Click "c Board" to see the hack. I noticed it about an hour ago.
Click "c Board" to see the hack. I noticed it about an hour ago.
Mainframe assembler programmer by trade. C coder when I can.
It appears the front page was hacked. Buncha pimply-faced morons.
Yup. Was afraid the whole thing had gone down the drain. Been checking VBulletin boards. May have been done through some insecure script. I highly doubt they had any other kind of server access.
Script kiddies losers, I betcha.
Originally Posted by brewbuck:
Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.
Hmm... all index.php were defaced. cprogramming.com, the forums archive, ... mod_rewrite?
Originally Posted by brewbuck:
Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.
Seems as though all passwords still work and users can still log-in. I'll bookmark this until the main page is back up.
I have no idea what this proves except that some morons can hack a page. Stupid.
Last edited by VirtualAce; 04-27-2008 at 09:17 PM.
Yeah this will be fun. I've had a bit of experience fighting hackers myself (some hacked into our servers where I work).
Most likely cause: somewhere in the site the "get" and "post" variable inputs are not being checked, and so the hackers probably got access do the database and used SQL injection to discover admin passwords, logged in as an admin, uploaded some scripts and defaced the site.
Has anyone contacted the webmaster or kermi?
The two 'dudes' (<no credit due>) are members of some defacing "security" group. Wow, sounds fun...
They're probably not aware that hacking in Egypt has recently been made illegal, and carries a hefty penalty. Only time will tell.
I doubt they were from egypt. The javascript variables were in Spanish and the img tags were pointing to a site in San Diego, California.
Originally Posted by brewbuck:
Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.
The page that they hacked said they were "3gypti@n." I don't think where they host their images would tell much, and generally the people who crack message boards are not hackers. They probably found the dork and the code to hack the page on some website like milw0rm... it may have been written by somebody who is Spanish, but not necessarily used by a Spanish person.
Sent from my iPadŽ
Because they can. Someone else actually did all the work finding exploits in popular web services and script based tools, like vbulletin. All the information is made public for several reasons, being one of them help the authors fix it.
Then someone with nothing to do, wanting to impress friends and strangers takes the information and goes about their business. As long as they only deface websites, as these two(?) did, it's a favor they are doing you. However, more often than one would like, they go about trashing all files in the website, deleting them, changing accounts, whatever.
VBulletin has a considerable amount of I've been hacked posts. Mostly not to do with vB own scripts, but with mods, or forgetting to delete installation scripts. That's probably how they go in. However, they did deface index.php all across the cprogramming.com domain. So, I'm curious how they did it and if they gained the ability to write/overwrite .htaccess.
Originally Posted by brewbuck:
Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.
Oh. I just don't know where they are from. I just doubt they were from egypt.
My main reason for doubting that? The fact they said they were.
Originally Posted by brewbuck:
Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.
My point was - why not bring sites like milworm off the web. Hacking would be reduced drastically!
They'll just make new sites. Taking down some of these websites won't stop people doing it - I doubt it'll even slow down the spread of knowledge (read: tools written by someone else).
Good class architecture is not like a Swiss Army Knife; it should be more like a well balanced throwing knife.
- Mike McShaffry