AdminExtra still on TAZ servers

[Paul]

I thought this deserved its own thread :)

 

From the shoutbox

 

TAZ has the old AdminExtra still on its servers. With Briviums add-ons installed STILL. Hahahhaha. No wonder those dossier get hacked every two weeks.

And its still sending out emails. Holy shit... hahahhahaha

So they've continually lied to their members about not having Briviums addons on their servers anymore. Hahahhahah. Typical.

Why wouldn't Howard want AdminExtra removed? I'm sure the XF version of AdminExtra is missing a few security updates.

 

I made my reply before finding the thread on TAZ https://theadminzone.com/threads/remove-old-installs-from-public-view.140254/

 

This morning I got a lovely email from Taz saying my premium membership had expired................I havent had a premium for years and then realised the email was entitled "admin extra". Clicking the link nicely lead me to your pre-imported Admin Extra install which among all things has brivium addons installed.

 

...

 

I love this :joy:

 

Weird. I'm sure that was htaccess protected a little while ago.

 

Does Lisa have access to the TAZ server? How does she know what's in the htaccess file?

 

I highlighted the copyright by Brivium

 

[ATTACH=full]76._xfImport[/ATTACH]

@GTB wasted no time stealing the idea for a topic from the shoutbox here :rolleyes:

[Sheldon]

Yeah, I screened the post too. No lying from anyone.

 

[ATTACH]77._xfImport[/ATTACH]

Edited May 6, 2016 by SneakyDave

[Sheldon]

Edit by Dave: for size.

 

[ATTACH]78._xfImport[/ATTACH]

Edited May 6, 2016 by SneakyDave

[Sheldon]

And now....

 

[ATTACH]79._xfImport[/ATTACH]

 

Edit by Dave: for size.

Edited May 6, 2016 by SneakyDave

[Paul]

Maybe Lisa removed the wrong forum.

[Sheldon]

Man, talking about liars.

 

Howard, Morganna.... all them tools claiming everyone's data was safe, all the time still rolling a Brivium addon. Even saw Howard telling people it was best to have anything of Briviums of their server.

 

Hahahhahahaahhaha.

 

What kind of shit is this. Hahahaha.

 

Couldn't happen to better people or a better site.

 

#LIARS

[Edge]

Who is their server IT admin guy now a days.. is it still Matt Worthington (Matt W)?

[Paul]

It might be Lisa, TAZ is still down. #LostAdRevenue

[Sheldon]

Yeah, think so.

[Sheldon]

Morganna / Lee / Lisa is just as incompetent as Howard.

[Sheldon]

After being down, just checked. Still there, Brivium still installed. Hahaha.

 

 

[ATTACH]80._xfImport[/ATTACH]

Edit by Dave: for size.

Edited May 6, 2016 by SneakyDave

[Sheldon]

They've removed the link to the old install.

 

Here it is, just in case.

 

https://theadminzone.com/old_sites/adminextra/

[Paul]

Lisa is claiming that she doesn't have access to TAZ server now, lol. Someone took the site down with a bad gateway and it wasn't Howard or Matt.

 

@GTB will believe anything

[JustDoIt]

Rumor is @GTB hacked in using Brivium's backdoor, took the database and is going to load it into his forum, however he can't find the copy/paste key for mysql.

[SneakyDave]

This wasn't something that was missed with a server move was it? I don't think MattW has moved TAZ to new servers but I know that sometimes when I've done it in the past, I've missed an .htaccess file or two when moving sites.

 

But if I remember correctly, TAZ is running Nginx, it would ignore any .htaccess file. Maybe MattW didn't know about AdEx when TAZ moved to Nginx.

 

How many other sites still exist, maybe the old VB TAZ?

 

During the last breach, Howard said that only him and MattW had access to the server after that. I'd find the post on TAZ, but, yeah...

 

Exited to add that yes, TAZ is on Nginx now (see above screen grabs). .htaccess files would be ignored

Edited May 6, 2016 by SneakyDave

[SneakyDave]

Howie may not have wanted to remove that site because there are still Google links to it, and that brings in the MONIES! :p

[SneakyDave]

This post seems to indicate that Bittnull had access to the server too, in November 2014. Is that "Null"'s userid? I think that server access changed after the Brivium breach:

 

Members of forum copying database

[SneakyDave]

So, the fact that the Brivium copyright displays 2016 on TAZ's AdminExtra site, does that mean that Brivium is using a PHP date function to display that, or is it calling back to the Brivium server(s) to get that copyright info?

 

Technically, if it's the second case, then Brivium might only have the users, emails, passwords, and IP's of AdminExtra users, and those passwords were never reset during any of the mother board TAZ breaches.

[Sheldon]

Brivium has all info he needs. He's taken how much info from TAZ now?

 

Hahahahhaha.

 

Hahahahhaha.

 

Nice work tools.

[SneakyDave]

I'm not quite up to speed yet reading, but we don't even know if TAZ's unavailability was related to the AdminExtra revelation, right? It could be a completely separate issue.

[Sheldon]

Went down a few moments after the first post was made.

 

I think it was fueled by the fact they still (even now) STILL have Brivium software/ code on their server.

 

Hahahahahaha.

[SneakyDave]

I hope Brivium didn't steal any of those laugh riot TAZ memes, those are/were the best.

[Sheldon]

ROFL

[13511]

I haven't kept up with Brivium or any of his associated antics. Does anyone know if he's put his "call home" code back into any of his add-ons? I honestly can't believe folks still use anything from him. As soon as I heard about his "shenanigans" I removed any add-on and deleted the files as well as changing the DB password.

[SneakyDave]

I think Brivium has always had call home code in their addons, in the beginning it was just for license validation (allegedly), and then I think it started capturing more information.

 

I still have an old version of their Credits addon that has a call home function for license validation.

 

I'm not sure what Brivium addons that AdminExtra had installed, I suspect it was the Credits addon.