| View previous topic :: View next topic |
| Author |
Message |
Its_The_Sneak!!! Blocked by SOPA

Gender:  Joined: 13 Mar 2006 Posts: 6077 Status: Moderator
|
Posted: Tue Mar 28, 2006 1:28 am Post subject: |
|
|
dang.
Oh well.
...
ooh, what if you moved your HTTP server to a different port, and then tell everyone which port to point their browsers to?
That way, he won't be able to get in unless he's able to do a port scan! _________________ Come into my den let me hear you cluck
You can be my hen and we can f(Bu-GAWK)
A bite to the leg, it's time to play
Baby, let me be your egg that needs to get laid.
- CEO Nwabudike Morgan
"The Chicken of Lust" |
|
| Back to top |
|
 |
RockmanWilliam Its_The_Sneak!!!

Gender:  Joined: 14 Mar 2006 Posts: 3691 Status: User
|
Posted: Tue Mar 28, 2006 1:34 am Post subject: |
|
|
I won't resort to that yet. I kind of have him check mated as I'm posting this. _________________
| Zenodoros wrote: | | I had it both ways throughout the night fight. |
|
|
| Back to top |
|
 |
RockmanWilliam Its_The_Sneak!!!

Gender:  Joined: 14 Mar 2006 Posts: 3691 Status: User
|
Posted: Tue Mar 28, 2006 1:49 am Post subject: |
|
|
R0((0 |30773 wrote: | I will have these forums rendered mine by the end of this week.
Have fun 'till then. |
Sigh. Bluff. _________________
| Zenodoros wrote: | | I had it both ways throughout the night fight. |
|
|
| Back to top |
|
 |
Its_The_Sneak!!! Blocked by SOPA

Gender:  Joined: 13 Mar 2006 Posts: 6077 Status: Moderator
|
Posted: Tue Mar 28, 2006 1:51 am Post subject: |
|
|
well, let's hope. _________________ Come into my den let me hear you cluck
You can be my hen and we can f(Bu-GAWK)
A bite to the leg, it's time to play
Baby, let me be your egg that needs to get laid.
- CEO Nwabudike Morgan
"The Chicken of Lust" |
|
| Back to top |
|
 |
RockmanWilliam Its_The_Sneak!!!

Gender:  Joined: 14 Mar 2006 Posts: 3691 Status: User
|
Posted: Tue Mar 28, 2006 1:53 am Post subject: |
|
|
What would be the result if he did "render his forum"?
Should I report anything to phpbb team? _________________
| Zenodoros wrote: | | I had it both ways throughout the night fight. |
|
|
| Back to top |
|
 |
Its_The_Sneak!!! Blocked by SOPA

Gender:  Joined: 13 Mar 2006 Posts: 6077 Status: Moderator
|
Posted: Tue Mar 28, 2006 1:55 am Post subject: |
|
|
... he probably means he'll have it under his control.
heh, unless he's going to redo the forum in 3D.
That'd be awesome. _________________ Come into my den let me hear you cluck
You can be my hen and we can f(Bu-GAWK)
A bite to the leg, it's time to play
Baby, let me be your egg that needs to get laid.
- CEO Nwabudike Morgan
"The Chicken of Lust" |
|
| Back to top |
|
 |
RockmanWilliam Its_The_Sneak!!!

Gender:  Joined: 14 Mar 2006 Posts: 3691 Status: User
|
Posted: Tue Mar 28, 2006 1:57 am Post subject: |
|
|
He's not going to have control. I think it has something to do with virinfluence's anonymous ftp leading DIRECTLY into his public html. That would explain why thus far the hacker hasn't been able to do anything with fuxxor yet. _________________
| Zenodoros wrote: | | I had it both ways throughout the night fight. |
|
|
| Back to top |
|
 |
Its_The_Sneak!!! Blocked by SOPA

Gender:  Joined: 13 Mar 2006 Posts: 6077 Status: Moderator
|
Posted: Tue Mar 28, 2006 2:01 am Post subject: |
|
|
well, he might be hard at work cracking your FTP password then.
or barring that, your forum password.
Better change it. _________________ Come into my den let me hear you cluck
You can be my hen and we can f(Bu-GAWK)
A bite to the leg, it's time to play
Baby, let me be your egg that needs to get laid.
- CEO Nwabudike Morgan
"The Chicken of Lust" |
|
| Back to top |
|
 |
RockmanWilliam Its_The_Sneak!!!

