Thread: FYI: The main web site page got hacked.

If you read between the lines, you'll know these sites are indeed beneficial. In a makeup world where they didn't exist, hacking could be thought to be done only by the knowledgeable, and not every 15 year old with a bad case of acne and pokemon posters in the bedroom.

However, it would also be much harder to fix the exploit, because information wasn't simply available anywhere on how someone might got into the website.

Handling security is not an issue of hiding possible exploits from the public in general. It is about fixing those holes and coding defensively. You'll be more secure if you know what makes you insecure, agreed?

And the other factor is of course that if you close down a site, someone will soon have another site running with similar or same content, in a country where the laws aren't so strict, and the US, Egyptian, Spanish or whatever law can not touch it. It's not very difficult to set up a web-site as long as you have a valid credit card number (doesn't even have to be yours, if you are that way inclined!)

--
Mats

Originally Posted by brewbuck

The board was working the whole time. I think I was the first person to try following a direct link to a post, and from there I could use the board jumper to get to General Discussions and post a comment. Mario, how did you see that comment? Do you have email notification set up or something?

Actually, I had been surfing General Discussion for a good 20 minutes before I realized the board was "hacked." I actually have in my favorites a direct link to General Discussion and frequently don't even look at the index page anymore.

Nah. I just did the same as you and tried to follow a direct link to a post to see if the boards hadn't been deleted.

damn, those kids are 1337!
Did anyone find out what was wrong? A hole in the forum software, or another site on the server or something?

Originally Posted by NeonBlack

damn, those kids are 1337!
Did anyone find out what was wrong? A hole in the forum software, or another site on the server or something?

Nah, it was a vBulletin bug, surely. They had no real access, I don't believe.

Well, I'm still curious about the index.php defacing that seems to have affected the whole htdocs directory... You would get the deface page from cboard, cprogramming and any directory with an index.php page.

This could only be done (mind my still unfamiliarity with apache) through .htaccess. Now, assuming there exists already an .htaccess file in ~/htdocs (which for security reasons alone should exist), they couldn't possibly have altered it unless this file was writable by apache (which shouldn't!).

If, on the other hand, that file didn't exist then there's still the issue how they gained access to htdocs root, assuming cboard sits on its own directory inside /htdocs (I can't get this information from simply looking at the response headers from a 404 or 500 error).

Note that there's another thread about this here: http://cboard.cprogramming.com/showthread.php?t=102352

Originally Posted by dwks

Note that there's another thread about this here: http://cboard.cprogramming.com/showthread.php?t=102352

Yes. But this is kinda the original thread. Todd could should have read this one before posting. I don't feel like discussing spider legs either... and Sly latest comment deserved a reply.

I'm still curious as to how this was done. writing to an .htaccess file is no easy task, especially from within a php script and assuming there's some minimum level of security in place.

For anyone who missed it...

EDIT: I really should have looked at the other thread first. *sighs*

Attachment 8099

Looks fine to me. What did I miss?