MSN Home  |  My MSN  |  Hotmail
Sign in to Windows Live ID Web Search:   
go to MSNGroups 
Free Forum Hosting
 
Important Announcement Important Announcement
The MSN Groups service will close in February 2009. You can move your group to Multiply, MSN’s partner for online groups. Learn More
Madeleine McCannContains "mature" content, but not necessarily adult.[email protected] 
  
What's New
  
  WELCOME  
  LATEST NEWS  
  PJ FINAL REPORT  
  Member Messages  
  ►►SITE MENU◄◄  
  ►► MESSAGES �?/A>  
  All Messages  
  General  
  Messages For Maddie  
  Madeleine  
  Off Topic  
  Breaking News  
  Pet Memorials  
  MEMBER WELCOME  
  MEET THE MANAGER  
  ►►SUMMARIES◄◄  
  ►►�?MEDIA ◄◄�?/A>  
  NEWSPAPERS  
  Telegraph  
  Newspaper Thread  
  MAY Reports  
  JUNE Reports  
  SUN BOARD  
  TIMES BOARD  
  Daily Mail  
  MIRROR BOARD  
  GUARDIAN BOARD  
  Deleted EXPRESS  
  News Archives  
  News Articles  
  TV Program Links  
  Transcripts  
  TV News  
  Video Links  
  JOURNALISM  
  News Sniffer  
  ►INVESTIGATION�?/A>  
  Interviews  
  Suspicious  
  Re-enactment  
  Subliminal & Propaganda  
  Contrived Abduction  
  Facts  
  'Evidence'  
  Libel Threats  
  Lies  
  Quotes  
  Theories  
  Forged Photos?  
  McCann Travels  
  Timelines  
  FUND INFO  
  Fund  
  FUND INCOME / EXPENSES  
  Fund Compilation  
  FUNDRAISING  
  Fund 'Sources'  
  ►►►PEOPLE◄◄�?/A>  
  Kate McCann  
  Key People  
  Clarence Mitchel  
  Government  
  Brian Kennedy  
  Jon Corner  
  Metodo 3  
  Photofit  
  People MISC  
  Witnesses  
  Family  
  Unknown People  
  Esther McVey  
  Pol. Judiciaria  
  Tapas 7  
  Backers  
  ►►►► INFO◄◄�?/A>  
  Weather  
  The Law  
  Beachy  
  thentherewere4  
  Beachy Posts  
  AMBER ALERT  
  Information  
  M & E Children  
  Statistics  
  HUMAN BEHAVIOUR  
  Body Language  
  ►► CHAT ROOM�?/A>  
  Chat User Guide  
  ►► OPINIONS◄◄  
  Coldwater  
  HiDeHo  
  Jon Gaunt  
  Comments to Note  
  Gerry's Blog  
  Personal Attack  
  Misc Blogs  
  bb2002  
  Tabs poem  
  ►►WEBSITES◄◄  
  mccannfiles.com  
  Website Links  
  ►►PICTURES◄◄  
  Pictures  
  Manager Graphics  
  Pics fo Posting  
  Photo Curiosity  
  Backgrounds  
  ►►FORUMS◄◄  
  Digital Spy  
  Websleuths  
  THE 3 ARGUIDOS  
  3A Thread Lists  
  3A at Brussels Conference  
  3A Smiles  
  3A Ref. Threads  
  3A Distributions  
  3A Leaflets  
  MIRROR FORUM  
  M F Threads  
  Memorable Posts  
  Great Posts  
  Lost Pages  
  ►E-MAIL ADDYS�?/A>  
  ►►COMPUTER ◄◄  
  COMPUTER HELP  
  Computer Tips  
  HOW TO TIPS FOR 3A  
  3A How To Post  
  Avatars  
  ►►�?GAMES◄◄�?/A>  
  Brain Teasers  
  Time Wasters  
  Interesting Fact  
  Funnies  
  Points To Ponder  
  Nostalgia  
  Amateur Sleuth  
  For Skeptics  
  Estelle's Posts  
  Search  
  Priest  
  Remember Madeleine  
  Songs & Lyrics  
  'Source' Info  
  British Police  
  Sheree Dodds  
  PR & Spin  
  Trial  
  Your Web Page  
  3A Here To Stay  
  Documentaries  
  Diary  
  TEAM McCANN  
  Mgzne Interviews  
  TV INTERVIEWS  
  Robert Murat  
  Oprah  
  AMARAL'S BOOK  
  Fridge  
  McCanns History  
  McCann 'Defence'  
  Martin Brunt  
  Statements  
  Apologies  
  Investigate Fund  
  Statement Tables  
  MISC Web Pages  
  Millenium /Tapas  
  
