Planet Minecraft

Hello fellow minecrafters. i need all the help i can get. Yesterday i went on a server posted here looking for admins... i applied to be an admin, the owner was being very nice, then he started reading my PM's (from this website) outoud he said he used some sort of injector and i didn't know what to do. i was about to log off when he started reading my emails outloud and said to me "i am really sorry but i seemed to have hacked your email" i thought he appoligised so i logged off and went to sleep. i just got back on and it says my minecraft account does not exist i cannot log on to minecraft or the website. my email is the same! i do not know why he did this but if you can help me in any way i am grateful please help me put this to an end

thanks jack!

Right,

If this is true, it would seem you have done one of the following:

-Have the same password for EVERYTHING and have been either bruteforced or evaluated.

-PMC is SQLi/XSS vulnerable.

-You have been phished.



How to resolve:-

-CHANGE ALL OF YOUR PASSWORDS

-SCAN YOUR COMPUTER FOR MALWARE (AVG is Free)

If that does not work, send me the owner's name.

he told me he SQLI'D pmc
THE SERVER IS HERE: s3.cloudcrafting.com:6576

his PMC page of the server is here

http://www.planetminecraft.com/server/l ... r-1439869/

Hmmm. I don't think there are any phpBB SQLi vulns at the moment. Oh, did you go to any new websites recently?

Hmmm. I don't think there are any phpBB SQLi vulns at the moment. Oh, did you go to any new websites recently?

True, if this is the latest version of the phpBB modules that are used. phpBB has XSS vulnerabilities though.

Maybe we should contact cyprezz and ask if we could get permission to legitimately pen-test PMC on SQLI vulns ? Maybe then he could fix what we find.

this happened cause of the servers not being checked the only new websites i went on was the website that belonged to the server....

Scan your PC.

I'll go PM Cyprezz now.

Phrozen, I'll PM you as well.