So, how was the backdoor found?

[MoonBuggy]

I'd be interested to know where it came from. Last year made sense - someone cleverly spotted the typo in the DNS records, realised that 194 made more sense than 192, and that was pretty much that. What I'm wondering is who worked out this year's one, and how - cleverly poking around their network infrastructure? Good guesswork? A leak from See?

[Yesiamaduck]

Didn't work at all this year... usually you just skip pages that just re-direct by getting pages later and later into the is process... but this year the page would load with error messages.

[MoonBuggy]

Someone found a backdoor IP address that seemed to go right past the queueing system: /topic/181173-sunday-6th-sale-post-backdoor-urls-in-this-thread-if-you-get-through/?p=4148370">http://www.efestivals.co.uk/forums/topic/181173-sunday-6th-sale-post-backdoor-urls-in-this-thread-if-you-get-through/?p=4148370

[frostypaw]

It didn't work

[Paul ™]

It did briefly

[Dave The Hedgehog]

It didn't work

[tdrules]

It certainly worked for me, almost instantly.

Either someone worked it out through pinging the server or someone at SeeTickets wanted to get their mates in and then the address was leaked.

[posthuman]

Someone found a backdoor IP address that seemed to go right past the queueing system: /topic/181173-sunday-6th-sale-post-backdoor-urls-in-this-thread-if-you-get-through/?p=4148370">http://www.efestivals.co.uk/forums/topic/181173-sunday-6th-sale-post-backdoor-urls-in-this-thread-if-you-get-through/?p=4148370

[jameshunt]

Unfortunately that IP address belongs to a Nigerian banking fellow who told me I have pigeons roosting in my account.

[modey]

host file didn't work for me

[posthuman]

Unfortunately that IP address belongs to a Nigerian banking fellow who told me I have pigeons roosting in my account.

[jameshunt]

I checked the IP before posting, and it's owned by The Way Ahead Ltd, same group as See Tickets.

The booking screen also successfully loaded my name and address based on registration number and postcode - harder to do if it was a fake site. (Man in the middle attack is theoretically feasible, but would have the same server connectivity challenges as the rest of us)

[posthuman]

I was pretty sure my post would be viewed as the joke it was intended to be, but yes you'd definitely want to be sure you were in the right place before entering bank card details.

[snipe]

.Well traceroutes show that backdoor IP to be hanging off a cable modem but it looks more likely that NTL just never updated their reverse dns and whois information as both traces appear to be going to Guildford.