Poker Tracker Site Problems? - Page 2 - Gambling and Poker Software Forum

Two Plus Two Forums Online Poker Sites & Marketplaces Poker Software General Software Discussion

Poker Tracker Site Problems?

Post Reply Subscribe

...

Page 2 of 4

1 2 3 4

Page 2 of 4

1 2 3 4

09-14-2007 , 05:31 AM

#26

Jackal69

old hand

Join Date: Aug 2005 Posts: 1,653

when did this happen? i downloaded it a few days ago on a fresh pc...

Quote

09-14-2007 , 05:45 AM

#27

bottomset

Carpal \'Tunnel

Join Date: Oct 2004 Posts: 26,286

Quote:

i bet it was tuff_fish trying to [censored] up our HUDs

lol

Quote

09-14-2007 , 05:48 AM

#28

Ratamahatta

Pooh-Bah

Join Date: Aug 2005 Posts: 4,157

errr...

What do I do? AVG doesn't want to heal it.

Quote

09-14-2007 , 05:57 AM

#29

ptrack mike

newbie

Join Date: Feb 2005 Posts: 28

Relax everyone. I can assure you that the check for new version process cannot harm your PC in anyway. The reason it hangs now is only because the site is down temporarily. Hopefully it will be back up soon.

Mike

Quote

09-14-2007 , 06:11 AM

#30

aislephive

Carpal \'Tunnel

Join Date: Oct 2005 Posts: 19,317

Quote:

i bet it was tuff_fish trying to [censored] up our HUDs

I think he would probably try to hack PaHud instead.

Quote

09-14-2007 , 06:30 AM

#31

LovedBySgtSaLT

veteran

Join Date: Jul 2006 Posts: 2,536

Quote:

the problem is...to do that you have to start PT (which still is in autoupdate-mode ldo)

Obv you can disconnect from the Internet before startin PT. I.e. unplug the cable or if you use wireless then just click on the icon and choose disconnect.

i feel so dumb

Quote

09-14-2007 , 06:31 AM

#32

Janis N.

grinder

Join Date: Jul 2007 Posts: 539

Quote:

i bet it was tuff_fish trying to [censored] up our HUDs

I think he would probably try to hack PaHud instead.

Yeah, but would he make a video of his unsuccessful attempts?

Quote

09-14-2007 , 06:39 AM

#33

ptrack pat

grinder

Join Date: Jan 2003 Posts: 482

Yes, that's correct all PT does it tell you a new update is available. You still have to go and download/install it and at that your AV software should be checking the downloaded file, if not you can do it manually.

It's not going to tell you anything now because the entire site is down.

And yes, this is really Pat.

Quote

09-14-2007 , 06:39 AM

#34

antisocialgrace

banned

Join Date: Mar 2007 Posts: 598

Quote:

errr...

What do I do? AVG doesn't want to heal it.

anyone else get this?

Quote

09-14-2007 , 07:20 AM

#35

doublec

journeyman

Join Date: May 2007 Posts: 315

Regarding the virus screenshot, there seem to be 3 variants of it. These pages give more information and/or explain how to get rid of it:

Trojan-Downloader.JS.Psyme.gy
Trojan-Downloader.JS.Psyme.am
Trojan-Downloader.JS.Psyme.bs

The warning from the virus detection program is only about a web page containing the Javascript for the virus. That Javascript tries to exploit a flaw in Internet Explorer. If that exploit worked then the virus detector would have picked up the trojan that it tried to install. Since it didn't you should be fine. Follow the directions in those web pages just in case though.

If you use Firefox, you'll have less problems, since most virus writers don't target it :-)

Quote

09-14-2007 , 09:23 AM

#36

fxwacgesvrhdtf

Guest

Posts: n/a

Quote:

Another question. Could whoever has hacked the site be harvesting IP addresses from those of us whose PT checks for updates to try to hack our machines at a later date?

You can disable the automatic update check in Help -> Check For New Version Preferences.

the problem is...to do that you have to start PT (which still is in autoupdate-mode ldo)

Umm, unplug your computer from the internet first? Think outside the box people!

Quote

09-14-2007 , 09:47 AM

#37

ptrack pat

grinder

Join Date: Jan 2003 Posts: 482

To keep PT from doing a version check you can also change the registry.

In HKEY_LOCAL_MACHINE\SOFTWARE\PTrack change CheckVer to a 0 instead of a 1 and then it won't check to see if there are updates.

