Recently our website had its database information retrieved and every user registered had the password hash obtained along with the email connected to the account and other information. The important information stolen would be the password hash and email, so please it is recommended to change your clraik password AND IF your email password is the same as your account password on here, change it as well! This is to ensure maximum security on you and your personal accounts online.

Again, it is strongly recommended you all change your account password and e-mail password used for clraik if the password is the same. Thank you.

**Takes two seconds and you can do so here**

[Only registered and activated users can see links]

ooooo imaging someone hashing a forum of cheaters :o :o

Anyone elses post counts deplete after the outage (I had close to 50, now it's saying I have 8...)? My profile also changed back to its original avatar.

Damn no good bro xD

I just changed it, thanks alot Joe!

Anyone elses post counts deplete after the outage (I had close to 50, now it's saying I have 8...)? My profile also changed back to its original avatar.
The forum was set back two weeks, so anything made since then was deleted :(.

Anyone elses post counts deplete after the outage (I had close to 50, now it's saying I have 8...)? My profile also changed back to its original avatar.

your not the only one who suffered. I lost over 4 feedback score, and over 40 posts. Since the forum got set back 2 weeks, all this happened. But the good thing is, the forum is back up and running.

omg this is so dangerous. anyone had any idea who did that?

I understand, thanks for the advice. I never really use same password at once, 1 for forums another for emails :)

do you know who it was? :/

-passes out pitch forks and torches- Yeah who was it D:<

Crap.....
Ok

Damn, that's hectic :/

Thanks Joe.

thanks for the heads up joe!! and good job getting the forum all back together!

I know everyone who was involved. Everything from IP's of the people doing the attack to chat logs of this being planned and who was aware of this before it took place.

The forum was set back two weeks, so anything made since then was deleted :(.
I was 83 rep, I'm 79 now D:

Hopefully they are banned now, fuckers!

I know everyone who was involved. Everything from IP's of the people doing the attack to chat logs of this being planned and who was aware of this before it took place.

would you be able to report them to the authorities or something? i hope you can do something to get them back for it anyway.

Damn, that's rough. Props for sorting it out so fast though. ): Hope it never happens again!

id give all the ip info and stuff like that to Demo , im sure he could do something xD

id give all the ip info and stuff like that to Demo , im sure he could do something xD

maybe to staff at other similar forums too so they can get banned on those if they're registered as well?

your not the only one who suffered. I lost over 4 feedback score, and over 40 posts. Since the forum got set back 2 weeks, all this happened. But the good thing is, the forum is back up and running.

Aww :( That's pretty close to what I lost as well. And yeah, I'm just glad the forum is back up now (and also the usable programs).

I was just so close to becoming a Clraik! Darn.

Wow. So did not think they were serious about doing it.

Darn. I just made my account just about 2 weeks ago so it just got completely deleted.. Had to make it again!
Lost all my feedback scores and everything :(
At least the forum is back x)

Well I lost 40$, I dont know who bought my main for 40$ and it was on the 21st, so i don't know who it was... fantastic sams!

Erm, Well, what about VIP? I bought VIP a few days back, now no VIP...

<-- *pokes new name* Decided to make a new account... just incase. Those darn hackers. *SHAKES FIST*

Erm, Well, what about VIP? I bought VIP a few days back, now no VIP...

Just show to Joe your payment details so he can restore it, I guess

Yeah, question about the pms... I know that they are deleted, but were they accessed? There's a lot of account info that went through pms.

Mike DarkAngel I sent an email to everyone who purchased VIP to email me back with their usernames! Mike I got you now though.

My VIP also dissapeared.

Infamous Joe

Besides username and pw. Are our inbox messages compromised as well?

Wow !!!! So that means clraik was under attack ? O.o i wonder by who tho ? did you ban any body that know's how to hack like this ? they can be getting revenge . . . *just saying*

S.n - if you need help with anything or if there's something i can do to help out let me know ^.^ Infamous Joe

My VIP also dissapeared.

Reply to the email I sent to your PayPal emailed used to pay.

Evelsaint No it doesn't look like the PM table was extracted. But we can't be 100% positive.

My give away was deleted O.o

Everything was deleted...they restored 2 weeks back

Thank you for updating your profile, Rain.

