How safe is this site for me / you ?

[Smeg]

hi all .
first of im not an internet whiz kid but im no dummy either
i don't live in Canada , or any other place where its legal to grow.
Ive never used this nickname anywhere else and i don't think you guys can find out my email address.

SO ...that leaves IP address ( i think) could i be traced from the posts ive made, photo's ive uploaded ? how easy would that be ?

i was goona upland my ful gorw pic's......My SOG , but i start to think about this ....get stoned and decide not too

so .... what's the chances of the "old bill" tracking me down

Mod * wasn't sure where to post this ... please move it the right section if its wrong *

 

[Mutt]

Server is in amsterdam Can't investigate without a major ordeal with amsterdam working with DEA. Comm ops is what they are really after. 25 plant grow isn't squat to LEO. they look for the 500 plant+. just don't post any incriminating things about yourself is all. Don't make it easy to find ya. I've been growing and posting for yrs. I just keep my self with my homegrown don't deal it and i do my own thing.

 

[iClown]

Yeah I was going to say what mutt said, noones going to put that much effort into taking down your grow, thats more for drug lords. Besides we're slowly over growing the government soon there will be too many plants to track.

 

[Alistair]

Yeah, all of the above. I was having this conversation the other day with a friend of mine and he basically said the same thing. He also pointed out that there are sites such as My Space where all kinds of people post pics of their plants. There are all kinds of people posting pics of their plants etc, way too many to keep track of.

It is possible to track the IP address, though, and if you're really concerned, then use a proxy server. A proxy server makes even harder to track you.

 

[Smeg]

thanx for the reply's guys
still not sure what to do ......but i will set up a proxy
good point about "my space".........loads of stuff on there..hmmmm

 

[BUDISGUD]

even having a proxy address they can trace you if they so wish,anything on the net can be traced no matter what you do too hide.
but as the guys above said,we are all small fry they dont want people like us that grow for themselves,they want big operations,i would get a £150 fine for what i am growing so do you think they would spend thousands trying too find me....i doubt that very much lol

 

[Mutt]

I think anyone would be insane to post MJ pics on stuff like myspace and facebook. Plus its html based and easy to hack. This is not html, VB is much more secure. They "could" track your IP if they had access, but that is set to admin priveleges. but even IP wouldn't be a good way to track ya down. It only goes to the ISP, and a warrant is required for them to cooperate.
Post pics or don't but this site is safe.

 

[Tater]

even having a proxy address they can trace you if they so wish,anything on the net can be traced no matter what you do too hide.

Its obvious you have no idea what you are talking about. So if I socks proxied through say 4 home machines all in different parts of the country and each machine had logging disabled you still think they could trace me? What if I was using the TOR network. Or how about an ssl encrypted (not using ssl 2.0 the hash colidable md5 encryption method but ssl 3.0 which relies on the as of yet unbreakable SHA-1 encryption) tunnel through a true anonymous proxy (one that doesn't do xforwardedfor headers and all the other info leaking header which I'm sure you must know all about) to a computer connected to the tor network? Think you can trace that? Now add to all that that most IP's are given out on whats known as a lease which expires. When this lease is up you are issued a new ip, or the same one. Oh yeah and IP's only prove where the traffic came from not who was at the keyboard.

The only people on the net that get caught are big mouths and dummies.

 

[Tater]

This is not html, VB is much more secure.

lol what?

vBulletin has TONS of exploits. How much you want to bet I could be running code on this server before the end of the day? I won't but I could, you are running a insecure version number as we speak. Took me all of 30 seconds and I've found 2 remote sql injection vulnerabilities plus a remote command execution vulnerability. Not only that but your arcade is subject to tampering as well with nothing more than a single browser line I can give myself a high score in any game. I got the ski jump high score when I was playing around. Haven't done anymore since then and the drunk driver was earned lol.

Edit
Don't expect the site to protect you is all I'm saying. Protect yourself by not being dumb and posting info that could lead to you.