  
  Tools  
 
General : This is what's happening! Stop the speculation.
Choose another message board		 View All Messages
  Prev Message  Next Message       
Reply
 Message 1 of 1 in Discussion 
From: MSN Nicknametin-lizzy  (Original Message)Sent: 6/2/2008 3:37 PM
From Justice 4 Madeleine forum

This is what's happening! Stop the speculation.

by BeoWulf on Mon Jun 02, 2008 7:42 am

Hello all!

I'm seeing to much talk and people confused with all the disruption that is being made by evil ppl taking advantage of the situation, and also people saying this and that without knowing the facts and with hands of the situation.
As i posted before in the 3A forum, I was contacted last Friday and i toke control of the server trying to protect the forum from threats of people willing to shout it down.
Since then, lots of things have happened. This is is a brief description, and may help you understanding what happened. But be wise and don't say things like "i would set another server up and restore a backup in 30 mins", or "PHPbb can be easily restored" , or this or that. I'm not perfect but I know very well what i'm doing and i wish most of the problems i have solved in servers until today were critical like this one. Remember there's things like budgets, actions depending on third parties, time, availability, etc...

I'll tell the story by topics, but remember, i'm not giving all details, no time for that. I could also avoid pointing my finger at nbrado which i never had nothing against him, however some of his action were disgusting, including the will to bring the forum down, but if not with respect to others, at least with respect for Madeleine that we seek justice for.
Here it goes, read slow and carefully:

- Yesterday was everything under control apart from the discussions between some ppl that i didn't want to be part of.

- First i did all the basic things like knowing the server OS structure, did some basic security checkings, including passwords change, etc.

- I also checked and scanned for rootkits, backdoors and trojans that nbrado was widely advertising he planted in the server but i couldn't find nothing to worry about. However there are some rootkits extremely hard to find and fix, but i could see by the way that the server was managed that nbrado's knowledge was not that high to plant a good one. He never did an ssh access, and even Cpanel and WHM that makes things easier were really messed up. So... shouldn't i question his knowledge?

- I also managed the IP tables to restrict multiple login attempts through ssh to avoid brute force attacks, installed apache mod_security, checked all logs for suspicious accesses, and checked all the running services confs. Everything got under control, server up, forum running, everybody happy.

- By the end of the day, i logged in to install a shell script to notify me through sms if there was any successful root loguin. As an habit i typed the "w" command and saw that there was somebody else logged in as root. That couldn't be the Data center staff because i changed the password and i only gave it to bjr that told me that she didnt give it to anybody else. Quickly saved the IP address which was from a ADSL connection in Romenia that i reported and holding for more info. Also checked what he was doing and i was running a script. Killed its processes and looked for the script but believe it was deleted during the execution.

- Checked the logs, and i could see that is access was made with only 1 attempt, that leads to only one conclusion: The person logged in had the root password. But how if i have changed it? What happened was that somebody might got the root password when i gave it to bjr through MSN (maybe she has a spyware or a trojan), and I'm not 100% sure but i believe i sent her an email with the password as well and maybe somebody has access to her email without her knowing of it, and she migh shared her email with nbrado when dealing with things related to forum and server. I could have predicted that and ask her to change her passwords, but it was already late when i thought about that. And i questioned my self if this attacker wasn't a hacker hired by nbrado to commit the threats he was advertising? How many chances it could be somebody else that got the root pass and decided to do something?

