PDA

View Full Version : FYI: The main web site page got hacked.



Pages : [1] 2

Dino
04-27-2008, 05:02 PM
Click "c Board" to see the hack. I noticed it about an hour ago.

brewbuck
04-27-2008, 08:00 PM
It appears the front page was hacked. Buncha pimply-faced morons.

Mario F.
04-27-2008, 08:07 PM
Yup. Was afraid the whole thing had gone down the drain. Been checking VBulletin boards. May have been done through some insecure script. I highly doubt they had any other kind of server access.

Script kiddies losers, I betcha.

Mario F.
04-27-2008, 08:45 PM
Hmm... all index.php were defaced. cprogramming.com, the forums archive, ... mod_rewrite?

VirtualAce
04-27-2008, 09:13 PM
Seems as though all passwords still work and users can still log-in. I'll bookmark this until the main page is back up.

I have no idea what this proves except that some morons can hack a page. Stupid.

DavidP
04-27-2008, 10:01 PM
Yeah this will be fun. I've had a bit of experience fighting hackers myself (some hacked into our servers where I work).

Most likely cause: somewhere in the site the "get" and "post" variable inputs are not being checked, and so the hackers probably got access do the database and used SQL injection to discover admin passwords, logged in as an admin, uploaded some scripts and defaced the site.

cpjust
04-27-2008, 10:08 PM
I noticed it a while ago too.
Does anyone know when the site will be fixed?

DavidP
04-27-2008, 10:17 PM
Has anyone contacted the webmaster or kermi?

iMalc
04-28-2008, 12:05 AM
Looks fine to me. What did I miss?

abh!shek
04-28-2008, 12:55 AM
Looks fine to me. What did I miss?
You missed the sexy skull!

zacs7
04-28-2008, 01:06 AM
The two 'dudes' (<no credit due>) are members of some defacing "security" group. Wow, sounds fun...

They're probably not aware that hacking in Egypt has recently been made illegal, and carries a hefty penalty. Only time will tell.

iMalc
04-28-2008, 01:30 AM
If by that comment you mean it's still in a hacked state then I guess it has to do with someone's ISP's caching now.
I actually make shortcuts directly to the forums I visit, so I wouldn't see it anyway.

abh!shek
04-28-2008, 01:42 AM
If by that comment you mean it's still in a hacked state then I guess it has to do with someone's ISP's caching now.
I actually make shortcuts directly to the forums I visit, so I wouldn't see it anyway.

uh? No its alright now. They put the picture of a skull on the main page (I saw that some 6 hours ago). Its fine now.

Yarin
04-28-2008, 06:10 AM
Yeah, HaTsA4 and H666p said they wheren't sorry that the admins thought their site was secure.
Their text are was pretty good actually.

Anyway...
BURN!

Mario F.
04-28-2008, 06:18 AM
I doubt they were from egypt. The javascript variables were in Spanish and the img tags were pointing to a site in San Diego, California.

SlyMaelstrom
04-28-2008, 06:58 AM
I doubt they were from egypt. The javascript variables were in Spanish and the img tags were pointing to a site in San Diego, California.The page that they hacked said they were "3gypti@n." I don't think where they host their images would tell much, and generally the people who crack message boards are not hackers. They probably found the dork and the code to hack the page on some website like milw0rm... it may have been written by somebody who is Spanish, but not necessarily used by a Spanish person.

Raigne
04-28-2008, 07:04 AM
The artwork was pretty good. Although a petty attempt at a hack.

Mario F.
04-28-2008, 07:10 AM
Oh. I just don't know where they are from. I just doubt they were from egypt.
My main reason for doubting that? The fact they said they were.

abh!shek
04-28-2008, 07:19 AM
The page that they hacked said they were "3gypti@n." I don't think where they host their images would tell much, and generally the people who crack message boards are not hackers. They probably found the dork and the code to hack the page on some website like milw0rm... it may have been written by somebody who is Spanish, but not necessarily used by a Spanish person.

Why don't they bring down such sites? I thought laws were strict in the US.

Edit: ooh and thanks for letting me know about that site :D
(no I won't hack anyone)

Mario F.
04-28-2008, 07:45 AM
Why don't they bring down such sites? I thought laws were strict in the US.

Because they can. Someone else actually did all the work finding exploits in popular web services and script based tools, like vbulletin. All the information is made public for several reasons, being one of them help the authors fix it.

