him, too.
Or mail him to:
k u k u l c a n 8 3 © g m a i l . c o m
Quote from: Ygdrazil on 13:20, 06 May 13Did Kukulcan mention something about restoring links to individual pieces of software? ... otherwise we have a lot of rotten links on the Wiki! :(
Of course, every link will remain the same, it's important for all the places linked to CPC-Power (CPCWiki, CPC Game Reviews, WOS, ...), Bruno has confirmed it since the first day that i spoke with him.
Excellent ;D
Regards,
Ygdrazil
Quote from: SyX on 15:29, 07 May 13
Of course, every link will remain the same, it's important for all the places linked to CPC-Power (CPCWiki, CPC Game Reviews, WOS, ...), Bruno has confirmed it since the first day that i spoke with him.
That's great indeed... hope he brings it back soon, I visited the site pretty often...
CPC-Power is up again
CPC-POWER, sauvegarde du patrimoine de l'Amstrad CPC (http://www.cpc-power.com/)
Quote from: Johnny Olsen on 13:33, 21 July 13
CPC-Power is up again
CPC-POWER, sauvegarde du patrimoine de l'Amstrad CPC (http://www.cpc-power.com/)
It looks better than the old site. :D
Quote from: AMSDOS on 04:01, 22 July 13
It looks better than the old site. :D
Yes! Right! :)
Is there a regular backup being done this time?
Bryce.
It's not a backup problem but a security problem on the website structure itself.
The previous version can be restored each time, but can be hacked again and again.
The new website was fully rewritten to minimize that, using different technologies.
And the database continued to be improved when it was down. (more than 10000 entries now)
At first I was like
[attach=2]
...but then I saw how many moves it takes to finish Overkoban. I'm depressed now, thanks to you.