TheFanatic
Footballguy
So who is the D-Bag. Messing with a league like this should not go unpunished. I demand my right to mockery and derision!!!
Fantasy Football - Footballguys Forums
This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!
Security and MFL? (1 Viewer)
- Thread starter THE UNDERCOVER BROTHA
- Start date
TheFanatic
Footballguy
Sad but trueMisfitBlondes said:You get mocked plenty, let others have a turn.
I still say a public shaming is in order. BTW, this guy didn't name his team Peens, did he?
BeTheMatch
Footballguy
I'm the commish of two MFL leagues and in two others. So I just went to all four leagues and tested this out. What you're experiencing is not happening on any of my four leagues. The ******** that is saved in the password field is my password. And that doesn't change no matter which franchise (or commish) I select from the drop-down menu. So when I tried to log in with that saved password for any team but me, it says invalid password.
bonscott
Footballguy
Glad they are still working with you.To answer a couple questions:1) Easy enough to "brute force" passwords. You can easily setup a script to do a dictionary attack (and more sophisticated things) on someone's login and it will eventually break it. MFL doesn't lock an account after X number of bad password attempts (nor do most sites that I'm aware of) so he can just set that to run 24x7 until it breaks it. Thus I would encourage your owners to make up some pretty wacked out and long passwords which make it much harder to break.2) IP and email spoofing. Just a quick google or wiki search will give you information on that. Many freely available programs on the Internet can be used to do this and you don't even need to know anything about how to use it. Quite easy to do. What spoofing means is pretending to be something you're not. An IP address is like an Internet phone number and when you connect to the Internet your ISP gives you one. So let's say your IP address is 99.99.99.99 Well, MFL could then block that IP address from connecting to their servers. But all you have to do is run an IP spoofing program so that MFL's servers think your IP is actually 88.88.88.88 Thus they are no longer blocked. It's a game of cat and mouse. Plus at some point you'll end up blocking some poor slub who actually has one of the spoofed IP addresses.Pretty much the same with email spoofing. It's pretending and fooling email servers into thinking you have a different email address. Again, pretty trivial to do.Anyway, good luck!
Last edited by a moderator:
bonscott
Footballguy
Same here.Honestly the only way I can see this working is:1) The commish password just happens to be the same as yours2) The commish account logged in on that computer at some point and it left the cookie and/or the password was stored in FireFox (you can configure both FF and IE to store your passwords to sites).
THE UNDERCOVER BROTHA
Footballguy
MODS?
Why was my header changed?
Guy said himself he was hacking into my league with his emails to the league members.
I wasnt trying to BAD MOUTH MFL, just was backed into a corner and looking for help on this issue as I am about as NUTTY over FF and "my" leagues as any of you guys are about your leagues. Ive asked for help on numerous of support sites to which non of them have helped "fix" the issue.
So i dont "think" someone is hacking into the site, I "know", he took over a well known FBG'er team yesterday and locked him out and made post in the league using that guys team.
Anyway, its all water under the bridge if everything can be resolved.
Im doing everything they tell me so we can nip this in the bud.
Why was my header changed?
Guy said himself he was hacking into my league with his emails to the league members.
I wasnt trying to BAD MOUTH MFL, just was backed into a corner and looking for help on this issue as I am about as NUTTY over FF and "my" leagues as any of you guys are about your leagues. Ive asked for help on numerous of support sites to which non of them have helped "fix" the issue.
So i dont "think" someone is hacking into the site, I "know", he took over a well known FBG'er team yesterday and locked him out and made post in the league using that guys team.
Anyway, its all water under the bridge if everything can be resolved.
Im doing everything they tell me so we can nip this in the bud.
