How iEtherPad got hacked
Hello folks. I've got tons and tons of users the past two days. I've got good & bad news.
Bad news first - iEtherPad just got hacked. I had a bunch of people mailing me and letting
me know. I really want to thank all of you guys who reached out to me. The best part was,
every mail that I got, said 'Thanks for hosting. I think you got hacked.'; Very very friendly.
they clicked on hide, there were multiple pop-ups repeating 'I SUCK COCKS';
Here is an image, showing what our users saw.Good NewsI did a grep on the server logs, and exactly got who he was.
Here are the details about the hacker: IP-address: 70.68.174.183
Physical address: COQUITLAM, BRITISH COLUMBIA, CANADA, V3B 0A2
Internet Service Provider: SHAW COMMUNICATIONS INC (Net Speed: DSL)Here are more details:
backend/access/access-2009_12_22.request.log:ietherpad.com 70.68.174.183 - - [22/Dec/2009:00:21:37 -0800] "GET /ep/admin/ HTTP/1.1" 200 1271 "http://ietherpad.com/ep/admin/main" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 Jingoo/0.1.2 (.NET CLR 3.5.30729)" 10 How did it happen
The admin password to this site, was the default. :( I'm really sorry guys, I screwed up.
I fixed things up in a hurry last Sat, and I missed this. (I run a startup myself.)
I really apologize, that I din't give it the attention it deserves. Things have been fixed now.
Other etherpad clones out there: PiratePad, PrimaryPad & netherpad -- Please check your admin passwords.What next Users, I understand we have the power to get back to this hacker's home and take legal action against him. Shaw Communications can identify the exact customer with that IP at that time, if a suit is filed. But what's the point anyway? The guy din't do any irreversible damage. He stopped it after a few tries. (I still blame you for your filth :-)); I mean, if we do trace him, he might be a hacker like one of us. (This time, hacker refers a programmer!) We've all been there. I'm going to let it go.Sincerely,
-Prasanna