Then someone with nothing to do, wanting to impress friends and strangers takes the information and goes about their business. As long as they only deface websites, as these two(?) did, it's a favor they are doing you. However, more often than one would like, they go about trashing all files in the website, deleting them, changing accounts, whatever.

VBulletin has a considerable amount of I've been hacked posts. Mostly not to do with vB own scripts, but with mods, or forgetting to delete installation scripts. That's probably how they go in. However, they did deface index.php all across the cprogramming.com domain. So, I'm curious how they did it and if they gained the ability to write/overwrite .htaccess.

abh!shek
04-28-2008, 07:55 AM
My point was - why not bring sites like milworm off the web. Hacking would be reduced drastically!

cboard_member
04-28-2008, 08:04 AM
They'll just make new sites. Taking down some of these websites won't stop people doing it - I doubt it'll even slow down the spread of knowledge (read: tools written by someone else).

Mario F.
04-28-2008, 08:10 AM
If you read between the lines, you'll know these sites are indeed beneficial. In a makeup world where they didn't exist, hacking could be thought to be done only by the knowledgeable, and not every 15 year old with a bad case of acne and pokemon posters in the bedroom.

However, it would also be much harder to fix the exploit, because information wasn't simply available anywhere on how someone might got into the website.

Handling security is not an issue of hiding possible exploits from the public in general. It is about fixing those holes and coding defensively. You'll be more secure if you know what makes you insecure, agreed?

matsp
04-28-2008, 08:15 AM
And the other factor is of course that if you close down a site, someone will soon have another site running with similar or same content, in a country where the laws aren't so strict, and the US, Egyptian, Spanish or whatever law can not touch it. It's not very difficult to set up a web-site as long as you have a valid credit card number (doesn't even have to be yours, if you are that way inclined!)

--
Mats

brewbuck
04-28-2008, 08:48 AM
As far as the origin of the dweebs, I think they really are Egyptian. I Googled a few things based on what I saw in the HTML and tracked down a message board where one of the guys posts. It's definitely Egyptian.

I briefly considered digging deeper. But the morons only managed to temporarily deface the front page. It's not worth my time. Sadly, it's not really worth anybody else's time either, and that's why these kinds of snot-nosed idiots don't usually get caught.

The board was working the whole time. I think I was the first person to try following a direct link to a post, and from there I could use the board jumper to get to General Discussions and post a comment. Mario, how did you see that comment? Do you have email notification set up or something?

Mario F.
04-28-2008, 09:15 AM
Nah. I just did the same as you and tried to follow a direct link to a post to see if the boards hadn't been deleted.

SlyMaelstrom
04-28-2008, 09:27 AM
The board was working the whole time. I think I was the first person to try following a direct link to a post, and from there I could use the board jumper to get to General Discussions and post a comment. Mario, how did you see that comment? Do you have email notification set up or something?Actually, I had been surfing General Discussion for a good 20 minutes before I realized the board was "hacked." I actually have in my favorites a direct link to General Discussion and frequently don't even look at the index page anymore.

abachler
04-28-2008, 09:38 AM
Well, specifically in the U.S. you cant restrict a website based on content as it would violate at least 1 constitutional amendment in at least 2 ways (freedom of speech, freedom of the press). Other countries may have less libreral laws. I know that traffic into and out of Iraq is restricted, how effective those restrictions are I have no idea. I'm pretty sure you can still get porn, even though it is illegal there. In either case, taking down the site wouldnt even slow the hackers down much.

Sang-drax
04-28-2008, 11:24 AM
This is what it looked like.

dwks
04-28-2008, 01:51 PM
This isn't the first time this has happened. CBoard got hacked by someone else with a green logo; I can't remember where I saved it at the moment. That time was more serious, however: cprogramming.com and all of CBoard were down.

Good to see it was fixed so quickly.

Magos
04-28-2008, 01:52 PM
One second I'm peacefully browsing cboard, the next I'm looking at this:
8098

SlyMaelstrom
04-28-2008, 01:55 PM
This isn't the first time this has happened. CBoard got hacked by someone else with a green logo; I can't remember where I saved it at the moment. That time was more serious, however: cprogramming.com and all of CBoard were down.