BeTheMatch
Footballguy
You're not allowed to be critical
I changed it because there is a huge difference between hacking and stealing a password. Until you know for sure, better to be safe when talking about it. Glad they're helping you there and glad we could help here. Hope it all works out great.J
B-Deep
Footballguy
wellnot of people/sites that have friends in high places:
THE UNDERCOVER BROTHA
Footballguy
Ok JoeThats fair. But i will keep this updated as ive done all that was asked of me on my end.
Not really. I've always tried to be cautious on things like this. J
B. Nugget
Footballguy
Joe, I understand your position on this, but just for reference, here is the message he posted yesterday after changing another members password to get into his account. That member of the league was locked out because he didn't have the new password when he tried to log in this morning..."Subject: Don't worry, no changes made Body:No damage done to the league, just looking for the rest of my $$ back if you would be so kind. Thanks."
Chicago Hooligan
Footballguy
If you told him you're "spreading the wealth" he'll probably get so mad that he dies.
fatness
Footballguy
This sounds like a rather generic response and sounds like blowing you off.
THE UNDERCOVER BROTHA
Footballguy
Not really. I've always tried to be cautious on things like this.
J
Joe,
I understand your position on this, but just for reference, here is the message he posted yesterday after changing another members password to get into his account. That member of the league was locked out because he didn't have the new password when he tried to log in this morning...
"Subject: Don't worry, no changes made
Body:No damage done to the league, just looking for the rest of my $$ back if you would be so kind. Thanks."
Weeks after we already resolved this situation with this guy. He comes back and does this for fun.
We had an agreement, he wanted out. After the tore up a team to shreds, i told him i would refund him for whatever i could get for the team as i didnt think its right for a new owner to take over a team and make crazy trades and draft picks and then want a full refund. I even voted to keep him in the league while most others wanted him out. I had thought he was funny....sorta like adding personality to a league in these boring FF days. Anyway, most of the league was tired of his sharades and emailed me personally about kicking him out of the league. Guys is a big problem starter. So i was able to only sell his team for half and "i" decided to refund him back that. Most of the league memeber didnt think he should get any refund. He himself even said to refund him the full ammout and he would send me back any money i was out on the team. I sent him the total fee i recieved for the team which was half payment. He hadnt spammed my email since those talks, although he had being going into all my leagues im in resending me my passwords and such. I just ignored him until yester when he took over a owners team and changed his email and started posting with that guys team. So i couldnt ignore the situation anymore. Thats the rundown on whole situation.
As for his FBG name (he talks about FBG btw....which is funny cause he is a member on here), I think FBG doesnt store OLD emails/pm's cause i cant find his PM where he asked me about joinging my league. Shouldnt be to hard to figure out though...We have his name and email address.
J
Joe,
I understand your position on this, but just for reference, here is the message he posted yesterday after changing another members password to get into his account. That member of the league was locked out because he didn't have the new password when he tried to log in this morning...
"Subject: Don't worry, no changes made
Body:No damage done to the league, just looking for the rest of my $$ back if you would be so kind. Thanks."
Weeks after we already resolved this situation with this guy. He comes back and does this for fun.
We had an agreement, he wanted out. After the tore up a team to shreds, i told him i would refund him for whatever i could get for the team as i didnt think its right for a new owner to take over a team and make crazy trades and draft picks and then want a full refund. I even voted to keep him in the league while most others wanted him out. I had thought he was funny....sorta like adding personality to a league in these boring FF days. Anyway, most of the league was tired of his sharades and emailed me personally about kicking him out of the league. Guys is a big problem starter. So i was able to only sell his team for half and "i" decided to refund him back that. Most of the league memeber didnt think he should get any refund. He himself even said to refund him the full ammout and he would send me back any money i was out on the team. I sent him the total fee i recieved for the team which was half payment. He hadnt spammed my email since those talks, although he had being going into all my leagues im in resending me my passwords and such. I just ignored him until yester when he took over a owners team and changed his email and started posting with that guys team. So i couldnt ignore the situation anymore. Thats the rundown on whole situation.