Hmm, hopefully they didn't have time to do any damage, considering you basically shut off everything on the site almost as soon as it happened. :)

As for the deleted posts, trade reputation, reputation and the like, I think it's safe to say that I'd rather have that, over money lost if someone were to hack into any of our accounts and scam other users. ;)

It is ironic because Joe and his friends tried to do it to DeeZee way back when. xD

Infamous Joe

For future reference regarding PM security, does it help at all to keep deleting your PMs consistently or is it that even if you delete them from your inbox if the site was compromised records could still be seen?

Thanks for the advice Infamous Joe

Pass changed!
Oh! no, I was ck rank with 55 post, Now I'm newbie again :C

It is ironic because Joe and his friends tried to do it to DeeZee way back when. xD

Actually my friends killed the forums bandwidth which cost CheeSie a lot of money back then using something I gave them. I'm not the type to upload amateur scripts that extract DB info from forums then deface them.

Will reply to your PM soon.

---------- Post added at 11:08 PM ---------- Previous post was at 11:07 PM ----------


@Infamous Joe ([Only registered and activated users can see links])

For future reference regarding PM security, does it help at all to keep deleting your PMs consistently or is it that even if you delete them from your inbox if the site was compromised records could still be seen?

You should always delete important PMs (save them of course to your computer) and that will delete them completely from the DB.

Just changed my info is everything secured now?

I had close to 200 posts clraik rank and plenty of feedback now im newbie :/ whats the deal???

Just changed my info is everything secured now?

I had close to 200 posts clraik rank and plenty of feedback now im newbie :/ whats the deal???

Most likely the reason this happened is because Joe had to reset the website to an earlier version, so whatever you were at the time of the last time the site was fine than it was restored to that, thank goodness that I didn't have my password was the sake as my email, got to change my password anyway just in case

Does this mean my prior info wont be restored or what?

Does this mean my prior info wont be restored or what?

I'm going to have to assume that you're going to have to earn your rank back... :(

That sucks a shit load of feedback was lost too :/...

That sucks a shit load of feedback was lost too :/...

Yeah, it definitely does suck for a lot of people...

Yeah i agree :(.

I don't know what exactly happened but glad that this site is up and running again.
Backup is indeed important aint it - I've learnt that the hard way heheh

Will we need to change Neopet passwords saved to the programs, also they wernt ratted while all this went down, were they?

Pretty sure neopets passes entered into programs aren't saved to clraik's DBs.

Uh, are these hashes the types that are crackable with the md5decrypter... ._.
I'm changing everything but just wondering.

Everyone should probably change their paypal PW too if it is the same as their clraik/email.

NO information is saved to the clraik domain while using our programs.

Like I said, anything linked to your email used on clraik should have the information changed (password).

So we are good to redo our passwords on this site now?-as in no longer compromised when we do put in a new password. I made an all new email attached to my clraik account so I am assuming that is also a safe move rather than using the same email as before but simply changing the password?

holy fuck you guys LOL
just change your damn password! lol

Erm, Well, what about VIP? I bought VIP a few days back, now no VIP...

Yeah, same here.
What happened to my VIP?

Seems like what happened just before the hacking were disregarded

msg Joe you will get VIP back if you had it before i believe

Well. I lost 660m. That was fun.

Lost my VIP too, had to re-register, my paypal is locked out I had to re-verify over the phone and my neopets account is frozen, and this is what I get for buying VIP? fuck my life.

what...how did you lose that much

ooooo imaging someone hashing a forum of cheaters :o :o

already did

Lucky I didn't use a PW attached to my neopets account, email etc here. Damnn I missed Half price day ABing yesterday :(

joe, what type of hashes?

Doesn't matter, it's your passwords, and I've never seen a hash never cracked, but a wild uneducated guess, it'd probably be MD5.

Welp. xD

NO information is saved to the clraik domain while using our programs.

Like I said, anything linked to your email used on clraik should have the information changed (password).

were the password hashes salted? i think vbulletin is usually set up like that by default, right?

thanks for letting us know

Vbullitin hashes are stored (md5+salt). However the salt is stored on the usertable in the database.


Great security guys. No better than neopets who you claims bad security makes hashing acceptable. Its different when the shoes on the other foot though...

Everyone should change there paypal passwords too if they are similar to that of your clraik.

