Ramblings of a Tampa engineer
Photo by Natasha Connell / Unsplash

After a small talk at a conference I did, this father and son joined me in the front of the room and asked me how I got involved in what I was speaking about. I tried to explain it was just passion and lots of hours in front of a screen. I also reinforced at passion being involved - I did this stuff because I was interested in it and enjoyed it.

Weeks later, I booted up an old hard drive and found a trove of things that led to this blog. It will be a ton of mini stories regarding childhood and technology, where I was mainly in way over my head. What I learned looking back at all of this stuff is I wasn't nervous to just try things and really push myself to build something no matter how bad it was.


The VB/C# Era

Halo 3 Fileshare Spider

Since I started really diving into things after modding an original Xbox, the common language for all those tools was either VB or C#. Sure some folks used other languages, but a majority of languages were in the Microsoft family.

I had no idea what I was doing trying to learn one of these languages, but it wasn't the syntax that was bothering me. It was breaking problems down to a collection of smaller solvable problem. Shown above is a Halo 3 Fileshare spider, which had perplexed my mind on how to build initially.

If we do a thought exercise - it isn't too bad. Just load the corresponding URL of the fileshare on the web for an Xbox Live agent. Scan the page extracting each saved game and look for something in our scan list. Continue onward to the next gamertag until you exhaust your list.

Private versions of this program just crawled the friend lists of each gamertag it loaded, so the system slowly grew the possibilities of gamertags to scan. However, this was highly inefficient for many reasons:

  • Each user had their own search (nothing shared)
  • Anytime search results changed - you had to start again
  • You couldn't start it in the middle
  • It was slow

This was basically an attempt to build a web scraper, indexer and search engine at once. A horrible attempt, but the amount of times this knowledge or experience comes back up decades later blows my mind.


Web Security & Development

At some point I started disliking Windows applications because they were isolated to a machine. I wanted something available to web and I started learning how those worked. I started with forums beginning with IPB, then moving to phpBB3 and e107 then heading back to the paid offering of IPB.

I remember signing up at most sketch looking websites that promised free hosting since I quickly learned that hosting my own stuff from my own computer was not a good idea with a machine that turned off nightly.

My first journey was with Forumer, a site that allowed me to host my own Invision Power Board for free. This site exploded with popularity and I had nearly 50k posts and 8000 members, this attracted those who wanted to take that. I was hacked and DDoSed constantly and Forumer ended up suspending my site due to the damage it was causing to others on the platform.

ibotmodz.3.forumer.com (2007)

I was young in middle school with no real digital money to support paying for hosting. So I stumbled around to more "free VPS" services that injected ads into your content and generally just sucked.

This was a good learning experience because I was jumping hosting services so often I learned how important a real domain was. When the site left forumer, I lost the most popular ibotmodz.3.forumer.com domain. The next site was another subdomain and getting people to follow to the new sites was difficult.

I learned about DNS and the world of buying domains. PayPal became my friend and as long as I kept shoveling snow and fixing computers of random folks in the neighborhood I could keep up the funds to fund this lifestyle.

After another free site shut down so I went to HostMonster and paid real money for a monthly account and they suspended me near instantly for hosting "warez". I stumbled upon a home called XenServ. My first real experience with a new fresh domain ibotmodz.net and a new more personable host.

Suspended for going over my bandwidth limits (2010)

These folks and the staff were next to amazing, explaining everything and really helping me learn stuff. However, I turned into an ass for these guys. I was emailing 3-5 times a day on a hosting plan that was $3/month. Any single thing slow/wrong I was emailing. I was constantly under attack by the folks I surrounded myself with and even hacked. Folks did not want iBotModz to exist - it was built from the theft of content and was excelling beyond belief.

Another DDoS to iBotModz

Nothing good lasts forever and I abused all the help I got. Things escalated to me that they didn't care about my site and all the support/stress I caused is not worth the money.

Emails were bouncing and my site was effectively offline with no recourse to obtain backups or the content. I was begging in IRC channels to release my content and I would go on my way and leave. This is where I learned the hard way about actually owning your own content with alternative backups and more. In what I assume was just a "feeling bad" nature one of the staff members got me backups and I never spoke to Chris/David again at XenServ.

This story could go on and on for the next hosts as I jumped between a friend hosting account to SliceHost to then The Planet to then Linode. I've been with Linode ever since (10+ years).

This experience of jumping hosts allowed me to learn so many things about spinning up environments, Linux and everything in between to get a site back online many times.


Script Kiddie Era

Since my adventures with hosting led to a consistent suspension for either warez, DDoS or abuse - I started learning how it all worked. I remember finally executing my first SQL Injection to a competitor site and truncating all their database tables. It was beyond unethical and terrible to do, but being on the other end of it warps your perception for so long of what is good and breeds revenge.

iBot XR (2.3)

I've blogged about this era of DDoS booting prior, but I moved into that as well spreading malware in hopes to grow my bot army larger and larger. It blew my mind how easy putting up a torrent of an upcoming movie with an .exe as a binary would get downloaded.

This helped me learn how to pack binaries to evade detection and learning the constant cat n mouse game of signature detection when making tools. While my background began unethically - I still believe to this day that you cannot learn to effectively secure systems until you spend time actually attacking them.


So in closing, when someone asks me how I got involved in this stuff. Just never stop doing things and make sure you have a passion to want to learn this field.

You’ve successfully subscribed to Connor Tumbleson
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Your link has expired
Success! Check your email for magic link to sign-in.