As for his FBG name (he talks about FBG btw....which is funny cause he is a member on here), I think FBG doesnt store OLD emails/pm's cause i cant find his PM where he asked me about joinging my league. Shouldnt be to hard to figure out though...We have his name and email address.
bonscott
Footballguy
I know it sucks, but if that's all he's looking for, his money back, then I'd probably cave and just refund his entry fee and then he'd be history and you don't need to worry about it anymore. Hopefully.EDIT: I see your other post. I guess maybe refund him all his money then if he's now looking for it. If you're lucky maybe that along with whatever MFL can do will be the end of it. Good luck.
Last edited by a moderator:
THE UNDERCOVER BROTHA
Footballguy
OK really...is this guy really this sick?
Someone is doing the SAME EXACT thing in the league the HACKER is in. (http://football16.myfantasyleague.com/2009/mb/topic_show.pl?bid=200943206&tid=1888094)
Looked he logged in as commish and made this threat/post to there league:
"Hello commissioner and members of the CFFL. Mr. Commish, are we having fun yet? Do i have your full attention yet? My friends call me Gremlin. You can call me Mr. Gremlin! Be thankful that i`m not totally heartless and allowed you to be aware of the chaos (ie. league being deleted). Now who am i and why am i causing you so much grief you might ask. I have been following your league since it`s begining and found it rather crappy the way you treated members last year and some this year also. So i decided to give a little taste of justice. I`m getting bored with you so i make you a proposition - i will leave you alone if you do 1 small favor for me. All i ask from you is to post a message on this message board saying 1 simple phrase and i will leave and never come back. Here is the phrase "Hello my name is David Gordon and i`m a tool"
That`s all it will take. Have a nice day and god bless
P.S. I liked the other password better and don`t delete this."
WOW, is this coincidence???? This guys is nutS!
Someone is doing the SAME EXACT thing in the league the HACKER is in. (http://football16.myfantasyleague.com/2009/mb/topic_show.pl?bid=200943206&tid=1888094)
Looked he logged in as commish and made this threat/post to there league:
"Hello commissioner and members of the CFFL. Mr. Commish, are we having fun yet? Do i have your full attention yet? My friends call me Gremlin. You can call me Mr. Gremlin! Be thankful that i`m not totally heartless and allowed you to be aware of the chaos (ie. league being deleted). Now who am i and why am i causing you so much grief you might ask. I have been following your league since it`s begining and found it rather crappy the way you treated members last year and some this year also. So i decided to give a little taste of justice. I`m getting bored with you so i make you a proposition - i will leave you alone if you do 1 small favor for me. All i ask from you is to post a message on this message board saying 1 simple phrase and i will leave and never come back. Here is the phrase "Hello my name is David Gordon and i`m a tool"
That`s all it will take. Have a nice day and god bless
P.S. I liked the other password better and don`t delete this."
WOW, is this coincidence???? This guys is nutS!
Last edited by a moderator:
fatness
Footballguy
I wouldn't advise that.
wolfie
Footballguy
Confused was he voted out first without any refund or did he ask out first.
Did you guys vote him out, after which he ask out and for his money back. Then you weren't going to give him his money back, so he attacks your league and messed up a teams roster, to get your attention, then you still only gave him 1/2 his money back, you say agreement, he just agreed to get some back.
If you guys voted him out of the league without refunding his full entry, shame on you. I would have been pissed if this is how it went down.
This is how i am reading it.
Could you give us the full story?
Motto of this story, don't piss off a guy, with excellent IT skills.
Did you guys vote him out, after which he ask out and for his money back. Then you weren't going to give him his money back, so he attacks your league and messed up a teams roster, to get your attention, then you still only gave him 1/2 his money back, you say agreement, he just agreed to get some back.
If you guys voted him out of the league without refunding his full entry, shame on you. I would have been pissed if this is how it went down.
This is how i am reading it.
Could you give us the full story?
