Thread: FYI: The main web site page got hacked.

  1. #31
    Confused Magos's Avatar
    Join Date
    Sep 2001
    Location
    Sweden
    Posts
    3,145
    One second I'm peacefully browsing cboard, the next I'm looking at this:
    Attachment 8098
    MagosX.com

    Give a man a fish and you feed him for a day.
    Teach a man to fish and you feed him for a lifetime.

  2. #32
    Devil's Advocate SlyMaelstrom's Avatar
    Join Date
    May 2004
    Location
    Out of scope
    Posts
    4,079
    Quote Originally Posted by dwks View Post
    This isn't the first time this has happened. CBoard got hacked by someone else with a green logo; I can't remember where I saved it at the moment. That time was more serious, however: cprogramming.com and all of CBoard were down.

    Good to see it was fixed so quickly.
    Hmm... I'm sorry I missed that. However, as you say, there is a big difference between getting root access to the server and getting some administrator password via some SQL injection.
    Sent from my iPadŽ

  3. #33
    Registered User
    Join Date
    Oct 2001
    Posts
    2,129
    I thought spiders had eight legs.

  4. #34
    Devil's Advocate SlyMaelstrom's Avatar
    Join Date
    May 2004
    Location
    Out of scope
    Posts
    4,079
    Quote Originally Posted by robwhit View Post
    I thought spiders had eight legs.
    ...
    I count eight...


    By the way, Magos. You have GMail.
    Sent from my iPadŽ

  5. #35
    Registered User NeonBlack's Avatar
    Join Date
    Nov 2007
    Posts
    431
    damn, those kids are 1337!
    Did anyone find out what was wrong? A hole in the forum software, or another site on the server or something?
    Last edited by NeonBlack; 04-28-2008 at 02:04 PM. Reason: sorry for swearing.
    I copied it from the last program in which I passed a parameter, which would have been pre-1989 I guess. - esbo

  6. #36
    Devil's Advocate SlyMaelstrom's Avatar
    Join Date
    May 2004
    Location
    Out of scope
    Posts
    4,079
    Quote Originally Posted by NeonBlack View Post
    damn, those kids are 1337!
    Did anyone find out what was wrong? A hole in the forum software, or another site on the server or something?
    Nah, it was a vBulletin bug, surely. They had no real access, I don't believe.
    Sent from my iPadŽ

  7. #37
    Registered User
    Join Date
    Oct 2001
    Posts
    2,129
    I feel smart now.

  8. #38
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    Well, I'm still curious about the index.php defacing that seems to have affected the whole htdocs directory... You would get the deface page from cboard, cprogramming and any directory with an index.php page.

    This could only be done (mind my still unfamiliarity with apache) through .htaccess. Now, assuming there exists already an .htaccess file in ~/htdocs (which for security reasons alone should exist), they couldn't possibly have altered it unless this file was writable by apache (which shouldn't!).

    If, on the other hand, that file didn't exist then there's still the issue how they gained access to htdocs root, assuming cboard sits on its own directory inside /htdocs (I can't get this information from simply looking at the response headers from a 404 or 500 error).
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  9. #39
    Frequently Quite Prolix dwks's Avatar
    Join Date
    Apr 2005
    Location
    Canada
    Posts
    8,057
    Note that there's another thread about this here: http://cboard.cprogramming.com/showthread.php?t=102352
    dwk

    Seek and ye shall find. quaere et invenies.

    "Simplicity does not precede complexity, but follows it." -- Alan Perlis
    "Testing can only prove the presence of bugs, not their absence." -- Edsger Dijkstra
    "The only real mistake is the one from which we learn nothing." -- John Powell


    Other boards: DaniWeb, TPS
    Unofficial Wiki FAQ: cpwiki.sf.net

    My website: http://dwks.theprogrammingsite.com/
    Projects: codeform, xuni, atlantis, nort, etc.

  10. #40
    The Right Honourable psychopath's Avatar
    Join Date
    Mar 2004
    Location
    Where circles begin.
    Posts
    1,071
    For anyone who missed it...

    EDIT: I really should have looked at the other thread first. *sighs*

    Attachment 8099
    Last edited by psychopath; 04-28-2008 at 02:45 PM.
    M.Eng Computer Engineering Candidate
    B.Sc Computer Science

    Robotics and graphics enthusiast.

  11. #41
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    Quote Originally Posted by dwks View Post
    Note that there's another thread about this here: http://cboard.cprogramming.com/showthread.php?t=102352
    Yes. But this is kinda the original thread. Todd could should have read this one before posting. I don't feel like discussing spider legs either... and Sly latest comment deserved a reply.

    I'm still curious as to how this was done. writing to an .htaccess file is no easy task, especially from within a php script and assuming there's some minimum level of security in place.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  12. #42
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    I don't see why any of us should waste a single braincell-second more on these idiots. It's up to the admin to figure out what they exploited and fix it. Other than that, let these guys rot in their little dungeons.

    Attention is what they want, and that's what they're getting right now.

  13. #43
    Lead Moderator kermi3's Avatar
    Join Date
    Aug 1998
    Posts
    2,595
    Obviously we were hacked. They took down all index pages. The webmaster is working on getting everything back up. Thanks to all of you who contacted us to make sure we knew it was down.
    Kermi3

    If you're new to the boards, welcome and reading this will help you get started.
    Information on code tags may be found here

    - Sandlot is the highest form of sport.

  14. #44
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    I just feel it would be interesting to know how it was done. Some of us here have our own websites. Wouldn't hurt to discuss this and in the process gain some new knowledge. That's all. But... apparently that's asking too much.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  15. #45
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by Mario F. View Post
    I just feel it would be interesting to know how it was done. Some of us here have our own websites. Wouldn't hurt to discuss this and in the process gain some new knowledge. That's all. But... apparently that's asking too much.
    I'm not trying to tell anybody to "shut up" or anything like that. I just think posting screenshots of what the site looked like is a bit over the top, and sort of glorifies the morons. Yes, I'm interested to know what the exploit was. Beyond that I won't give these guys any more air time.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. web page loading ...
    By twomers in forum C++ Programming
    Replies: 2
    Last Post: 01-21-2006, 01:42 PM
  2. How can I incorporate this code into a web page?
    By MisterRob in forum C Programming
    Replies: 6
    Last Post: 11-02-2005, 05:43 PM
  3. Determining values on a web page
    By AaA in forum C Programming
    Replies: 1
    Last Post: 06-28-2005, 04:47 AM
  4. Drawing rectangle in a web page
    By alphaoide in forum Tech Board
    Replies: 3
    Last Post: 02-20-2005, 07:40 PM
  5. Tab Controls - API
    By -KEN- in forum Windows Programming
    Replies: 7
    Last Post: 06-02-2002, 09:44 AM