Hi. I want to know how to gain access to a forum that is password protected, where access is granted by the administrator. The administrator is a very immature 2*-year-old woman that my 44-year-old husband and father of * (I am younger than he is) has become involved with. I do not want to interfere with the forum; I only want to read what she is posting to see whether he is "giving away the farm" and what his intentions are.

I tried to apply for access, going through anonymouse to disguise my IP, but access is only granted to "well-known members of the My Little Pony" community. (I told you that she was immature. :( )

Anyone able to help? I just want to make sure my kids are safe and that my family remains financially secure.

Sorry I should have read the "banned" thread first. Apparently you don't take kindly to requests such as this. Maybe you could point me in the right direction to look?

Can you post the link to this forum? Maybe it's running on a vulnerable version of the software used to create it.

Also, does the forum allow many guesses on the password (*0 or more)? Then you can try using a program to bruteforce the login, because it's most likely a word from the dictionary.

The forum is called www.ponylandghetto.com. I do not know how many tries you get to log in, though.



Thanks for your interest in helping. As I said, I don't want to cause trouble; just want to make sure nothing is going on that would be harmful to my kids.

Well, since the site doesn't allow new accounts to be registered, there's really nothing I can do. I also can't tell what version they are using.

They're using a software known as phpBB. This software is usually pretty secure, and they block multiple login attempts.

Well, that is something new; they were allowing registrations this morning. If you know the membernames is it possible to use a password cracker to find out one of the passwords?

The forum is called www.ponylandghetto.com. I do not know how many tries you get to log in, though.



Thanks for your interest in helping. As I said, I don't want to cause trouble; just want to make sure nothing is going on that would be harmful to my kids.

A quick whois at my terminal gave me this information on the domain:


Domain Name: PONYLANDGHETTO.COM
Registrar: GO DADDY SOFTWARE, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS*.PAGEMONSTER.NET
Name Server: NS2.PAGEMONSTER.NET
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 0*-nov-2006
Creation Date: 27-oct-2004
Expiration Date: 27-oct-2007

Registrant:
ponylandghetto
PO *4*
Chandler, Oklahoma 748*4
United States

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: PONYLANDGHETTO.COM
Created on: 27-Oct-04
Expires on: 27-Oct-07
Last Updated on: 0*-Nov-06

Administrative Contact:
Taylor, Danielle queenbutta@mycingular.com
PO Box *4*
Chandler, Oklahoma 748*2
United States
8*24*27*44 Fax --

********* Contact:
Domain Services, EV* Servers domains@ev*servers.net
2600 SW Freeway
Suite 500
Houston, Texas 770*8
United States
*7*****787* Fax -- *7***42***2

Domain servers in listed order:
NS*.PAGEMONSTER.NET
NS2.PAGEMONSTER.NET


Just to clarify, is she Danielle Taylor? In addition, what is her forum username? Is it 'pinkjubie'?

No, she's not Danielle Tyler. That's the person who co-runs the forum--"buttah" I think the name is. The other girl lives in New Zealand but she's in NJ right now staying with my husband. I do have her real name, other ***rds she posts at, etc. I even know her Warcraft account name, which is where he 'picked' her up.

The ***rd she runs and may have registered to her is called MLParena.com--another "My Little Pony" site.

Because the forums block repeated attempts at logging in, pass crackers are out of the question.

You could use multiple proxies, but that would be time consuming, and probably be useless.

@ mike - Is there anyway that I can find the version of phpBB a site is running?

Yes, brute forcing is out of the question.



@ mike - Is there anyway that I can find the version of phpBB a site is running?

Not that I know of; it's a sort of security by obscurity I suppose.

Looking at the whois records though, we can see that the domain was registered on 27th October 2004. Considering the fact that the site only consists of a forum, we can be quite sure that they installed the forum soon after acquiring the domain. Around this time, phpBB v2.0.* was released (in November of 04) so the forum version is probably 2.0.* (give or take).

If any of you were willing to, there are unlimited possibilities of getting what you want (social engineering, email spoofing, exploiting, etc.).

If you need any information that would be unseemly for me to supply publicly, I could be reached at catofbabylon@**********.

Thanks much.

