fevered_ego
2008-10-18 06:37 am UTC (link)

The admin Poppins took over and locked everyone else out, according to one of the other admins:

"Poppins was bickering quite a lot with the other admins (myself, LE, Daemon). He seemed to have been in poor form for a few weeks and we all had our arguments with him. It came to a head when he moved #enturbulation to whatnet without actually consulting any of the other admins or mods and with quite flawed reasoning (his own irc shell had been compromised and a masskick command run from his irssi session, but he blamed an oper. Personally, and call me paranoid if you like, I think this was a cover and he really simply wanted to be able to feed information to the majority of the vocal IRC userbase of enturbulation so he could better insinuate himself into what was to come. If you hadn't noticed, almost ALL of the information that has come out from this has been from poppins-controlled sources like that crazy anon-news thing). I got into an argument with him about this and numerous things were brought up that both of us had noticed in the past weeks. The Friday after this happened, admincp access was lost and the forums were deleted.

"Poppins emailed the admins saying that he would restrict access to the box to just him for a while. On the same day, he registered enturb.com with Dreamhost through the Dreamhost proxy that he has access to as a former employee. It was discussed between myself, Daemon and LE and we decided to remove Poppins as an admin. However, LE feared for the safety of mimi at the DC (their security is poor) along with concerns about Poppins having backdoored the server. Early on Saturday morning, Poppins was told that he was being removed as an admin. LE then went and collected Mimi as he was going to be in the vicinity of the DC during the weekend anyway. Poppins presumably knew what was going to be happening beforehand, so he neglected to mention that he had been fired during his frenzied news posts and promises of a new site. Since LE had no internet access and I had been away all weekend, nothing could be done about that.

"As it stands, Enturbulation will be back up in 2 weeks or so in a new DC and on a new server. Staff won't be altered other than poppins' removal.

"I'll look over some logs and see if there's anything more and if I missed anything."

This was posted on scientology-exposed right after it happened, and may or may not still be the official story.

(Reply to this)

talec
2008-10-18 07:22 am UTC (link)

And if you ask Poppins, you get this version:

Due to the recent issues with Enturbulation and the massive amounts of misinformation circulating throughout the Internet I have taken it upon myself to write an article of the last month. The focus of this article will be on events which lead up to the unplugging of "mimi" - Enturbulation's server.

Early this month I took a vacation from Enturbulation between the 8th and 16th. During this time a DDoS began against Enturbulation, one that Core was unable to mitigate. The DDoS was rendered almost ineffective when LE called the data center and asked that the port be changed to 100Mib/s instead of 10Mib/s.

On the return of my vacation we began looking into ways to stop the DDoS, however it simply wasn't happening. The data center wouldn't null route the IPs attacking us or block UDP at the upstream. LE contacted a few data centers, most of which told us that we couldn't put a single server in the racks, rather we'd need to buy at least 1/3 of the cabinet space.

Within a few weeks, I wanted feedback from the userbase. I made a post to the General Discussion forum asking the simple question, "Close Enturbulation?" The userbase agreed that Enturbulation shouldn't be closed. I would not have recommended the close of Enturbulation to the admin staff, regardless of the thread. I wanted to know where the userbase stood. Most websites cannot recover from a week long DDoS, this had been going on for 3+ weeks by the time and I wanted to know that the userbase was still with us.

The next morning I found my thread locked with LE's response of "wtf? no" being the last post on the thread. He asked me why I had made it. The thread was motivated as much by logic as emotion. I was, admittedly, unable to explain the exact motivations behind it to him in a logical way.

His reaction was one I had rarely seen in his personality. He yelled at me, told me that Enturbulation will not close, I had absolutely no say in it, and I should never post threads like that. I found this extremely upsetting. I didn't say Enturbulation was being closed. I didn't say the admin staff was doing anything, or that the decision was by user consensus. I asked a question. Who is LE to tell me what questions I may or may not ask? Do I need his permission to ask a question?

We moved rather quickly from this into yelling at one another. Daemon broke the argument up, however LE and I stopped speaking at this point.