Edit
Link removed to exploits, anyone in the know can find these and they are just down right dangerous in inexperienced hands.

 

[curiouscat420]

i felt the same way... so i just ripped off a disclaimer and put it in my signature... that way if they try to nail you with something, that disclaimer disses their claim!

 

[HippyInEngland]

There is no security that leaves you totally secure.

That said.

Do you think anyone is going to spend many man hours plus a great deal of money trying to nab a small grower?

The fine I would get is less than driving a car with no MOT ..... spend thousands for a gain of £200?

It wont happen

 

[HippyInEngland]

vBulletin has TONS of exploits.

This is correct, I know this as fact.

 

[Mutt]

The newer VB code is much more secure than HTML. HTML is crap. Most of those VB exploits are when html is enabled. Nothing is 100% secure. but HTML is crap IMO. I didn't say VB is secure....just more secure than html. My 6yr old kid could prolly hack a myspace account
Tater, yes, this particular version is old. Its not "my" version. I'm not the webmaster. But why are you going through our vunerbilities anyway? Tater not picking a fight here, arcade is an add-on and typically made by some schmoe for a vb add-on. Not part of there package in this version. But still why are you attempting to hack the site in the first place?
We have post after post stickied on how to protect yorself here. The question was LEO. they have guidelines for obtaining evidence.
If some a$$hole wants to toy around and hack, more than likely not a threat...just an a$$hole. just my 2:bits
But what your doing right now is possibly cuasing panic. I know what your doing, but most of the peeps are asking...are we safe from the server getting confiscated. No but would be a hard road for LEO to get it. To hack it, they couldn't use it in evidence. and for a 10 plant grow they aren't gonna bother.

The question is:
how safe is the site....safe unless you post up info about yourself. period. and it is safer than others that there server is in the US.
now you want to get into hacking, nothing is safe. but that wasn't the question. Secure as in without LEO breaking many privacy laws, they can't just walk up into the site and get any info they want. but if some dude sittin in front of his computer bored 24hrs a day. then nothing on the internet is safe.

Vbulletin has tons of exploits. Yes this site needs upgrading (but server company doesn't support the newer version), couple of other things need done too. but please tater, quit messing with it...just get with marpassion if you want to hack the site. I'm sure he'll appreciate it.

(BTW...look at a windows OS update....talk about vulnerabilities ) So moot point on your attempting to hack this site.
Site rules:
13. You will not attempt to access any protected sections of Marijuana Passion website or Forums, nor make use of any hacks, cracks, bug exploits, etc. to bypass or modify the features of the forum software at any Marijuana Passion website.

 

[Tater]

Mutt I haven't even tried to hack the site. I simply looked at the version number and did some googling. I'm sure if I had the drive and desire to do so I could find some new vulnerabilities in it. As for why, penetration testing is a hobby of mine but I stick to my own network. I'm not trying to create panic just pointing out the truth. This site IS NOT SAFE period, so do not post personal info. Don't post anything about where you live, who you are, what tattoo's you have, that you live 2 blocks from some dummy that just got busted in the news section. NOTHING. No aim handles, msn nicks, email addresses. Don't hand your real name or address to ANYONE not even in a PM. Hell even if a MOD ask's you tell them to stfu.

Mutt: full disclosure is the ONLY way to achieve security, not acknowledging security holes and hopeing they don't lead to trouble is not a very sound approach to site security. What's up with the language? Its ok for mods to bypass the filter but not us regulars? Sure hope that wasn't aimed at me, and I realize the arcade is an add on. Its also insecure. I didn't hack it all I did was fuzz the information sent back. And you are wrong on the whole HTML thing as well. True there used to be lots of HTML hacks for vbulletin but nowadays SQL injection is the new hotness. Haven't seen an html handler hack in a long time.

