PDA

View Full Version : Forum Hijacked



GregH
2005-03-28, 10:24
Well that was pretty interesting this weekend. How did the "This site has been hacked" issue get resolved?

SGT Rock
2005-03-28, 13:23
I upgraded the software and then closed some security holes on the server.

GregH
2005-03-28, 15:14
Isn't it just great having a bunch of PITA's sitting at their computers all day trying to figure out how to break websites? You'd think they could at least get off of their butts and get a job at McDonald's or something.

Thanks, SGT, for putting up with the headaches and keeping this site running.

Rage in a Cage
2005-03-28, 15:36
It is hard to find the time to work at McDonalds if they are busy hacking into McDonalds
http://news.zdnet.co.uk/internet/0%2C39020369%2C2084601%2C00.htm
It is also possible the idiots hacked the McD site to adjust their paycheck. :rolleyes:

Thanks Rock keep the head up and hackers out :tomato:

KLeth
2005-03-29, 00:42
Wouldn't it be possible to force logon over HTTPS via SSL ?
I see that credentials are hashed via Javascript, but the exposure of the MD5 hash sum could be eliminated using HTTPS via SSL.

It didn't have to be a Thawte nor Verisign certificate/keyset just a home-generated 128/256 bit set.

Hackers are a pain in the a... ! A huge portion of it-budgets are blown on keeping those types off the company servers. We can do a lot of simple stuff to fend :fight: off the amateurs using download-point'N'hack tools: Fixpacks, tripwires, encryption (SSL ect.), port/protocol switch, DMZs, firewalls and much more . . . :viking:

Just wondering what they have against this site and why it should be so fun to hijack it :stupid:?!?

blackdog
2005-03-29, 01:30
Just wondering what they have against this site and why it should be so fun to hijack it :stupid:?!?
Sites with even the obscurest reference to the United States armed forces are being targeted. It sucks bigtime, but it's that simple. :(

SGT Rock
2005-03-29, 04:58
It also sometimes happens to a specific server company or sometimes a specific software like the vBulletin I use. Someone finds a security hole in either the server or the software so some 17 year old learns how to hack in a BB somewhere and does it just for fun. He can brag he hacked a site when the truth is it didn't take any more skill than installing instant messenger software since someone else did all the real software work.

It looks like part of the issue was a leftover file I missed from the last time I was hacked. The new hacker appears to have exploited that script to upload something to my server. I spent hours looking through all the folders on my site ensuring that there was not other files I couldn't identify.

blackdog
2005-03-29, 07:54
The hack could be because of an unupdated PHP system.
http://developers.slashdot.org/article.pl?sid=04/12/17/1641212&tid=169&tid=172

It's strange, though. A FreeBSD system should be pretty resilient.