Lol damn.Who did this! I'll have to change lots of things now heh.
Good move shutting the site down (if that was you)

Vbullitin hashes are stored (md5+salt). However the salt is stored on the usertable in the database.

Great security guys. No better than neopets who you claims bad security makes hashing acceptable. Its different when the shoes on the other foot though...

Everyone should change there paypal passwords too if they are similar to that of your clraik.

by salting them it's not possible to use basic rainbow tables to 'decode' them easily though so it's much better than just a plain md5 hash.

Of course its not but programs like cain and abel can still crack the entire table in about 24 hours.

All salting does is stop noobs who use online databases.

Of course its not but programs like cain and abel can still crack the entire table in about 24 hours.

All salting does is stop noobs who use online databases.

doesn't vbulletin double hash them though? i think it's something like md5(md5(password)+salt).

Any hash is crackable , it does not matter if there doubled you can first run a crack on the hash + salt then a crack on the returned hash. Kind of just reversing the process.

Damn. x_x I was wondering why the site had been down for a couple of days.. I just thought it was maintenance..

Infamous Joe
Joe can i has zere ips pl0x? :)

Infamous Joe
Joe can i has zere ips pl0x? :)

[Only registered and activated users can see links]

Infamous Joe How did you get hacked? Frank said someone hacked Johns account or something?

Not sure if it has been mention but if your a member of any other site with the same PW I think you should change that PW aswell. I know a few people are members of multiple sites that deal with cheating so... just a thought.

Also how about pm logs? People trade accounts all the times here and send passwords ect via pms?

He already said PMs were fine!

He already said PMs were fine!

"Evelsaint No it doesn't look like the PM table was extracted. But we can't be 100% positive. ".

That is assumption. The mother of all fuck ups. It would not hurt to be overly cautious.

Assuming does make an ass out of u and me.

But as it has been said you can't be overly cautious.

So just change all your crap and call it a day. :)

Indeed its alot of work for someone to do any of this and I do not know who was involved in it but as joe has chat logs ect I am thinking they was probably not the brightest of people anyway. ;).

Better safe than sorry though.

I was also wondering about VIP status. Are we going to get reimbursed for our VIP or what is going to happen about this? I can't use my programs or have my status.

Only had mine 4 days and this happened *lol*

I had mine a little while. I am assuming he would need everyones info that sent money during the 2 weeks this rollback happened. Which means going into paypal and getting that info correct?

Yes i believe so?
Im unsure..
He knows who was behind this though, that is a good thing :o Im so curious to know.

I had mine a little while. I am assuming he would need everyones info that sent money during the 2 weeks this rollback happened. Which means going into paypal and getting that info correct?


Dont wanna put words in his mouth but a paypal transaction id should be fine I would of thought.

Ah, well maybe Joe will make a board about this in the near future.

again...?

And this is why I use a separate password for unsecure sites x)

Dont wanna put words in his mouth but a paypal transaction id should be fine I would of thought.


Ah, well maybe Joe will make a board about this in the near future.

Joe has stated that he has sent an email to all of the paypal emails that paid for VIP within the last 2 weeks asking for the username in which you wanted your VIP status on. I think it was somewhere earlier in this thread but not quite sure. So just check your email that is tied to the paypal you used.

Ah, well maybe Joe will make a board about this in the near future.

Please reply to the email I sent to your paypal email you used to purchase clraik VIP and I can give you a new subscription of 35 days.

I appreciate it Joe. I replied to the email.

there goes my hotmail account lol ._.

there goes my hotmail account lol ._.

I doubt any hotmail account was compromised, so just go in and change the password and it is still yours. Even if they take it, Microsoft has an automated recovery system which allows you to give them basic information only you would know to get your account back. ^__^ I've done it a few times, works wonderfully.

only option they seem to be giving me is "Reset Password" or send code to phone ;/

phone # changed and security question I'm trying to answer because I doubt they could change the answer without answering the question (pretty sure they have to do that) and use only the password

wish me luck lol

I doubt they would take your email if there wasn't anything too interesting in there.
i usually just use empty emails for all the sites I'm on just in case. Just had to change password and should be good now!

Glad you decided to put the site back up rather than let it go Joe! :D

my clraik email was one I haven't logged onto for over 10 months, I forgot I had it >.>

More worried about the account List I purchase which I keep on clraik as back up >.>

Stupid me.

