FYI: The main web site page got hacked.

This is a discussion on FYI: The main web site page got hacked. within the A Brief History of Cprogramming.com forums, part of the Community Boards category; One second I'm peacefully browsing cboard, the next I'm looking at this:...

  1. #31
    Confused Magos's Avatar
    Join Date
    Sep 2001
    Location
    Sweden
    Posts
    3,145
    One second I'm peacefully browsing cboard, the next I'm looking at this:
    Name:  CProgrammingDotComHacked_Resized.png
Views: 287
Size:  178.5 KB
    MagosX.com

    Give a man a fish and you feed him for a day.
    Teach a man to fish and you feed him for a lifetime.

  2. #32
    Devil's Advocate SlyMaelstrom's Avatar
    Join Date
    May 2004
    Location
    Out of scope
    Posts
    4,069
    Quote Originally Posted by dwks View Post
    This isn't the first time this has happened. CBoard got hacked by someone else with a green logo; I can't remember where I saved it at the moment. That time was more serious, however: cprogramming.com and all of CBoard were down.

    Good to see it was fixed so quickly.
    Hmm... I'm sorry I missed that. However, as you say, there is a big difference between getting root access to the server and getting some administrator password via some SQL injection.
    Sent from my iPad®

  3. #33
    Registered User
    Join Date
    Oct 2001
    Posts
    2,129
    I thought spiders had eight legs.

  4. #34
    Devil's Advocate SlyMaelstrom's Avatar
    Join Date
    May 2004
    Location
    Out of scope
    Posts
    4,069
    Quote Originally Posted by robwhit View Post
    I thought spiders had eight legs.
    ...
    I count eight...


    By the way, Magos. You have GMail.
    Sent from my iPad®

  5. #35
    Registered User NeonBlack's Avatar
    Join Date
    Nov 2007
    Posts
    435
    damn, those kids are 1337!
    Did anyone find out what was wrong? A hole in the forum software, or another site on the server or something?
    Last edited by NeonBlack; 04-28-2008 at 02:04 PM. Reason: sorry for swearing.
    I copied it from the last program in which I passed a parameter, which would have been pre-1989 I guess. - esbo

  6. #36
    Devil's Advocate SlyMaelstrom's Avatar
    Join Date
    May 2004
    Location
    Out of scope
    Posts
    4,069
    Quote Originally Posted by NeonBlack View Post
    damn, those kids are 1337!
    Did anyone find out what was wrong? A hole in the forum software, or another site on the server or something?
    Nah, it was a vBulletin bug, surely. They had no real access, I don't believe.
    Sent from my iPad®

  7. #37
    Registered User
    Join Date
    Oct 2001
    Posts
    2,129
    I feel smart now.

  8. #38
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Portugal
    Posts
    7,465
    Well, I'm still curious about the index.php defacing that seems to have affected the whole htdocs directory... You would get the deface page from cboard, cprogramming and any directory with an index.php page.

    This could only be done (mind my still unfamiliarity with apache) through .htaccess. Now, assuming there exists already an .htaccess file in ~/htdocs (which for security reasons alone should exist), they couldn't possibly have altered it unless this file was writable by apache (which shouldn't!).

    If, on the other hand, that file didn't exist then there's still the issue how they gained access to htdocs root, assuming cboard sits on its own directory inside /htdocs (I can't get this information from simply looking at the response headers from a 404 or 500 error).
    The programmer’s wife tells him: “Run to the store and pick up a loaf of bread. If they have eggs, get a dozen.”
    The programmer comes home with 12 loaves of bread.


    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  9. #39
    Frequently Quite Prolix dwks's Avatar
    Join Date
    Apr 2005
    Location
    Canada
    Posts
    8,046
    Note that there's another thread about this here: FYI: The main web site page got hacked.
    dwk

    Seek and ye shall find. quaere et invenies.

