One second I'm peacefully browsing cboard, the next I'm looking at this:
Attachment 8098
Printable View
One second I'm peacefully browsing cboard, the next I'm looking at this:
Attachment 8098
I thought spiders had eight legs.
damn, those kids are 1337!
Did anyone find out what was wrong? A hole in the forum software, or another site on the server or something?
I feel smart now.
Well, I'm still curious about the index.php defacing that seems to have affected the whole htdocs directory... You would get the deface page from cboard, cprogramming and any directory with an index.php page.
This could only be done (mind my still unfamiliarity with apache) through .htaccess. Now, assuming there exists already an .htaccess file in ~/htdocs (which for security reasons alone should exist), they couldn't possibly have altered it unless this file was writable by apache (which shouldn't!).
If, on the other hand, that file didn't exist then there's still the issue how they gained access to htdocs root, assuming cboard sits on its own directory inside /htdocs (I can't get this information from simply looking at the response headers from a 404 or 500 error).
Note that there's another thread about this here: http://cboard.cprogramming.com/showthread.php?t=102352
For anyone who missed it...
EDIT: I really should have looked at the other thread first. *sighs*
Attachment 8099
Yes. But this is kinda the original thread. Todd could should have read this one before posting. I don't feel like discussing spider legs either... and Sly latest comment deserved a reply.
I'm still curious as to how this was done. writing to an .htaccess file is no easy task, especially from within a php script and assuming there's some minimum level of security in place.
I don't see why any of us should waste a single braincell-second more on these idiots. It's up to the admin to figure out what they exploited and fix it. Other than that, let these guys rot in their little dungeons.
Attention is what they want, and that's what they're getting right now.
Obviously we were hacked. They took down all index pages. The webmaster is working on getting everything back up. Thanks to all of you who contacted us to make sure we knew it was down.
I just feel it would be interesting to know how it was done. Some of us here have our own websites. Wouldn't hurt to discuss this and in the process gain some new knowledge. That's all. But... apparently that's asking too much.
I'm not trying to tell anybody to "shut up" or anything like that. I just think posting screenshots of what the site looked like is a bit over the top, and sort of glorifies the morons. Yes, I'm interested to know what the exploit was. Beyond that I won't give these guys any more air time.