- After everything i said above, i did again an intensive check, and everything was normal, i did also backup of the forum, and after a few minutes the server was shut down. after 5 minutes was not accessible yet, 10 minutes... and when i was about to contact the datacenter, bjr told me about the incident there, the explosion in the power transformers that affected us too. I waited... and latter i could ping the IP. However i was not able to access the server through any service.

- Since i have no physical access to the server, and no KVM over IP, i had to contact the tech support on the server provider to reboot and monitor the boot up of the server. i was more then 6 hours waiting for updates, chatting with the tech support, and finally i got a reply from a level2 tech that told me the boot was giving errors that made me reach the conclusion that the core system was damaged.

- Asked them to reload the OS, and asked bjr to give me a call in case we receive any email from the tech support saying that the OS was already installed, and I went to sleep at 5am. At 10:20 i was called and informed that the tech support sent an email saying that the server would be up in about 1hour. Woke up again 2 hours latter and the server was still down and no emails from the tech support. Contacted them through the live chat, but they didn't want to transfer to level 2 or 3 since they were too busy with the fire incident.

- Minutes latter a mod said on MSN chat that the forum was up. Strange, i didn't get any email saying that the server was ready, and i didn't even ask to restore any backup not even Cpanel and WHM but just a fresh OS, so how come the forum was up?? They restored a backup quite old, and with nbrado as forum admin, and with all the old passwords (not including root). And the worst, i haven't receive yet the new root password from the tech support. I called the host provider, did a live chat with them a couple times, everything, but they were only doing things through a queue of email due the high work load. It took 2 hours for them to send me the new password which should have been sent immediately after the new OS install, and during this time that was when the forum was up with nbrado as admin due the old backup, he deleted bjr admin permissions in the forum and had his short moment of glory.

- When i got the root password i shut down the httpd service to stop the forum, and replaced the index page with the message that many of you have noticed. Since i was busy with other things I stopped also the FTP service to change or delete the FTP accounts latter. However i didn't stop the service "chkservd" which is a CPanel demon that starts certain services that are stopped, i forgot that because i'm not used to work with CPanel, and it started the FTP service again, and that was when he accessed to the main page and disrrupted the message i left there. Some people came up saying it could be somebody else, but i have logs of everything and IP reported to ISPs for further info.

- I could have the forum on-line already, but there's a few things i prefer to do first, and we also agreed it would be better to activate it when the mods are available to control the trolls invasion.

I'm a person sometimes with a short temper whens stressed out, but i always try to solve the things in a pacific way, we can show our intelligence as humans when solving social problems in a civilized and polite manner, never recurring to violence. But sometimes some people chose the violence showing their short distance from their human's animal origin.
I believe nbrado could show more credibility and support if he didn't behave and showed other attitude. But no matter what his reasons, it doesn't justify most of his actions.
I'm still waiting for him to stop calling us thief and come upfront and tell me what software he coded and installed in the server. I'll be more then happy to remove his work that he doesn't want to share. However i couldn't find any software developed by him in the server, and since he doesn't say what it is, I assume he's lying. To be honest i have serious doubts he ever coded any software, and judging by his behavior i believe deeply inside he has a infriority complex that he's trying to overpass talking nonsense IT things to people that doesn't understand it to make himself feel like he's something. Why he doesn't talk to me about it?
My advice for him is to stop the all his circus, take a rest and relax. He has gone too far and have made enough to get himself in trouble. Don't make the snow ball get bigger.

About the forum, as you can see this is a run against time and circumstances, and i'm doing all i can when I'm already a busy person. Speculation does nothing more then making me lose more time to come here and explain the things, I like to explain but time is not something the i can stop through a computer's command line.

I'll not give up no matter what happens, and I'm doing it so we can get our forum back and seek justice for Madeleine.

Cheers.

Filipe

(no... i dont fear giving out my name, you don't need to expose it in blogs nbrado. Remember i even have a picture of my face as my avatar in the forum. What else you wanna know about me so you can post somewhere and say you know it because you are a computers hacker?)