(DM) Thomas & Jake AR
RocketChat ID: 6AZpoAX3J8Pbm3aNrn8Hnfj4Hze86xAjyf
94 total messages. Viewing 100 per page.
Page 1/1
This is a scripted message. An important announcement has just been posted in the #announcements channel. Please review it in detail and follow the instructions given. If we have not conversed recently (or since the last scripted message), give me an update on your organizing and any questions or matters I can assist with. Thank you.
This is a scripted message. Please make sure to review the recent announcement. Thank you.
Hey Thomas
Who all has had RC Admin access
I found something weird
Did you ever direct anyone to create something that sent attempted login credentials into RC to an email?
@Vincent TX and @Michael TX
You mean if someone attempts to change their name it send me an email? That was done recently as a security thing. Like screenshots.
I found a script that sent username and passwords to an email
when they logged in
What's the email?
[email protected] maybe
but it was also hidden, so we could not see it in the admin settings
so whoever did it also hid the field
this is really bad
@Vincent TX is Vincent.
@Jason NY is Jason.
Both are trusted. Vince just lived at my house for a month.
All this means is it was meant to not send their passwords
but why would this even exist
I don't know exactly what it does.
and vincent is only other admin, so maybe he did it on his own without your permission and then hid it?
it sends an email that looks like "PF-3320 MYPASSWORD"
I have never sent or received anything from that email.
For who? Everyone but those two?
yes
and you
I'm going to call Vincent and check with him.
i need to cahnge my password since I am an admin and if mine gets leaked we are screwed
Can you turn it off?
What is that formspree.io link in the code?
that is what the data is sent to and from their it sends the email
a place to save forms
Vincent said he does not know who made it.
I still cant find it, I only found it on the test server
I think they have hid it but on the test server it appeared
I will find it
john wa was also on that list of people to not send password for
which is random
Where was this script located?
Who all did the script say to not send PW's for?
in the custom script settings in the administrator area, but it was hidden so I never saw it, but you'd have to be an admin
Vincent, Jason, you, John WA
Strange. Must be recent. To do with the investigation.
let me ask jason about it
anyone with access to the RC server could have made those changes, not just an admin
But even if so, why would they need the passwords?
Seems nefarious and something that definitely should have gotten your approval
and whoever did it new it was wrong and hid it
On the line with Jason right now.
So it wasn't done by an admin?
it coudl have been, but it could have been done by anyone who has server accevss and is smart
How long has Jason and vincnet and john been in org
Created at
August 12, 2020 2:36 PM
that would put a bound no when it ws added
Created at
July 26, 2020 11:49 PM
so whoever added it had access after july 26 2020
when did paul leave?
I don't recall exactly. Maybe a month or two after January of this year.
so this could be paul leftover stuff
paul would have added my name
Correct.
its like whoever added it new those people were on tech team
but me and matthew and benjamin not so much
Vincent has only been involved in tech stuff recently. Last couple months.
really...
Yes. Only actively.
jason knows nothing?
He knows nothing of it.
Is looking into the email and the formspree.
"_updatedAt" : ISODate(""2021-12-15T05:11:40.678Z""),
someone messed with it real recent
Is that an IP?
no someone deleted the script
Someone deleted the script on this server?
but the snapshot you took kept it
yea like they knew we were gonna find it
jesus its someone in tech
i mean it seems like it could be....
Well, we did, so now we figure it out.
dont tell anyone yet
Vincent and Jason already know about the script.
tell jason and vincent to not tell anyone
I am changing keys on server to lock everyone else out
itll be just me for abit
Why did Matthew leave tech?
suspicious timing
Give me whatever I may need as well, just in case.
And yes.
sure
He was having vague concerns and worries. Usual stuff.
we dont want anyone gettinga hint we are on to them and wrecking the server
okay
Paul CA knows already. He is the last one.
Join the TG group call if you can.
94 total messages. Viewing 100 per page.
Page 1/1