Click "c Board" to see the hack. I noticed it about an hour ago.
Printable View
Click "c Board" to see the hack. I noticed it about an hour ago.
It appears the front page was hacked. Buncha pimply-faced morons.
Yup. Was afraid the whole thing had gone down the drain. Been checking VBulletin boards. May have been done through some insecure script. I highly doubt they had any other kind of server access.
Script kiddies losers, I betcha.
Hmm... all index.php were defaced. cprogramming.com, the forums archive, ... mod_rewrite?
Seems as though all passwords still work and users can still log-in. I'll bookmark this until the main page is back up.
I have no idea what this proves except that some morons can hack a page. Stupid.
Yeah this will be fun. I've had a bit of experience fighting hackers myself (some hacked into our servers where I work).
Most likely cause: somewhere in the site the "get" and "post" variable inputs are not being checked, and so the hackers probably got access do the database and used SQL injection to discover admin passwords, logged in as an admin, uploaded some scripts and defaced the site.
I noticed it a while ago too.
Does anyone know when the site will be fixed?
Has anyone contacted the webmaster or kermi?
Looks fine to me. What did I miss?
You missed the sexy skull!Quote:
Originally Posted by iMalc
The two 'dudes' (<no credit due>) are members of some defacing "security" group. Wow, sounds fun...
They're probably not aware that hacking in Egypt has recently been made illegal, and carries a hefty penalty. Only time will tell.
If by that comment you mean it's still in a hacked state then I guess it has to do with someone's ISP's caching now.
I actually make shortcuts directly to the forums I visit, so I wouldn't see it anyway.
uh? No its alright now. They put the picture of a skull on the main page (I saw that some 6 hours ago). Its fine now.Quote:
Originally Posted by iMalc
Yeah, HaTsA4 and H666p said they wheren't sorry that the admins thought their site was secure.
Their text are was pretty good actually.
Anyway...
BURN!
I doubt they were from egypt. The javascript variables were in Spanish and the img tags were pointing to a site in San Diego, California.
The page that they hacked said they were "3gypti@n." I don't think where they host their images would tell much, and generally the people who crack message boards are not hackers. They probably found the dork and the code to hack the page on some website like milw0rm... it may have been written by somebody who is Spanish, but not necessarily used by a Spanish person.Quote:
Originally Posted by Mario F.
The artwork was pretty good. Although a petty attempt at a hack.
Oh. I just don't know where they are from. I just doubt they were from egypt.
My main reason for doubting that? The fact they said they were.
Why don't they bring down such sites? I thought laws were strict in the US.Quote:
Originally Posted by SlyMaelstrom
Edit: ooh and thanks for letting me know about that site :D
(no I won't hack anyone)
Because they can. Someone else actually did all the work finding exploits in popular web services and script based tools, like vbulletin. All the information is made public for several reasons, being one of them help the authors fix it.Quote:
Originally Posted by abk
Then someone with nothing to do, wanting to impress friends and strangers takes the information and goes about their business. As long as they only deface websites, as these two(?) did, it's a favor they are doing you. However, more often than one would like, they go about trashing all files in the website, deleting them, changing accounts, whatever.
VBulletin has a considerable amount of I've been hacked posts. Mostly not to do with vB own scripts, but with mods, or forgetting to delete installation scripts. That's probably how they go in. However, they did deface index.php all across the cprogramming.com domain. So, I'm curious how they did it and if they gained the ability to write/overwrite .htaccess.
My point was - why not bring sites like milworm off the web. Hacking would be reduced drastically!
They'll just make new sites. Taking down some of these websites won't stop people doing it - I doubt it'll even slow down the spread of knowledge (read: tools written by someone else).
If you read between the lines, you'll know these sites are indeed beneficial. In a makeup world where they didn't exist, hacking could be thought to be done only by the knowledgeable, and not every 15 year old with a bad case of acne and pokemon posters in the bedroom.
However, it would also be much harder to fix the exploit, because information wasn't simply available anywhere on how someone might got into the website.
Handling security is not an issue of hiding possible exploits from the public in general. It is about fixing those holes and coding defensively. You'll be more secure if you know what makes you insecure, agreed?
And the other factor is of course that if you close down a site, someone will soon have another site running with similar or same content, in a country where the laws aren't so strict, and the US, Egyptian, Spanish or whatever law can not touch it. It's not very difficult to set up a web-site as long as you have a valid credit card number (doesn't even have to be yours, if you are that way inclined!)
--
Mats
As far as the origin of the dweebs, I think they really are Egyptian. I Googled a few things based on what I saw in the HTML and tracked down a message board where one of the guys posts. It's definitely Egyptian.
I briefly considered digging deeper. But the morons only managed to temporarily deface the front page. It's not worth my time. Sadly, it's not really worth anybody else's time either, and that's why these kinds of snot-nosed idiots don't usually get caught.
The board was working the whole time. I think I was the first person to try following a direct link to a post, and from there I could use the board jumper to get to General Discussions and post a comment. Mario, how did you see that comment? Do you have email notification set up or something?