As far as causing panic goes, thats not my problem. Sheep panic if you make loud noises. The educated find solutions rather than panic. You want to see people panic look around the trailer parks around 6pm after fox news lol. Panic is not my goal, awareness is. Close your eyes if you like but the problem won't go away.

Also I know the site dosen't belong to you, but its easier to address someone rather than no one otherwise people might think me a bit crazy in the head.

 

[Mutt]

Yeah i used one bad word (after editting 2000 posts over the yrs...i figured calling a hacker what a hacker is ok).
I did get mad you trying to meddle around. Site has enough quirks.

but its easier to address someone rather than no one otherwise people might think me a bit crazy in the head.

If you want to be helpful, private message "MarPassion" the owner/webmaster. Just posting it up like this....not a great way to get positive feedback.

 

[Mutt]

Sorry I went off tater. Last time someone poste up a bunch of stuff like that...had large # of requests for account deletion...even tho it wasn't needed. Just people that don't understand and are too paranoid.

There is 1 major thing that people do that they need to be aware of.
EMAIL ADDRESSES. I don't know how many times people register with an email, IM nick that is linked to them, myspace, face book, and even there work email Which does make it obvious that the staff here is cool and not undercover or something. I mean I have plugged in an email once and had pics of there family, parents, home, everything right there.

Seen em with there full name in em too.
Set up a junk email account like hushmail or something with no link to you or your real life. This is prolly the #1 overlooked thing.
You can change your email in your usercp with a junk one. It has to be valid (junk account means nothing about you or yourself attached to it)

Thanks tater, I know your intentions are good.
Just you have no idea what kind of work load happens to us when a post about hacking the site comes up.

 

[Tater]

I'm only posting to express my sympathies with the staff. The intention of my post was never to cause any of you more headaches than required lol. At the same time though not addressing the issue hasn't gotten us or the forum anywhere or any safer. So yeah I guess I'm kinda publicly calling out MarP, why the lack of concern for a site that is loved by so many? We all get busy with life but that isn't an excuse to not protect the site and its members. Because lets face it, some people in this world aren't as kind souled as the rest of us and would gladly shred a site apart just because they can. It would just be a shame to lose such a great community is all and until the issue is addressed the entire site is at risk.

Now with that said let me calm the bleating in the herd as I can hear it already.

IF YOU DO NOT POST PERSONAL INFORMATION ABOUT YOURSELF YOUR RISK OF BEING CAUGHT IS NEXT TO 0

Don't PM the staff with your crys of wolf, don't go and delete your accounts (unless you posted information that could lead back to you) and for the love of god shut off the brainwash box in your living room and maybe do a bit of reading on the subject. You know, educate yourself because no one else can do it for you.

If there are ramifications to this post I accept them with open arms. I have done nothing wrong.

PS: Not all hackers are bad guys. Hacker is a term used to define someone who likes to make things operate outside of there intended design. All the people in the DIY section are hackers of one sort or another. In the tech world there are good guys and bad guys just like in the real world. This one happens to be a good guy.

 

[TheEnhancementSmoker]

Best chance of getting busted from this site is if LEO subpoenas your ISP records.

 

[Tater]

Wrong again. All that would prove is that someone used a computer connected to your network to access this site. Thats all. In order for them to subpoena an isp for your usage records you would already need to be under investigation. So once again you best chance of getting busted is by running your mouth.

Consider how many home wireless networks are unsecured. I can connect to three of them in my living room at this very moment. So anyone could jump on your wireless connection and do anything. Food for thought.

 

[TheEnhancementSmoker]

I think anyone would be insane to post MJ pics on stuff like myspace and facebook. Plus its html based and easy to hack. This is not html, VB is much more secure. They &quot;could&quot; track your IP if they had access, but that is set to admin priveleges. but even IP wouldn't be a good way to track ya down. It only goes to the ISP, and a warrant is required for them to cooperate. </p>
Post pics or don't but this site is safe.

Not that it matters, but Myspace is CFML which is server-side executable code, just like here.