Here's a list of the members:
http://www.ponylandghetto.com/memberlist.php
This are regular stuff.The forum is indeed NOT accepting registrations,however,i'm one step inside so if i get in i'll send you the login
info.Also see this.............:

;) http://www.ponylandghetto.com/viewtopic.php?t=*8*5

http://www.mlparena.com/Forums/viewtopic/t=5*6*8.htm

http://www.mlparena.com/index.php?name=gallery2

http://www.mlparena.com/index.php?name=Members_List

http://www.ponylandghetto.com/viewforum.php?
f=*&sid=862*268048840*722*5*fde0*d4ea*f*

Not sure this would help, but some of the women who are members of ponylandghetto.com--including the woman my husband is involved with--are also members of this site, which is not a locked site:

http://www.ponylandscatfight.com/

Maybe some of them use the same passwords?

Hmm.. I found this little directory in the ghetto site:

http://www.ponylandghetto.com/mods/chat/

Note: All actions described below were done to test security, not for malicious purposes.

It has proved impossible to determine their hosting provider. The whois records indicate that they are hosted on pagemonster.com, but that website returns a blank page. A part of the whois records gave theplanet.com its name server provider, but after talking to a theplanet.com live chat representative, I found out that the website is not hosted by them either. They wouldn't tell me if pagemonster.com is one of their resellers.

So this leaves me with no options. If someone were to attempt to get forum and website information from the ponylandghetto.com administrators or forum users, they would have needed to spoof an email from the service department of their hosting company with credible information.

I might be reading the WhoIs wrong, but it mentions under who to contact for ********* service, a company called EV* Servers.

http://www.ev*servers.net/

And when you look at the ev*servers website, they say that they have merged with the planet. So maybe the host is still under EV*servers?

If you look at the Whois record for pagemonster.net, it interestingly comes back with some of the same ********* contact information as the mlparena.com forum:

http://www.whois.net/whois_new.cgi?d=pagemonster&tld=net

Registrant:
Eric Alexander
P.O Box *2*6
Fremont, CA *45**
US
5*0-468-5505


Domain Name: PAGEMONSTER.NET

Administrative Contact:
Headache, Major majorheadache@comcast.net
P.O Box *2*6
Fremont, CA *45**
US
5*0-468-5505


********* Contact:
Headache, Major majorheadache@comcast.net
P.O Box *2*6
Fremont, CA *45**
US
5*0-468-5505


Record last updated 0*-2*-2005 **:22:*0 AM
Record expires on 0*-*8-2008
Record created on 0*-*8-2005

Domain servers in listed order:
NS*.PAGEMONSTER.NET 70.84.*8*.*8
NS2.PAGEMONSTER.NET 70.84.*8*.**


MLParena.com, while registered to someone else, is run by the woman Loa that my husband is involved with, and ponylandghetto is co-run by her but registered to the other woman.

I'm not sure if this provides any help whatsoever. Thanks so much for trying.

I looked at SecuriTeam and SecurityFocus for all types of phpBB exploits (I avoided Perl written ones because I don't know how to use them). I tried SQL injections, XSS, remote command executions, anything that might lead to something. Point is that they're running their 'site' on a forum building CMS that's pretty secure.

I can't think of anything, unless you could bruteforce the FTP login or something.

I'm not sure how to do this, but what if you used a brute force password cracker on some of the people who have accounts at both ponylandscatfight or mlparena and another account at ponyland ghetto? (Assuming that ponylandscatfight and mlparena do not limit the number of tries you have to log in; I would have to check that out.) And then tried to see if those people might have used the same password for their ponylandghetto account?

That might work, but I don't know any brute forcers that can brute force form logins.

Anyway, go to ponylandghetto, where it says http:// at the top, delete that and put ftp://. It'll bring up a login. See if you can try multiple times there. Report back.

Thanks. :eek: I guess I can see the futility of that, because the chances of randomly guessing the word that someone else picked for a password seems very remote.

Thank you very much for all your efforts. I can't really think of a way around this myself, so I guess I should just give up and hope for the best.

Not yet. Your person probably used a word out of the dictionary. You can find big wordlists and get a program called Brutus to try all of those in about a few minutes. It should work if you know the username.

