On Dec 18th and into the next morning, a user uploaded about 250 fake .PRK files in the THPSX database. The user also injected meta tag redirect code through the upload system which redirected park files, and the main Park/Skater link to pornographic websites. Once satisfied, the user uploaded a false .SKA file to the skater side.
I'll post the image at the end of this, but the first thing that we did after seeing what happened was locating the IP that was used to upload the files. We cross referenced that with accounts registered on the forum. I'm going to first point out the obvious by saying that the forums, and the skater/parks at the time were completely separate things, and that they did not have any correlation with each other. You previously did not need a forum account to upload files. Theoretically before yesterday, you could have been completely anonymous when uploading a .prk or .ska file.
So the only account that matched the IP address of the user who uploaded the files/redirect codes was Snipe's account. Over the course of conversation with Snipe on Skype he told me that this was not him, that it was not his IP, and that he was not on the site at that time because he had work at 4:30 the next morning. He deleted the one post that tied the ip's together later that day.
The image pretty much shows everything. We see that under the OpenSpy Log Snipe's real IP is 190.84.34.31. The IP belongs to a region in Colombia which is where he's stationed, confirming it's his. The IP used to upload the files is 186.169.235.5. If you view the THPSX log, you can see Snipe was on with his real IP, and that he was on seconds before the uploads started happening.
On the bottom right is a conversation where Snipe says he wasn't even on when the uploads took place. He says he wasn't on "at whatever hour in the night", and then he corrects himself "or morning or afternoon" as if he made a mistake, as if he shouldn't know what time it happened. But to reiterate, he indeed was on exactly when this
started to happen, as the IP's show. Not just on around the same time, but when it started.
The access logs, or "THPSX logs" show both ip's are on a linux machine.
There's other circumstantial things that point to Snipe, but I'm pretty convinced with everything here. As a result of what happened, we didn't want Snipe logging into the IRC Peerchat server of OpenSpy where he would have administrative access over all users who connect to OpenSpy. Someone who purposely redirects users to pornographic websites obviously doesn't care for their online safety. I expressed to him that I would have no objection to him still being able to play THUGPro.
Snipe started flooding the THUGPro lobby with fake rooms a day later with anti-thpsx text as the host name. When I asked him about it on Skype he eventually blocked me.
So that's what happened. You'll start to see things returning back to normal. Sk8ace took down the skater/parks section 30 minutes after the last upload took place and has spent a lot of his time bringing it back and making it more secure. If you have any questions or anything feel free to post.