    "Simplicity does not precede complexity, but follows it." -- Alan Perlis
    "Testing can only prove the presence of bugs, not their absence." -- Edsger Dijkstra
    "The only real mistake is the one from which we learn nothing." -- John Powell


    Other boards: DaniWeb, TPS
    Unofficial Wiki FAQ: cpwiki.sf.net

    My website: http://dwks.theprogrammingsite.com/
    Projects: codeform, xuni, atlantis, nort, etc.

  10. #40
    The Right Honourable psychopath's Avatar
    Join Date
    Mar 2004
    Location
    Where circles begin.
    Posts
    1,070
    For anyone who missed it...

    EDIT: I really should have looked at the other thread first. *sighs*

    Name:  hacked.jpg
Views: 293
Size:  180.2 KB
    Last edited by psychopath; 04-28-2008 at 02:45 PM.
    Memorial University of Newfoundland
    Computer Science

    Mac and OpenGL evangelist.

  11. #41
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Portugal
    Posts
    7,465
    Quote Originally Posted by dwks View Post
    Note that there's another thread about this here: FYI: The main web site page got hacked.
    Yes. But this is kinda the original thread. Todd could should have read this one before posting. I don't feel like discussing spider legs either... and Sly latest comment deserved a reply.

    I'm still curious as to how this was done. writing to an .htaccess file is no easy task, especially from within a php script and assuming there's some minimum level of security in place.
    The programmer’s wife tells him: “Run to the store and pick up a loaf of bread. If they have eggs, get a dozen.”
    The programmer comes home with 12 loaves of bread.


    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  12. #42
    Captain Crash brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,239
    I don't see why any of us should waste a single braincell-second more on these idiots. It's up to the admin to figure out what they exploited and fix it. Other than that, let these guys rot in their little dungeons.

    Attention is what they want, and that's what they're getting right now.

  13. #43
    Lead Moderator kermi3's Avatar
    Join Date
    Aug 1998
    Posts
    2,595
    Obviously we were hacked. They took down all index pages. The webmaster is working on getting everything back up. Thanks to all of you who contacted us to make sure we knew it was down.
    Kermi3

    If you're new to the boards, welcome and reading this will help you get started.
    Information on code tags may be found here

    - Sandlot is the highest form of sport.

  14. #44
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Portugal
    Posts
    7,465
    I just feel it would be interesting to know how it was done. Some of us here have our own websites. Wouldn't hurt to discuss this and in the process gain some new knowledge. That's all. But... apparently that's asking too much.
    The programmer’s wife tells him: “Run to the store and pick up a loaf of bread. If they have eggs, get a dozen.”
    The programmer comes home with 12 loaves of bread.


    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  15. #45
    Captain Crash brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,239
    Quote Originally Posted by Mario F. View Post
    I just feel it would be interesting to know how it was done. Some of us here have our own websites. Wouldn't hurt to discuss this and in the process gain some new knowledge. That's all. But... apparently that's asking too much.
    I'm not trying to tell anybody to "shut up" or anything like that. I just think posting screenshots of what the site looked like is a bit over the top, and sort of glorifies the morons. Yes, I'm interested to know what the exploit was. Beyond that I won't give these guys any more air time.

Page 3 of 4 FirstFirst 1234 LastLast
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. web page loading ...
    By twomers in forum C++ Programming
    Replies: 2
    Last Post: 01-21-2006, 12:42 PM
  2. How can I incorporate this code into a web page?
    By MisterRob in forum C Programming
    Replies: 6
    Last Post: 11-02-2005, 04:43 PM
  3. Determining values on a web page
    By AaA in forum C Programming
    Replies: 1
    Last Post: 06-28-2005, 04:47 AM
  4. Drawing rectangle in a web page
    By alphaoide in forum Tech Board
    Replies: 3
    Last Post: 02-20-2005, 06:40 PM
  5. Tab Controls - API
    By -KEN- in forum Windows Programming
    Replies: 7
    Last Post: 06-02-2002, 09:44 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21