Motto of this story, don't piss off a guy, with excellent IT skills.
stp-d
Footballguy
He announced publicly he was planning on bailing after the 2009 season after only joining in february. He had threatened another members family and made some other comments that weren't taken well by other league members. He traded away his team and drafted way out of the norm. A guy in a dynasty who is planning to leave when he just joined was not good for the leagues future or the team he took over. He was advised he will be reimbursed whatever his team would get after a few weeks on the "Looking for Leagues" section of FBG. It turns out the maximum we could get for the team was 1/2 of the league fees.
The Captain
Footballguy
Fixed.
I'm not saying I understand it....I'm just saying what happened.
Our Commish had never been on my computer before (he's in Kentucky, I'm in Minnesota, and we've never met in person)...and if he has my same password, I'll PayPal you $10. I don't see how either situation could be the case...so that's where I was as baffled as you were that I was suddenly, magically logged in as our Commish without even trying.I don't understand it...I just know what happened. Why it happened? 
If I knew, I'd post it in this thread post-haste so that MFL and/or other MFLers could hopefully prevent that type of situation from occurring...EVER!
switz
Footballguy
That's an oxymoron.
Instinctive
Footballguy
You do NOT want to go there here. Especially with the record of the last 6 months or so.Leave politics somewhere else, this kind of crap is what we need to keep out of the shark pool.
So has MFL said anything else back yet? Have they done any follow-ups? Have you done anything with messaging employers or DoJ or people this guy was connected to?
PatsWillWin
Footballguy
Ummm well I have my password saved in one of my MFL leagues...I just selected a totally random team from the drop down and it let me log in. 
So you're saying my crazy is contagious?!JetsWillWin said:Ummm well I have my password saved in one of my MFL leagues...I just selected a totally random team from the drop down and it let me log in.
Seriously though, it's the darnedest thing. And what I noticed is that it doesn't always let me login as other league owners either. Sometimes it does, sometimes it doesn't. I have no idea why, [sarcasm] but if people still don't believe me/us, maybe they can join a few of our leagues, we can login as them and then offer ourselves Tom Brady for the OTHER Adrian Peterson?! 
[/sarcasm]
Last edited by a moderator:
bonscott
Footballguy
Yes, that's exactly how it's supposed to work as I stated a few posts ago. If you have the commish password you can use it to log on to any team. So each team in essence has *2* passwords. The one the owner sets and the commish password. Think of the commish password as an "admin" password on a computer. I think it's that way due to some owners not having Internet access (back in the day mostly, but still the case sometimes) thus the commish can log in as that owner and perform things like submit lineups or whatnot. MFL has always been that way for 15+ years.JetsWillWin said:
PatsWillWin
Footballguy
Gotcha. Just gonna delete my post lol. Thanks.
BuckeyeArt
Footballguy
While I would have refunded the guy in full if I kicked him out, it doesn't matter now. He's basically trying to extort money from you. Someone else mentioned he has threatened another one's family. Send him an email with this link:B. Nugget said:
http://www.ic3.gov/default.aspx
Tell him the next time he does anything, you will file a complaint. Mention the extortion and his prior threats. It's possible he will then stop. If he doesn't and when he hacks into the site again, follow through and file the complaint. He deserves it.
Franknbeans
Footballguy
It's gotta be Steve the Camper
WTF? Some people are just eff'd up.
I was thinking either 6 yrs old or a complete loser (or both), but OK. nuts might play into it also. or at the very least, in desperate need of a life. PS frankly if you can't come up with a password he can't crack you aren't trying very hard - unless he really is some deranged loon who is some hard-core data security specialist (possible)THE UNDERCOVER BROTHA said:
tip: DON'T use words.
oooooh, BIG mistake if that's me. he would get hurt REAL bad and it would have nothing to do with computers.stp-d said:
In this, like most things, I am with Switz.With that said, I would delete the leagues from MFL and handle them the old-fashioned way: call in your line-ups and transactions to the commish. Commish could purchase software that resides on PC to manage leagues.switz said:
Then if no refund from MFL, do not use evere again.