Thanks. I guess I can see the futility of that, because the chances of randomly guessing the word that someone else picked for a password seems very remote.

Exactly :). Brute-force attacks rarely succeed and are very noticeable. Well they do succeed, just after a very long time and only if the password is a dictionary word.

My advice is to only go down the route of brute-forcing if you're really desperate and there's nothing left to try.


I avoided Perl written ones because I don't know how to use them

I haven't used it in a long time, but I seem to remember that the Perl you can get for Windows is called ActivePerl. You can download it here:

http://www.activestate.com/products/activeperl/

After that it's simply a case of typing perl script.pl at the command line. One thing to watch out for though is deliberate mistakes in the exploit script to prevent script-kiddies using their code for illegal purposes.

That's smart of the coders to do. Thanks for telling me about ActivePerl, I'll try it.

@ Wanttoknow - Well, good luck doing what your trying to do. There's not much else we can really do for you.

Hi folks! Just wanted to drop in and say Hi! I am one of the people, whose personal information you've posted and whose ***rd you are trying to help this woman gain access to. I wanted to let you know that the ghetto is my ***rd. I alone retain ownership and be assured I am taking any and all precautions to protect it.

I'd also like to thank all the techies here for the heads up on what kind of assaults I can expect on my ***rd.

No need to worry, I do not intend on posting here again or being bothersome. However, you may want to ask more questions of the people you are helping and perhaps inquire about the nefarious purposes behind it all.
I can say with total sincerity that there is nothing on my ***rd in word or content that would be harmful to this woman's children. I and many other members are mothers as well and would not tolerate such a thing.

King of Siam
signing out (you believe that right? sure ya do)

:)

Hi folks! Just wanted to drop in and say Hi! I am one of the people, whose personal information you've posted and whose ***rd you are trying to help this woman gain access to. I wanted to let you know that the ghetto is my ***rd. I alone retain ownership and be assured I am taking any and all precautions to protect it.

I'd also like to thank all the techies here for the heads up on what kind of assaults I can expect on my ***rd.

No need to worry, I do not intend on posting here again or being bothersome. However, you may want to ask more questions of the people you are helping and perhaps inquire about the nefarious purposes behind it all.
I can say with total sincerity that there is nothing on my ***rd in word or content that would be harmful to this woman's children. I and many other members are mothers as well and would not tolerate such a thing.

King of Siam
signing out (you believe that right? sure ya do)

:)

First thing I'd like to say is that none of us had malicious intentions -- we were trying to help someone and testing the security of the site. We're not the type to deface websites or cause other mindless damage. Just so you know.

Also, the information I think you're referring to is publicly listed registrant data for an Internet domain -- information that anyone can find through performing a whois lookup. Those that have posted it will happily remove it if you wish.

Regarding the security of your site, I have some advice I'd like to add.

Forums and content management systems for websites are relatively secure, but over time people discover vulnerabilities in them and share them with the world. These problems are usually fixed in periodic updates of the web-software in question. If you have an old forum version running, an attacker has a whole catalog of exploits to hit you with and gain access to your website. If it's a new version, there's minimal security risk. My point: I'm assuming your forum version is old (the site having been created in 04), so it's ad****ble to upgrade every so often.

Next piece of advice: you may want to disable directory-listing on your website because certain forum directories listed all their contents. Ask your hosting service about this if you're not a tech person.

Lastly, you may want to watch out for social engineering (discovery of vital information through human trickery). If someone was determined, they could find out your hosting provider and spoof an email from them asking you to give out certain website details which would grant them access. Don't trust communications from web services unless they give you some sort of proof that they are who they say they are; emails can be sent from any address without actually having access to that account.

I'd also like to thank all the techies here for the heads up on what kind of assaults I can expect on my ***rd.

No problem:D

However, you may want to ask more questions of the people you are helping and perhaps inquire about the nefarious purposes behind it all.
I can say with total sincerity that there is nothing on my ***rd in word or content that would be harmful to this woman's children. I and many other members are mothers as well and would not tolerate such a thing.
:)

Nefarious purposes? Feel free to ask away; there's certainly nothing nefarious about *my* purposes. I'm not the 2*-year-old flying halfway across the world to stay for a month with someone else's 44-year-old husband--a man who has * children--and calling him "boyfriend" before having even met him. I'm not the college dropout who lives at home, has no ambitions, and has made over *4,000 posts across 6 different My Little Pony ***rds, plays Pony Island, collects bratz-type dolls, poses them and photographs them, and reads manga intended for **-year-olds.