A few days later I made an announcement that Enturbulation's IRC channel was moving to WhatNET. I installed an IRC client on Enturbulation and made an announcement in General Discussion, then a changed the topic of the IRC channel on PartyVan.

Four months ago we had discussed moving the IRC channel from PartyVan. At the time there were three core issues:

A) Party Van's IRC Operators were abusive.
B) Party Van's IRC Operators abused Global Announcement to make it their personal chatroom.
C) The channel was constantly flooded.

After much debate we decided to move to SP-IRC's network. Within an hour of the move a skype conference was made and I was pulled into it. Core ( who was not an Enturbulation Admin at the time ), Janazeal, WeedBag/WB/Selleck and a few others I don't recall were there.

(cont)

(Reply to this)(Thread)

talec
2008-10-18 07:22 am UTC (link)

I was encouraged not to move the channel, because it could easily be attacked. They asked me what the problems we were having were, I explained. They said they would fix it, and I should move the channel back. After much discussion I agreed and the channel was moved back to PartyVan.

Four months later, the same problems were happening. The channel was flooded multiple times per day. IRC Operators were taking over the channnel, unsetting modes, and issuing commands to throw all the users out of the channel. One instance the command used to clear all users from a channel was reported as issued by me. I told core, and he said he looked at the logs and I did it. An IRC Admin later told me that another IRC Op had issued a raw command as my user.

I moved the channel because of these problems. Problems which Core - as a root admin on PartyVan could easily have fixed - ignored. I did not consult with LE before moving the channel. LE has used the IRC channel about 3 or 4 times in the last nine months. Core is obviously biased, and Daemon didn't care.

There has been no Operator Abuse against our channel on WhatNET, and floods have effectively ended. I still think this was the best option given the circumstances.

Core did not. He was livid that the channel had moved, was angry that I had not consulted with him and was then silent. I asked if he had planned to attack WhatNET as he had done with SP-IRC, he laughed and asked if I thought he was stupid, that attacking is not his only recourse.

The next day Enturbulation was gone.

I was sitting at my computer around Midnight working on random coding and a login prompt opened up on my computer. Gtalk wanted to authenticate me for the account poppins@enturbulation.org. I opened Firefox and went to gmail.enturbulation.org and after atempting to login, Google informed me, "Your account has been deleted."

enturbulation.org was down. forums.enturbulation.org was down. Paypal no longer accepted my password for the enturbulation account.

I called LE's cell phone. He answered the phone, said, "faggot" and hung up. I heard the familiar sounds of fast driving on empty freeways. 20 redials later I was left with a mountain of single words, and small phrases uttered by LE and no clue what was going on. I thought he had finally gone insane.

I went into the Enturbulation Staff IRC Network and no one knew what was going on. LE had told no one present that the server was going offline. I knew he couldn't have been migrating it to the new server we had just ordered from Dell. The server hadn't arrived yet and I was the one who would be doing the migration.

The general feeling was that Enturbulation should be rebuilt from backups. After a few whois queries I registered the domain "enturb.com" for this plan.

Then I wrote an short press release with the little information we had.

(cont)

(Reply to this)(Parent)(Thread)

talec
2008-10-18 07:23 am UTC (link)

For the next few hours discussions were going on. LE finally sent me a text message the following conversation happened:

LE: "You're Fired, FYI. Stop calling me.

Poppins: "Are you putting the server back online?" and "Why am I fired?"

LE: "That is none of your business now."

Poppins: "You seriously need to explain more."

LE: "There are serveral reasons. I don't know which ones are valid. The only one that fits right now is that you act like an angry child and don't exhibit even a trace of professionalism with staff and site matters. You were also a day late with telling me about the breach. So basically you suck."

Poppins: "Are you putting the server back online?"

LE: "I'm not answering that question. You'll know when everyone else knows."

Poppins: "And you say I lack professional behavior."

LE: "That is also why you are fired."

Poppins: "Because you pulled the server from the DC without telling anyone?"

LE: "Wrong"

Poppins: "This isn't funny"

(A few hours later)

Poppins: "You have a lot of my work on that server. I want it back."

