http://cboard.cprogramming.com
I guess WEBMASTER's no longer the webmaster.
Printable View
http://cboard.cprogramming.com
I guess WEBMASTER's no longer the webmaster.
it's pretty annoying that while they say they don't do it to be malicious, their activity clearly causes problems. why couldn't they just find the security hole, and report it, rather than completely disrupt legitimate users' use of the website? these are not good people, regardless of what they say about themselves.
Agreed, Elkvis.
Those who aren't out to cause damage or other problems, like you say, will not disrupt sites. They would report the problem to the vendors of vBulletin (the software this site uses) in the first instance. At most, they would provide site admins with advice on how to address the vulnerability, and advise those admins to actively check with the software vendors for fixes.
I haven't followed the link they give to their own forum but, from its URL, it is a porn site.
So, credibility of these hackers is pretty low in my view.
I can think of one reason...Quote:
Originally Posted by Elkvis
If you find a security hole and and report it, the operators are likely to patch it at their leisure.
If you find a security hole and exploit it, the operators are likely to patch it as fast as they can.
If they had access to the whole forums but chose to only deface the entry page, that's pretty credible.
If I were webmaster, I would be thankful the exploit was harmless (outside of harm to reputation) rather than destructive.
If I were webmaster, I'd be ........ed, because there is nothing that I can do, aside from update forum software, because I don't necessarily have the ability to manually edit vBulletin software.
Imagine if Amazon were similarly defaced. "Dear third party merchants, we defaced Amazon because it's not secure. This was not intended to interrupt your business." Yeah, kiss the fattest part of my ass.
you make a good point, but it doesn't excuse their actions. vBulletin is all php, and it would be a simple matter to override the home page, and redirect after a few seconds to the actual page, after notifying the site visitor that it had been compromised. there is literally no excuse for rendering a whole web site effectively inaccessible, just to make a point about security. these guys are thugs, plain and simple. they do this for their own amusement, and nothing else.Quote:
Originally Posted by Yarin
We seem to be back on track now, it looks like the hacker got in with a well know Vbulletin exploit. He only edited the forum.php file. I have replaced it and everything is working like normal. :cool:
Whats the legal recourse for something like this?
Apart from the chatbox and the invitation to join a gaming group? Or was that just intentional spam for the forum?Quote:
Originally Posted by webmaster
I second guessed it as well. :pQuote:
Originally Posted by ledow
The weird part is how the link is overlined rather than underlined.
if it was so well known, wasn't it preventable then? or is there no known patch for that particular exploit?Quote:
Originally Posted by webmaster