You will have to excuse me if I do not concur with you that this woman's intentions with my husband may not be harmful to my children. I generally don't trust 2*-year-old women who are nowhere in life and travel halfway across the world to sleep with 44-year-old men.

But hey, I'm glad you found me! Now that you know my e-mail address, feel free to write any time. I'm actually quite nice when I'm confident that my family and the wellbeing of my children is not being threatened by some golddigging, immature girl looking for a father-figure to take care of her.

All the information posted here--which you call your "personal" information--is, as correctly pointed out--freely available by doing a simple "whois" query.

I would also like to take this opportunity to ask the person who told the owners of that website about this thread to admit to it now. I'd like to know your reasons.

Mike,You know i wouldn't do something like that,specially to people from this forum i rely on. The only person i ever messed up was that guy trying to scam innocent people here for ****** cards. Ohh and anotherone long time ago,i think her windows were erased :eek:

It may not have been that anyone told them directly. When I ran a Web blog, I could look at the '*****er' log and see the entrance and exit pages of anybody who visited. If someone clicked on the links that I posted from this site, it would ***** back to this site. So, I suppose that she could simply have followed the links back to see why she was getting hits from this site, read this post, and reached her own conclusions.

I think it's very nice that you guys help people improve their security by pointing out the vulnerabilities in their systems.

Well, there really wasn't any vulnerabilities in her system, otherwise, you'd be in now.:D

And mike, I agree with Wanttoknow, it's probably looking at referer logs that helped her find us.

Butta just sent me the nastiest e-mail, too, threatening me with all sorts of legal repercussions. Of course, she has no case, particularly since her site was not compromised in the least. But according to her e-mail, she seems to think I violated international law. Since we're both in the US, as is the Web site, I'm not sure how international law applies here. But I did offer to send her my name and address if it would help her make her case.

It may not have been that anyone told them directly. When I ran a Web blog, I could look at the '*****er' log and see the entrance and exit pages of anybody who visited. If someone clicked on the links that I posted from this site, it would ***** back to this site. So, I suppose that she could simply have followed the links back to see why she was getting hits from this site, read this post, and reached her own conclusions.

I think it's very nice that you guys help people improve their security by pointing out the vulnerabilities in their systems.

I suppose it's a possibility that they could have been checking their logs for referrer addresses, but I doubt it because it was so quickly after you started this thread.


Butta just sent me the nastiest e-mail, too, threatening me with all sorts of legal repercussions. Of course, she has no case, particularly since her site was not compromised in the least. But according to her e-mail, she seems to think I violated international law. Since we're both in the US, as is the Web site, I'm not sure how international law applies here. But I did offer to send her my name and address if it would help her make her case.

That's just ridiculous. Firstly we didn't harm the website in any way, and even if we had I don't see how it would affect anyone. They don't make an income from that site, they don't provide a service; they don't do anything apart from talk in their community.

You can't sue someone for talking about trying to gain access to one user's account on a forum.

Yep, according to federal cybercrime laws, something of value has to be obtained or something has to be altered, government or financial security has to be compromised, or direct threats have to be issued against a person. State laws vary, of course, but almost all of them require that, at the very least, access has been gained and something has been compromised, through alteration, destruction, or theft. None of them cover talking about how you would go about gaining access to a password-protected site. I think she mistakenly assumed that I was an ignoramus and that by making legal threats, she could frighten or intimidiate me. International laws are a bit less stringent, but the alleged crime has to occur in another country for anyone else to care.

I did notice that in her e-mail to me, she managed to omit the information containing her IP address from her header. So it sounds like someone may be afraid, but it is certainly not me.

Again, thanks for your help, and if you want to close or delete this thread, I would not object.

Yeah, removing this thread might not be a bad idea Moonbat -- we don't want to give her 'case' ammunition.

Nah, I'm gonna lock it instead. After all, we have nothing to fear, and there's no point lowering our post counts because of some stupid empty threat.