• Sign up or login, and you'll have full access to opportunities of forum.

Ralphus's site "GIMP Forum" hacked

Go to CruxDreams.com
HTTPS will not protect against direct attacks on the server infrastructure (such as admins failing to apply Linux kernel patches) but definitely help with many other issues.

An obvious way would be someone gaining the credentials of one of the admins of the forum, and thus having the possibility to do as much as they do, but without their kind and benevolent intent.
 
An obvious way would be someone gaining the credentials of one of the admins of the forum, and thus having the possibility to do as much as they do, but without their kind and benevolent intent.
We put in a plan to counter this several years ago but obviously we keep it secret. To clarify other points....
1. The admin team do not have access to reprogramming the site, only the owner.
2.The only data stored here is your email address which we can change if requested.
3. As far as passwords and malicious code is concerned please see the attached pic.Screenshot_20200318-072847_Opera.jpg
 
Hi everyone.

I don't know if some of you often go to ralphus.net, but it seems that the site had been hacked a few hours ago.
And for obvious reasons, I don't think these 2000$ would end in something like a coronavirus fund...

Hope this forum won't get hacked too in a near future... :(

SJ
I also noticed, I am very surprised that these sites have some protection .... honestly I would be pissed if hacked this account and would consider to turn our police hackers ....
 
As far as passwords and malicious code is concerned please see the attached pic.
Unfortunately, use of an one-way hashing algorithm to store passwords doesn't prevent a potential account theft in this case. Performing login over an insecure connection (i.e. HTTP) is similar to letting people see your keyboard while you enter the password. It doesn't matter how it is stored on the server-side, as long as the person behind your back can read what you type clearly.

And getting your login credentials stolen that way can potentially cause more serious problem than letting people know what your darkest fantasies are. Not to mention of such a case the stolen account has a moderator privilige, in which case one can randomly delete other people's posts or even ban users, one can also attempt to login to different websites using such information.

Many people use the same username and password for multiple websites. So, if one of such member used the same credentials for Gmail, for instance, the hacker can pretty much access to all the assets the victim has on such websites where the person registered using that email.
 
Last edited:
I also noticed, I am very surprised that these sites have some protection .... honestly I would be pissed if hacked this account and would consider to turn our police hackers ....
Stan Goldman and Barbara Moore are pretty nimble at solving cybercrimes:jaja-no:
Unfortunately, use of an one-way hashing algorithm to store passwords doesn't prevent a potential account theft in this case. Performing login over an insecure connection (i.e. HTTP) is similar to letting people see your keyboard while you enter the password. It doesn't matter how it is stored on the server-side, as long as the person behind your back can read what you type clearly.

And getting your login credentials stolen that way can potentially cause more serious problem than letting people know what your darkest fantasies are. Not to mention of such a case the stolen account has a moderator privilige, in which case one can randomly delete other people's posts or even ban users, one can also attempt to login to different websites using such information.

Many people use the same username and password for multiple websites. So, if one of such member used the same credentials for Gmail, for instance, the hacker can pretty much access to all the assets the victim has on such websites where the person registered using that email.

I would definitely recommend NOT linking your CF account or those at similar sites to the email you use for business and family stuff. It's very easy to get an anonymous free email account.

I will point out that Ralphus at the GIMP has been using 1990s technology (his email is still aol!) and has resisted any attempts to update to say 2010...
 
Some of you may be familiar with the GIMP forum "Girls in merciless peril" @ ralphus.net. I stopped by there last night to see if there was any new material and when I clicked on "READ the FORUM" this is what came up;
Screenshot_2020-03-18 SEND 2000$ TO 16oxeipdFaTYu8qZAS9jRnN83JtDCo8FbA.png Screenshot_2020-03-18 SEND 2000$ TO 16oxeipdFaTYu8qZAS9jRnN83JtDCo8FbA(1).png
Idiots that do this kind of stuff burn me up. Hopefully they have some sort of back door to repair this and I hope we are safe here as well. :mad:
 
Some years ago, the GIMP site went through a big setback. Amy went to the rescue and set it up all over again, from scratch. The preferred system was respected, many fans of the forum wanted it that way. It was not Ralphus resisting the change.

