Someone with the code name AYY hacked a programmer account and put a cookie grabber on the Lodithia news page. While the problem is fixed from our end and the only important account is secure, we suggest you change passwords to your other sites you visit incase the Cookiegrabber targeted those sites (Neopets, Subeta, Wajas, whatever).


EDIT: Ayy is Max, max3v0, etc

How did he hack the programmer's account? (I know he got cookie grabbed) Did you guys not have protection in place? How come your staff doesn't have a protected admin panel - where you can only access it if you know the link?

It turns out it was a staff member gone berserk. Well, that problem won't happen again.

Don't worry. Things like this happen to all new pet sites.

x_x Are you serious? I play like 6059097 sites... when I tried to go on the site today, nothing loaded. I hope I'm safe.

Aww.. Snap.

I visited that page.

Aww.. Snap.

I visited that page.Delete your cookies.

Change your passwords.

I deleted my cookies and changed all my passwords.. thanks for the info

Thanks for letting me know.

It turns out it was a staff member gone berserk. Well, that problem won't happen again.
sounds like a cover up. if a staff member went berserk, then more than likely he wouldnt care to stay as staff and wouldnt hide his identity.

I doubt its a cover up. Julie wouldn't lie about a hacking x.x I need to remember to be nicer next time. (Was going to say something extremely mean)

sounds like a cover up. if a staff member went berserk, then more than likely he wouldnt care to stay as staff and wouldnt hide his identity.It was some stupid kid named "Max". The same kid who cookie grabbed on Zeta.

Julie wouldn't lie about a hacking x.x
Are you sure about that? Could just be a cover-up so it doesn't look like the site is unstable or hackable.

Are you sure about that? Could just be a cover-up so it doesn't look like the site is unstable or hackable.It wasn't a cover-up dude.

I would argue that it wasn't hacking, it was poor design. Of course, I don't see why anyone would trust Max after his apparent history with using cookie grabbers, but news content should be filtered for XSS like you would with any other content.

Sinthux: You're wearing that tinfoil hat a bit too much. I'd say that it was probably Max's fault (after all, he has used cookie grabbers before), but I'd also say that Lodithia needs to filter ALL content on its site, including admin-submitted content.

I'm not stating I have some conspiracy theory or anything, lol. I just think it's probable to have been a false front to hide security flaws. Considering they didn't know who it was but then came out and said it was a staff member. Perhaps he DID use a new identity, but I don't really know that info

It's more than I got a message from one of my friends that was talking to him while he was messing around with the site. I didn't know he went by Ayy, I just knew him as Max.

Wow. I know Max personally and all I can say is I'm going to have to kill him for doing this next time I see him :P

Wow. I know Max personally and all I can say is I'm going to have to kill him for doing this next time I see him :P
Didn't he do the same thing to Shiresu by deleting the database? If he's a friend of yours - why did he delete the users table?

He said it was a mistake and I believed him. But I'm not sure I should now after this.

Was he the one who cleared out the database? Or do you think somebody else did?

Was he the one who cleared out the database? Or do you think somebody else did?It was max.

I know he cookie grabbed the news. But are we 100% POSITIVE he cleared the database?

Yes, we are..

Ok. :) Sadly with the database clearing viral uploaded an old back-up. So we lost ALOT of forum posts, users, news, etc.