Like Tree4Likes
  • 2 Post By Elkvis
  • 1 Post By whiteflags
  • 1 Post By ledow

Website was compromised.

This is a discussion on Website was compromised. within the General Discussions forums, part of the Community Boards category; http://cboard.cprogramming.com I guess WEBMASTER's no longer the webmaster....

  1. #1
    Stoned Witch Barney McGrew's Avatar
    Join Date
    Oct 2012
    Location
    astaylea
    Posts
    420

    Website was compromised.

    http://cboard.cprogramming.com

    I guess WEBMASTER's no longer the webmaster.

  2. #2
    Registered User
    Join Date
    Oct 2006
    Posts
    2,539
    it's pretty annoying that while they say they don't do it to be malicious, their activity clearly causes problems. why couldn't they just find the security hole, and report it, rather than completely disrupt legitimate users' use of the website? these are not good people, regardless of what they say about themselves.
    whiteflags and Salem like this.
    Code:
    namespace life
    {
        const bool change = true;
    }

  3. #3
    Registered User
    Join Date
    Jun 2005
    Posts
    6,527
    Agreed, Elkvis.

    Those who aren't out to cause damage or other problems, like you say, will not disrupt sites. They would report the problem to the vendors of vBulletin (the software this site uses) in the first instance. At most, they would provide site admins with advice on how to address the vulnerability, and advise those admins to actively check with the software vendors for fixes.

    I haven't followed the link they give to their own forum but, from its URL, it is a porn site.

    So, credibility of these hackers is pretty low in my view.
    Right 98% of the time, and don't care about the other 3%.

    If I seem grumpy in reply to you, it is likely you deserve it. Suck it up, sunshine, and read this, this, and this before posting again.

  4. #4
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    1,678
    Quote Originally Posted by Elkvis View Post
    it's pretty annoying that while they say they don't do it to be malicious, their activity clearly causes problems. why couldn't they just find the security hole, and report it, rather than completely disrupt legitimate users' use of the website? these are not good people, regardless of what they say about themselves.
    I can think of one reason...
    If you find a security hole and and report it, the operators are likely to patch it at their leisure.
    If you find a security hole and exploit it, the operators are likely to patch it as fast as they can.

    If they had access to the whole forums but chose to only deface the entry page, that's pretty credible.
    If I were webmaster, I would be thankful the exploit was harmless (outside of harm to reputation) rather than destructive.
    A class that doesn't overload all operators just isn't finished yet. -- SmugCeePlusPlusWeenie
    A year spent in artificial intelligence is enough to make one believe in God. -- Alan J. Perlis

  5. #5
    Registered User whiteflags's Avatar
    Join Date
    Apr 2006
    Location
    United States
    Posts
    7,751
    If I were webmaster, I'd be ........ed, because there is nothing that I can do, aside from update forum software, because I don't necessarily have the ability to manually edit vBulletin software.

    Imagine if Amazon were similarly defaced. "Dear third party merchants, we defaced Amazon because it's not secure. This was not intended to interrupt your business." Yeah, kiss the fattest part of my ass.
    Salem likes this.

  6. #6
    Registered User
    Join Date
    Oct 2006
    Posts
    2,539
    Quote Originally Posted by Yarin View Post
    If you find a security hole and exploit it, the operators are likely to patch it as fast as they can.
    you make a good point, but it doesn't excuse their actions. vBulletin is all php, and it would be a simple matter to override the home page, and redirect after a few seconds to the actual page, after notifying the site visitor that it had been compromised. there is literally no excuse for rendering a whole web site effectively inaccessible, just to make a point about security. these guys are thugs, plain and simple. they do this for their own amusement, and nothing else.
    Code:
    namespace life
    {
        const bool change = true;
    }

  7. #7
    Administrator webmaster's Avatar
    Join Date
    Aug 2001
    Posts
    975
    We seem to be back on track now, it looks like the hacker got in with a well know Vbulletin exploit. He only edited the forum.php file. I have replaced it and everything is working like normal.

  8. #8
    C lover
    Join Date
    Oct 2007
    Location
    Virginia
    Posts
    265
    Whats the legal recourse for something like this?

  9. #9
    Registered User ledow's Avatar
    Join Date
    Dec 2011
    Posts
    435
    Quote Originally Posted by webmaster View Post
    We seem to be back on track now, it looks like the hacker got in with a well know Vbulletin exploit. He only edited the forum.php file. I have replaced it and everything is working like normal.
    Apart from the chatbox and the invitation to join a gaming group? Or was that just intentional spam for the forum?
    Matticus likes this.

    - Compiler warnings are like "Bridge Out Ahead" warnings. DON'T just ignore them.
    - A compiler error is something SO stupid that the compiler genuinely can't carry on with its job. A compiler warning is the compiler saying "Well, that's bloody stupid but if you WANT to ignore me..." and carrying on.
    - The best debugging tool in the world is a bunch of printf()'s for everything important around the bits you think might be wrong.

  10. #10
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    1,678
    Quote Originally Posted by ledow View Post
    Apart from the chatbox and the invitation to join a gaming group? Or was that just intentional spam for the forum?
    I second guessed it as well.
    The weird part is how the link is overlined rather than underlined.
    A class that doesn't overload all operators just isn't finished yet. -- SmugCeePlusPlusWeenie
    A year spent in artificial intelligence is enough to make one believe in God. -- Alan J. Perlis

  11. #11
    Registered User
    Join Date
    Oct 2006
    Posts
    2,539
    Quote Originally Posted by webmaster View Post
    ...got in with a well know Vbulletin exploit.
    if it was so well known, wasn't it preventable then? or is there no known patch for that particular exploit?
    Code:
    namespace life
    {
        const bool change = true;
    }

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. My new website !!
    By Brain Cell in forum A Brief History of Cprogramming.com
    Replies: 24
    Last Post: 01-16-2005, 09:45 AM
  2. website..
    By 1veedo in forum A Brief History of Cprogramming.com
    Replies: 9
    Last Post: 01-08-2004, 05:43 PM
  3. my new website :-D
    By Klinerr1 in forum A Brief History of Cprogramming.com
    Replies: 15
    Last Post: 07-15-2002, 04:09 PM
  4. Website -
    By MethodMan in forum A Brief History of Cprogramming.com
    Replies: 8
    Last Post: 07-04-2002, 04:37 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21