Once again the site is going through a rough time because of the activities of useless human beings who have no other purpose in life but to fuck things up for others. I'm waiting to hear about the results of what Ralphus and his hosting service are doing to save the files and reformat it.

Maybe the time to change the format has come. The Guestbook format in use is, still, part of hndreds of thousands of websites. It's basic in its format, even though with time there were some improvements and additions and it works, as long as hacker fuckers don't fuck with it.

The forum format, such as this forum, have the membership system which allows administrators to either accept or reject members. In some cases even approve or reject posts.
It's more difficult but not impossible to hack.

Hosting services, in some cases, are open to hackers. It means, their firewalls are not effective or in place.

I'm sure the GIMP forum will return in full force, maybe all the posts have been lost, it will have to start from zero. However, the files should still be where they are unless the hackerfuckers deleted them.

I keep all my posts in archive, with the discussions therein. Most of them I share them here. Sometime ago I was experimenting with a section at redfeline.com. I called it Margot's Chronicles. I think I'll revive that concept. The following link will take you there so you'll know what I'm talking about.


Let's hope for the best!
 
A new forum had been set up by Ralphus, and for what I read there, it seems that the old site is lost for good.
The movies/comics reviews are saved, and I guess they will place these reviews into a forum sub-section.

So, I think it would be a good idea to help the forum to built itself by creating stuff there. I did my own thread, that I will fulfill later!
 
I guess they have tried, I don't know.
As that's not my website, I can't do anything but leaving it to Ralphus, the owner of the site.
Anyone can try that. I wasn't a member of the site, so I don't know what kind of contents that site had. But when I searched the archive for a test, I could read some posts from last December, for example.

P.S.: On a side note, it feels always embarrassing, when your post gets quoted before you finish editing it to make it less awkward :D
 
I briefly discussed the topic of SSL on VoD after learning my members had expressed concerns about CF's lack of SSL. I'll post here what I shared there, just to offer my 2 cents on the issue.

My position is that, whenever possible, and so long as an admin knows how to do it, secure is always better. Granted, message boards aren't banks or big social media sites, but your login credentials can still be compromised, and you shouldn't use the same password twice anyway. My understanding is that @ImageMaker 's principle reservation about securing CF is money. I know from experience that commercial-grade SSL certificates can be bought for just $15/yr and they are designed primarily for protecting user data, but adding one is a tricky process that can break a board if you're not careful. It took a year after launching VoD, a suggestion from one artist, and a passing comment from another discussing another 3D art board's lack of SSL, for me to knuckle down and learn how to secure VoD. I use a Comodo SSL sold through my hosting service.

That said, I regularly post on two fantasy death fetish boards, one of which isn't secure, and it doesn't bother me. CF's lack of SSL shouldn't bother anyone here, either.
 
I happen to be working on the GIMP site. All the information from the past is there. To set everything up as it was, will take some time. But new days are coming!
August 12, 2021.....was it happened again ? Ralphus.net is out ?!?!? I'm already in missing crisis. Do you know something ? We cannot live without GIMP forum !!
 
August 12, 2021.....was it happened again ? Ralphus.net is out ?!?!? I'm already in missing crisis. Do you know something ? We cannot live without GIMP forum !!
I'm working on in. Either someone hacked the MySQL, or it just went bust. It operates the phpBB3 forum setup. The GIMP forum will be back, better than ever, I promise, but it might take a bit of time and maybe some cash, which we'll be dealing with, and by we, I mean my people.
 
I'm working on in. Either someone hacked the MySQL, or it just went bust. It operates the phpBB3 forum setup. The GIMP forum will be back, better than ever, I promise, but it might take a bit of time and maybe some cash, which we'll be dealing with, and by we, I mean my people.
Yes, we can contribute with some cash. Thank you a lot.
 
Back
Top Bottom