Good to see it was fixed so quickly.Hmm... I'm sorry I missed that. However, as you say, there is a big difference between getting root access to the server and getting some administrator password via some SQL injection.

robwhit
04-28-2008, 01:58 PM
I thought spiders had eight legs.

SlyMaelstrom
04-28-2008, 02:00 PM
I thought spiders had eight legs....
I count eight...


By the way, Magos. You have GMail.

NeonBlack
04-28-2008, 02:03 PM
damn, those kids are 1337!
Did anyone find out what was wrong? A hole in the forum software, or another site on the server or something?

SlyMaelstrom
04-28-2008, 02:05 PM
damn, those kids are 1337!
Did anyone find out what was wrong? A hole in the forum software, or another site on the server or something?Nah, it was a vBulletin bug, surely. They had no real access, I don't believe.

robwhit
04-28-2008, 02:13 PM
I feel smart now.

Mario F.
04-28-2008, 02:33 PM
Well, I'm still curious about the index.php defacing that seems to have affected the whole htdocs directory... You would get the deface page from cboard, cprogramming and any directory with an index.php page.

This could only be done (mind my still unfamiliarity with apache) through .htaccess. Now, assuming there exists already an .htaccess file in ~/htdocs (which for security reasons alone should exist), they couldn't possibly have altered it unless this file was writable by apache (which shouldn't!).

If, on the other hand, that file didn't exist then there's still the issue how they gained access to htdocs root, assuming cboard sits on its own directory inside /htdocs (I can't get this information from simply looking at the response headers from a 404 or 500 error).

dwks
04-28-2008, 02:41 PM
Note that there's another thread about this here: http://cboard.cprogramming.com/showthread.php?t=102352

psychopath
04-28-2008, 02:42 PM
For anyone who missed it...

EDIT: I really should have looked at the other thread first. *sighs*

8099

Mario F.
04-28-2008, 02:51 PM
Note that there's another thread about this here: http://cboard.cprogramming.com/showthread.php?t=102352

Yes. But this is kinda the original thread. Todd could should have read this one before posting. I don't feel like discussing spider legs either... and Sly latest comment deserved a reply.

I'm still curious as to how this was done. writing to an .htaccess file is no easy task, especially from within a php script and assuming there's some minimum level of security in place.

brewbuck
04-28-2008, 03:09 PM
I don't see why any of us should waste a single braincell-second more on these idiots. It's up to the admin to figure out what they exploited and fix it. Other than that, let these guys rot in their little dungeons.

Attention is what they want, and that's what they're getting right now.

kermi3
04-28-2008, 03:50 PM
Obviously we were hacked. They took down all index pages. The webmaster is working on getting everything back up. Thanks to all of you who contacted us to make sure we knew it was down.

Mario F.
04-28-2008, 04:21 PM
I just feel it would be interesting to know how it was done. Some of us here have our own websites. Wouldn't hurt to discuss this and in the process gain some new knowledge. That's all. But... apparently that's asking too much.

brewbuck
04-28-2008, 04:24 PM
I just feel it would be interesting to know how it was done. Some of us here have our own websites. Wouldn't hurt to discuss this and in the process gain some new knowledge. That's all. But... apparently that's asking too much.

I'm not trying to tell anybody to "shut up" or anything like that. I just think posting screenshots of what the site looked like is a bit over the top, and sort of glorifies the morons. Yes, I'm interested to know what the exploit was. Beyond that I won't give these guys any more air time.

kermi3
04-28-2008, 05:42 PM
I just feel it would be interesting to know how it was done. Some of us here have our own websites. Wouldn't hurt to discuss this and in the process gain some new knowledge. That's all. But... apparently that's asking too much.

If I find out more that I can pass along, I will. You know what I know.

Mario F.
04-28-2008, 05:56 PM
Thanks Kermi. And I apologize for having jumped into conclusions.

manav
04-29-2008, 01:28 AM
wow! first time i have witnessed a #@k3r$ 4tt4(k!!!

i mean it is serious but, really, first time for me! :(

guesst
04-29-2008, 12:09 PM
I always think things like this are more annoying than serious. I mean, maybe they are. In truth, tho, it just seems to me a desperate cry for attention. Someone needs a hug.

abachler
04-29-2008, 12:27 PM
As if anyone is going to trust haxorz to manage their site security. So there was a security flaw in the site, not like this site handles classified information or personal data.