Nah. I just did the same as you and tried to follow a direct link to a post to see if the boards hadn't been deleted.
Actually, I had been surfing General Discussion for a good 20 minutes before I realized the board was "hacked." I actually have in my favorites a direct link to General Discussion and frequently don't even look at the index page anymore.Quote:
Originally Posted by brewbuck
Well, specifically in the U.S. you cant restrict a website based on content as it would violate at least 1 constitutional amendment in at least 2 ways (freedom of speech, freedom of the press). Other countries may have less libreral laws. I know that traffic into and out of Iraq is restricted, how effective those restrictions are I have no idea. I'm pretty sure you can still get porn, even though it is illegal there. In either case, taking down the site wouldnt even slow the hackers down much.
This is what it looked like.
This isn't the first time this has happened. CBoard got hacked by someone else with a green logo; I can't remember where I saved it at the moment. That time was more serious, however: cprogramming.com and all of CBoard were down.
Good to see it was fixed so quickly.
One second I'm peacefully browsing cboard, the next I'm looking at this:
Attachment 8098
Hmm... I'm sorry I missed that. However, as you say, there is a big difference between getting root access to the server and getting some administrator password via some SQL injection.Quote:
Originally Posted by dwks
I thought spiders had eight legs.
...Quote:
Originally Posted by robwhit
I count eight...
By the way, Magos. You have GMail.
damn, those kids are 1337!
Did anyone find out what was wrong? A hole in the forum software, or another site on the server or something?
Nah, it was a vBulletin bug, surely. They had no real access, I don't believe.Quote:
Originally Posted by NeonBlack
I feel smart now.
Well, I'm still curious about the index.php defacing that seems to have affected the whole htdocs directory... You would get the deface page from cboard, cprogramming and any directory with an index.php page.
This could only be done (mind my still unfamiliarity with apache) through .htaccess. Now, assuming there exists already an .htaccess file in ~/htdocs (which for security reasons alone should exist), they couldn't possibly have altered it unless this file was writable by apache (which shouldn't!).
If, on the other hand, that file didn't exist then there's still the issue how they gained access to htdocs root, assuming cboard sits on its own directory inside /htdocs (I can't get this information from simply looking at the response headers from a 404 or 500 error).
Note that there's another thread about this here: http://cboard.cprogramming.com/showthread.php?t=102352
For anyone who missed it...
EDIT: I really should have looked at the other thread first. *sighs*
Attachment 8099
Yes. But this is kinda the original thread. Todd could should have read this one before posting. I don't feel like discussing spider legs either... and Sly latest comment deserved a reply.Quote:
Originally Posted by dwks
I'm still curious as to how this was done. writing to an .htaccess file is no easy task, especially from within a php script and assuming there's some minimum level of security in place.
I don't see why any of us should waste a single braincell-second more on these idiots. It's up to the admin to figure out what they exploited and fix it. Other than that, let these guys rot in their little dungeons.
Attention is what they want, and that's what they're getting right now.
Obviously we were hacked. They took down all index pages. The webmaster is working on getting everything back up. Thanks to all of you who contacted us to make sure we knew it was down.
I just feel it would be interesting to know how it was done. Some of us here have our own websites. Wouldn't hurt to discuss this and in the process gain some new knowledge. That's all. But... apparently that's asking too much.
I'm not trying to tell anybody to "shut up" or anything like that. I just think posting screenshots of what the site looked like is a bit over the top, and sort of glorifies the morons. Yes, I'm interested to know what the exploit was. Beyond that I won't give these guys any more air time.Quote:
Originally Posted by Mario F.
If I find out more that I can pass along, I will. You know what I know.Quote:
Originally Posted by Mario F.
Thanks Kermi. And I apologize for having jumped into conclusions.
wow! first time i have witnessed a #@k3r$ 4tt4(k!!!
i mean it is serious but, really, first time for me! :(
I always think things like this are more annoying than serious. I mean, maybe they are. In truth, tho, it just seems to me a desperate cry for attention. Someone needs a hug.
As if anyone is going to trust haxorz to manage their site security. So there was a security flaw in the site, not like this site handles classified information or personal data.
I agree, hence I left them un-named -- look at the start of the thread. If you read up on them on various 'hacking' forums they boast about how many times their name shows in google, who's talking about them etc.Quote:
Originally Posted by brewbuck
Let's just hope a few smarties on this forum go down the "punisher movie" sort of story-line ;)
All it did was tempt me into minoring in security... that or play Rainbow 6 :)
I started hearing an echo of, "Tango down!" when I read this.Quote:
Originally Posted by zacs7
These "look-at-me-I-can-hack-a-site" aren't that scary. What's scary is the people who hacks a site silently and unnoticed to spread bad code/scripts.
So they just want to be famous!
Better still, since they did not do something really harmful, besides defacing the main page.
But such harmless attempts prove to be useful for site administrator
Or
am I too inexperienced to judge??
I heard it like this:Quote:
Originally Posted by Magos
Teach a man to fish, and, he will be on the lake side, all the day, drinking beer, having fun :D