Edit : post # 2000 v.2

Pretty sure my email was compromised. I've retaken control of it however. I had used a throw-away email address to sign up for CK, but forgot there was 3 neo accounts attached to the same email. Nothing high dollar or anything, but no cheating of any kind was done by me, noone had any access or knowledge of these accounts, and one's now iced. They were just shells I created for transferring pets through and was allowing to age.

Lost some stuff from PM's that I hadn't copied to my notepad / excel files yet. In total, I'm out maybe $50 or so from just that.

i am too lazy to change my password, i use different passwords and emails for so many different things..


Doesn't matter, it's your passwords, and I've never seen a hash never cracked, but a wild uneducated guess, it'd probably be MD5.
lol who are you
you've clearly only dealt with md5 hashes

---------- Post added at 11:02 AM ---------- Previous post was at 11:01 AM ----------

[Only registered and activated users can see links]

Someone said you didn't think they were going to do it, but you let it slide because you didn't think they would and then it happened.. Hmmm it's so easy for people to get this shit these days.

Well, I'm glad it's back up anyway. I hope no one lost too much.

---------- Post added at 07:16 PM ---------- Previous post was at 07:13 PM ----------


Doesn't matter, it's your passwords, and I've never seen a hash never cracked, but a wild uneducated guess, it'd probably be MD5.

Lol hashes from forum databases are a little different. I've dealt with databases before because I knew people from other games that'd surf the web, hax forums and grab the hashes. Also leak them to their friends etc.

Actually my friends killed the forums bandwidth which cost CheeSie a lot of money back then using something I gave them. I'm not the type to upload amateur scripts that extract DB info from forums then deface them.

Will reply to your PM soon.

---------- Post added at 11:08 PM ---------- Previous post was at 11:07 PM ----------



You should always delete important PMs (save them of course to your computer) and that will delete them completely from the DB.

You used an auto refresher....pretty much. xD

I traced all of "weird members" activities that were on the forum at the time. The page views of some people's profiles skyrocketed in unreasonable amounts of times so I knew how was involved and that was how I was able to stop it before there was more damage.

In any account, it is hard for me to feel sympathy for you as that action 5 years ago left an everlasting impression but I will assist you in this and issue global punishments.

---------- Post added at 06:35 PM ---------- Previous post was at 06:33 PM ----------


So we are good to redo our passwords on this site now?-as in no longer compromised when we do put in a new password. I made an all new email attached to my clraik account so I am assuming that is also a safe move rather than using the same email as before but simply changing the password?

It is safe but not as necessary. If you want to be 100% safe then any site that has your old ck password then you should change those too.

I blame Smiley....

You used an auto refresher....pretty much. xD

I traced all of "weird members" activities that were on the forum at the time. The page views of some people's profiles skyrocketed in unreasonable amounts of times so I knew how was involved and that was how I was able to stop it before there was more damage.

In any account, it is hard for me to feel sympathy for you as that action 5 years ago left an everlasting impression but I will assist you in this and issue global punishments.

It was a threaded application that generated as much threads as you wanted per second to send requests on a specific file path on a server, to ultimately DoS the host. Not by a lot, but a little more than just an auto-refresher.

Changed mine.

wow I'm fucked, I didn't even realize how much I had connected to the email I use on here... bummer.

aw and I lost my feedback. my 1 feedback. lolol.

wow I'm fucked, I didn't even realize how much I had connected to the email I use on here... bummer.

aw and I lost my feedback. my 1 feedback. lolol.

just change email pw and your good :)

just change email pw and your good :)

nah I know, I'm just really paranoid because I don't practice very good ~internet safety, so I'm gonna change that & everything associated with the email, but that's gonna be a pain... my own fault though, I should really use multiple emails! thank you for the heads up though x)

are we going to be able to get more information on who did this so we know to avoid them in the future?

having 'site wars' is pretty stupid imo. everyone should grow up, who takes the internet seriously?

Well... It wasnt me :)

I don't know how you thought this was a site war. 0_O

Crazy..

Dang D: Scary stuff

Thank you to all who have been co-operative with us. Closing this now, would like to make sure that everyone gets to read this message though for obvious reasons.