Sorry for the Psych Dude. If we know his FBG screename, please be very clear. Also, is his/her English broken? (as in non-native)?
I do not recommend registering a complaint against the guy because a) he is smarter than you are and will just screw with you some more and b) no one is going to do anything about your complaint other than make fun of you for making a complaint about a fantasy football league website.
THE UNDERCOVER BROTHA
Footballguy
Well i dont know his FBG name, my old emails were erased and i dont have it anymore...Alot of info on him was emailed to me and emailed to the people that could maybe rectify the matter.
http://bricescreekgop.blogspot.com/2009_01_01_archive.html
http://www.cravencountygop.org/bboard/arch..._01_archive.htm
see he isnt no kid with nothing to do....
THE UNDERCOVER BROTHA
Footballguy
I have changed that password too. Changed them all cause of this issue.
The most shocking part of this to me is that there are fantasy leagues with owners who only know each other from the Internet that cost money.
Why would anyone ever join a league and send money to a commish they only know from an Internet posting? Why would a commish ever expect to get paid from 11 strangers?
I am about to start a dozen leagues and charge $50 per team. I could make over $5000 in a month and then disappear from the Internet.
Why would anyone ever join a league and send money to a commish they only know from an Internet posting? Why would a commish ever expect to get paid from 11 strangers?
I am about to start a dozen leagues and charge $50 per team. I could make over $5000 in a month and then disappear from the Internet.
There are tons of password crackers out there. The porn industry is usually on top of password security and even those sites eventually get hacked and someone invents a new password security method. MFL is no match for any real hackers.
Chicago Hooligan
Footballguy
I'm doing a $50 Phenoms league for the first time. Had good references from this board, but I agree that no one online should be assumed to be trustworthy. (And as I said upthread, I still don't know why the Phenoms site makes names/emails permanently public to every owner.)
Option A) pay him back, and hope he stops
Option B) post his personal info all over the internet, and hope you find someone with more 733t h4x0r ski11z
Option C) rent a motor-home for a mobile live draft with the rest of the league. Draft your teams on the way to his address, and then poop all over his car when you get there.
Option B) post his personal info all over the internet, and hope you find someone with more 733t h4x0r ski11z
Option C) rent a motor-home for a mobile live draft with the rest of the league. Draft your teams on the way to his address, and then poop all over his car when you get there.
It's gambling, so essentially you are risking money anyways. Responsible people generally play with what they can afford to lose.
I like your style, want to join my $100 league? Oh yeah, but you have to name your team "Who's Your Boss?"
Last edited by a moderator:
stugnut
Footballguy
Leaguesafe.comYou store your money there and can set it up so that the payouts are "ratified" by a majority league vote. So even if the commish tries to scam you, unless half of the league is in on it he can't.
Perfect. I'll just create 6 fake names and email addresses for half of the owners and only steal from the other 6.
THE UNDERCOVER BROTHA
Footballguy
LOL@HeyNow
That was funny....LOL
That was funny....LOL
Organized Chaos
Footballguy
This has to be what's happening here, he found a kiddy script password cracker and he's running it on your sites then claiming to be a hacker.If you go here and create a password that and he still breaks in, then there may be some validity to the story, but changing your password to touCHdown1 isnt going to stop much out there, it will get cracked, it's just a matter of when.
This Link will set you up with a password that he can run all season and not crack.
You can create your own here http://www.pctools.com/guides/password/ make sure to select 12 or more characters and check all the boxes. If he gets in using either link and my instructions, he may have some validity to his story.
Addai's Adidas
Footballguy
So his name is Bob Lockerby?
Uber
Footballguy
Well, they'd have your name, address, and banking information from PayPal, and you'd be committing a felony. So, yeah.