LE: "You owe me a few hundred dollars for contact work you fucked up on. Unless I get a refund that shit is as good as gone."
Poppins: "You wanted me to build your VPS network instead."

Since this I have not heard a single word from LE. I have not gotten another text message from LE. He's ignored my phone calls.

Some things that aren't obvious in the text messages: The stuff I wanted off the server includes an Ad Server I wrote from scratch and took more than 3 days to write. The contact work LE is talking about was to design a site that he could sell pixels on, like themilliondollarhomepage.com. The code was written, however the data center fucked up my server and the code was destroyed. LE asked me to design a system for VPSs on Mimi and told me he's rather have me do that than the site thing. I said sure, also the site thing was kind of destroyed.

The "breach"? What's that? Oh, yeah, enturb got hacked.

I started looking around the forums after having woken up, and found reports of missing forums. I checked the logs and found that Daemon's account had deleted them. The IP address used was one which had not been used on the forums before.

Shit. I set restrictions on /admincp/. I required that only my IP could access it, I set authentication up on the web server level and added accounts for core, Daemon and I. I sent an email to LE telling him about it, and where to add his IP address to access the admincp. I changed Daemon's password and let him know over IRC. I called and left a message for LE that the site had been hacked.

The next morning, core explained that a database dump had been stolen, and that they got root on the server. I asked how, and was lied to. Core explained:

[09/25/08 11:59:45] < core> i have looked at it in detail
[09/25/08 11:59:51] < core> and seemingly someone got access to media
[09/25/08 11:59:52] < core> and sniffed it

(cont)

(Reply to this)(Parent)(Thread)

LAST ONE

talec
2008-10-18 07:24 am UTC (link)

For those who are not technical, and those who are who missed it: media is the VPS server media.enturbulation.org. It's where LE, Core and Daeon log into mimi. As a security precaution we allow only three IP addresses to access mimi on the command line. A problem with core's explanation is he thinks the rest of the staff don't know how security works. He expects us to believe that someone figured out that this server is the one we log into mimi from. Then he expects us to believe that the network was sniffed. Why is this hard to believe? Because no one has root access to these servers except dreamhost staff. Okay, so someone rooted the server ( not very easy ), then sniffed the connection, and then took ). Now they are sitting on a pcap log of the ssh session. That information is encrypted. How hard is it to crack it? Go get a few thousand computers and write your own cracking client and wait a few months, or years, or decades. Sniffing sounds like an easy explanation, and if you don't think about it, it is. When you think about it, you realize the amount of work to get to sniffing would have made it easier to just compile your own ssh client to spits the password out.

As it stands now, core has performed more oper abuse on PartyVan. He set himself as the founder of #Enturbulation, the channel I was the Founder of. On most networks, he would be removed from staff because of this.

That wraps up the month. Stay tuned for next month!

----

LE:
"Poppins isn't to be fully trusted. Core and Daemon appear to still have their heads bolted on, so whatever they say is legit. I'll elaborate further later, but I think Core summed things up well.

The site really will be back when the new server arrives, which should be within the next two weeks.

The other two weeks will be for housekeeping and getting things back up cleanly, as there is a lot of work still to be done.

I'm really sorry that things have played out as they have, but this has also been the most insane and busy few days of my life.

Oh also I encountered two mysterious PIs or Scientologists or just ballsy Anonymous types that tried to smooth talk their way into my Mom's house. My 92 year old grandmother though managed to use her near senility to get them to gently caress off. I saw them parked outside, and when I approached them, they sped off. The other thing too is that I don't even live in Los Angeles anymore, but was just having lunch with dear mom because I was in the area. How's that for timing, eh? The whole time I don't get any one sniffing around, but as soon as I actually turn off the site, they come out of the woodwork, and at the wrong address.

Anyway.

GO GO ANONYMOUS!"

(Reply to this)(Parent)

	emiweebee 2008-10-18 11:19 pm UTC (link)
	tl;dr Poppins doesn't seem really clear on the concept of unilateral admin actions not being taken well by one's fellow admins. (Reply to this)(Parent)