Again, PT doesn't automatically download any updates, it just alerts you that they can be downloaded by you manually.

And also again, with the site down, it's just going to hang while checking unless you turn off the checking for updates.

Quote

09-14-2007 , 11:13 AM

#38

PartyScout

veteran

Join Date: Oct 2006 Posts: 2,764

Quote:

errr...

What do I do? AVG doesn't want to heal it.

Move to virus vault then remove it then run another scan to make sure it has not come back

Quote

09-14-2007 , 11:43 AM

#39

Unknown Soldier

Soulja Boy

Join Date: Sep 2006 Posts: 12,238

Quote:

Another question. Could whoever has hacked the site be harvesting IP addresses from those of us whose PT checks for updates to try to hack our machines at a later date?

im pretty clueless about this stuff. Is that possible?

Quote

09-14-2007 , 11:58 AM

#40

ispiked

old hand

Join Date: Dec 2006 Posts: 1,254

Quote:

Another question. Could whoever has hacked the site be harvesting IP addresses from those of us whose PT checks for updates to try to hack our machines at a later date?

im pretty clueless about this stuff. Is that possible?

That depends on a lot of things like whether or not this information was actually stored in a database (which is probably the case) and whether or not the hacker was able to obtain access to said database.

PT Pat would probably be able to answer this, though.

Quote

09-14-2007 , 12:12 PM

#41

HermannTL

grinder

Join Date: Sep 2007 Posts: 511

I picked up JS/Psyme when someone hacked the Low Limit Poker site, getting the same results from AVG. What I found was that deleting the temporary files got rid of the compomised files. Further scanning shows no infection.

Quote

09-14-2007 , 12:17 PM

#42

tehDiceman

veteran

Join Date: Oct 2006 Posts: 2,066

Quote:

errr...

What do I do? AVG doesn't want to heal it.

Move to virus vault then remove it then run another scan to make sure it has not come back

that is just a temporary internet file, you could clear the cache or just flat delete it. as long as it goes away, i'd call it nothing to worry about.

Quote

09-14-2007 , 12:19 PM

#43

ptrack pat

grinder

Join Date: Jan 2003 Posts: 482

Quote:

Another question. Could whoever has hacked the site be harvesting IP addresses from those of us whose PT checks for updates to try to hack our machines at a later date?

im pretty clueless about this stuff. Is that possible?

No user IP's are stored by PT anywhere. When PT checks for updates, all it does is checks the version number in PT with a version number that is just stored on an HTML page on my site. If the version numbers are different it just tells you there is an update available, that's it. It doesn't check IP's to make sure that people are valid users or anything like that.

Again, the site is down now because I have asked my hosting company to take it off line until the problem can be resolved.

Quote

09-14-2007 , 12:26 PM

#44

SplicesX

stranger

Join Date: Sep 2007 Posts: 2

pocker tracker owned 80/20

Quote

09-14-2007 , 12:36 PM

#45

fozzy71

Carpal \'Tunnel

Join Date: Mar 2007 Posts: 38,201

Quote:

pocker tracker owned 80/20

SplicesX
stranger

Reged: 09/14/07
Posts: 1

U registered just to say that?

Worst Lurker post ever?

Quote

09-14-2007 , 12:49 PM

#46

SplicesX

stranger

Join Date: Sep 2007 Posts: 2

Quote:

pocker tracker owned 80/20

SplicesX
stranger

Reged: 09/14/07
Posts: 1

U registered just to say that?

Worst Lurker post ever?

im not a lurker! i'm Splices!

Quote:

Pokerroom's chat was hacked twice this weekend. It was only viewable to those with the download client, but a player clearly not seated on the tables was spamming the chatbox. PR has no observer chat. As the de facto head of the Kick PR's Ass Movement over there, the Saturday chat hacker contacted me via PM. I had no idea who this guy was or what he could do when he requested my email addy to send me 'screenshots of collusion.' I never received them. He calls himself proX(tm), and claimed to be a friend of the so-called 'splices,' the hacker behind the securident site. He also showed me the lobby he created, and it was the real deal. Most insidious thing about the lobby he showed me was that it logged you into an account supposedly banned for life. He clearly demonstrated the vulnerability of PR's source code. While his effect on the games was purely psychological, I for one am of the opinion that it's only a matter of time before the two of them or someone else takes it to the next level.

The posting of personal information was the result of 'social engineering' pulled off by these same two people if their claim of "ownership" of the TotalBluff site on its emptied homepage was any indication of who did it. Reportedly, one or both of them swindled the provider into believing they were OwlLawyer, or some other TB admin and persuaded them to give them the Admin Passwords through the provision of some kind of information they should not have had. According to the grapevine, the pair wiped their server and then posted the content of TB Private Messages in Pokah containing phone numbers, passwords, flimsy accusations of collusion (one email was an offer of staking), and otherwise private personal conversations released for no other reason than individual humiliation. This was a Federal offense whoever did this, involving wire fraud and credit card fraud, and the FBI, reportedly, is investigating ProX(tm) and splices.

What I found most disgusting, excluding the pure maliciousness of the TB attack, was PR's complete inability to delete those posts on the spot. How the most BASIC of security measures, the removal of publicly posted private information, could not be affected by SOMEONE in their organization is unforgivable. Getting hacked is one thing. Getting used is another.

TOD THE MOD

Someone took the Java client and ran it through a decompiler. Now, this is not something that is difficult to do, and what you get out is a source code that will create the bytecode of the Java client, but in a pretty garbled state (depending on how intelligent the decompiler is). Doing this is against our Terms of Service, but it isn't something that we in any way can do anything about - you can run any program, Java or Windows binary through a decompiler and get something out from it.

The person then managed (which is quite impressive, I must admit) to figure out what certain parts of the source code would do - basically he figured out the structure of the program, to some extent.

The third stage of what he did was to alter the code in some ways (specifically regarding to the chat functionallity). Now, the chat functions are in now way connected to the actual game play. The game play is controlled by the game servers - they deal the cards, enforce the rules, awards the pots etc. There is a big transaction system in the back end that makes sure that all bets are accounted for, all game actions valid and so on. The chat is different - it doesn't run through all the checks and balances that the actual playing of the game does. Because of this, the "hacker" managed to send incorrect chat information. Now, this is of course not good, and it has forced us to take a new look on how we handle chat on the server level. But also, there has been no breach of security when it comes to the game play.

The changes made to the client included a few other things - it was based on the Java client for one of the other operators in the Network, but identified itself as a PokerRoom.com client. The clients for different operators are almost identical - only graphical elements are changed, so what was done was something roughly equal to a "modding" of the client, in that it became a PokerRoom.com client with a different set of graphics.

The fact that he used the "hacked" client to log in with a blocked account is also something that we're now looking into. Normally when you log in with a blocked account an error code is sent back to the client and that is then handled by the client. He by-passed this error code handling routine, and because of this was able to log in any way. This is probably the most serious part of the "hack", but still, it doesn't put anyone elses account at risk.

The second issue that has been brought up here was very nicely explained by djdaddio, and we, together with TotalBluff, are looking into that incident as well. I fully understand his frustration with the fact that personal information was posted in Pokah and not deleted for several hours - it was poor performance on our part, no doubt about that. The reason for it is quite simple though, and probably something the "hacker" counted on - the posts were made on Good Friday, at a time where the Support and Pokah staffing is on a natural low. Because of this it took too long for us to become aware of the posts, and hence remove them. For that we're very sorry.

Todd

Quote

09-14-2007 , 12:50 PM

#47

Unknown Soldier

Soulja Boy

Join Date: Sep 2006 Posts: 12,238

pt_pat:

thanks for the info, hope you can get all this sorted soon. Good luck!

Quote

09-14-2007 , 01:03 PM

#48

blackize

Carpal \'Tunnel

Join Date: Mar 2005 Posts: 10,520

Quote:

Ok I realize this much, but I guess what I should ask is this.

I assume your server or host maintains a record of the IP addresses that connect to your site. Is it possible that the hacker gained access to server side records of these connections?

Quote

09-14-2007 , 01:22 PM

#49

davidlong14

grinder

Join Date: May 2007 Posts: 577

good luck

Quote

09-14-2007 , 01:39 PM

#50

Ehrie

stranger

Join Date: Mar 2007 Posts: 4

I´m not sure if I downloaded an update the last two days.
Can you tell me if the this update changes the pt version number?
And if it does can you please tell me if the version 2.16.03d is clean?

Quote

Page 2 of 4

First

1 2 3 4

Last

Post Reply Subscribe

...

Page 2 of 4

First

1 2 3 4

Last