Gender:  Joined: 14 Mar 2006 Posts: 3691 Status: User
|
Posted: Tue Mar 28, 2006 2:03 am Post subject: |
|
|
| Its_The_Sneak!!! wrote: | well, he might be hard at work cracking your FTP password then.
or barring that, your forum password.
Better change it. |
I've all ready changed my forum password.
Even if he COULD get the main ftp address, I'd like to see him get the ftp user name. _________________
| Zenodoros wrote: | | I had it both ways throughout the night fight. |
|
|
| Back to top |
|
 |
beyonder ^.^

Gender:  Joined: 12 Mar 2006 Posts: 321 Status: Administrator
|
Posted: Tue Mar 28, 2006 2:23 am Post subject: |
|
|
Getting the ftp login for a cpanel server(yes, i checked, fuxxor.net and virinfluence.net are both using cpanel.) is trivial once you have admin access on a phpBB forum. You just cause an SQL error, and it will tell you the username used to query the database. This will be login_subname, where "login" is the cpanel and ftp login, and "subname" is whatever name you gave to the db user(unless you used the main database login, in which case it's just going to be that, which is also the ftp login. gasp). You could even do this without admin access, however it's harder to cause the type of error you need.
And the address is just the same as the address for http access...
The only issue would be the password, really.
But then, back to how you think they got in...
If you have read access to the ftp, you can just grab the config.php from the phpBB directory. This will have the database username/password in it! Of course, once somebody has that it's just plain over for the forum.
So basically, having config.php publicly readable is a bad idea. Especially if you use the same password for MySQL as for other things, but I'm guessing you wouldn't do that. _________________
 |
|
| Back to top |
|
 |
RockmanWilliam Its_The_Sneak!!!

Gender:  Joined: 14 Mar 2006 Posts: 3691 Status: User
|
Posted: Tue Mar 28, 2006 2:28 am Post subject: |
|
|
Actually my lazy *bleep* just used fantastico and got the funky database name and user. He can't do anything. All my public ftp options or set to off, so he can't go browse the config files. From what you're telling me, I'm safe.
But how does he get the phpbb forum user passwords, if that is infact what he does? _________________
| Zenodoros wrote: | | I had it both ways throughout the night fight. |
|
|
| Back to top |
|
 |
beyonder ^.^

Gender:  Joined: 12 Mar 2006 Posts: 321 Status: Administrator
|
Posted: Tue Mar 28, 2006 2:40 am Post subject: |
|
|
Safe if that's actually how he got in, and doesn't know another way in. There is a known exploit in phpBB involving remote avatars and session hijacking, but that would be extremely tricky to pull off, and relies on some settings on the board. I wouldn't worry about that too much. Other than that, I don't know what else is running on your host, so I wouldn't be able to tell you how to protect yourself too well. _________________
 |
|
| Back to top |
|
 |
RockmanWilliam Its_The_Sneak!!!

Gender:  Joined: 14 Mar 2006 Posts: 3691 Status: User
|
Posted: Tue Mar 28, 2006 2:43 am Post subject: |
|
|
| beyonder wrote: | | Safe if that's actually how he got in, and doesn't know another way in. There is a known exploit in phpBB involving remote avatars and session hijacking, but that would be extremely tricky to pull off, and relies on some settings on the board. I wouldn't worry about that too much. Other than that, I don't know what else is running on your host, so I wouldn't be able to tell you how to protect yourself too well. |
Do you have I.M. or something that I could give you better information with? Also, I really wouldn't be worried, but it LOOKS like he's been able to get into other forums. _________________
| Zenodoros wrote: | | I had it both ways throughout the night fight. |
|
|
| Back to top |
|
 |
beyonder ^.^

Gender:  Joined: 12 Mar 2006 Posts: 321 Status: Administrator
|
Posted: Tue Mar 28, 2006 3:07 am Post subject: |
|
|
Should be in my profile... _________________
 |
|
| Back to top |
|
 |
Hoff
Gender:  Joined: 12 Mar 2006 Posts: 1398 Status: User
|
Posted: Tue Mar 28, 2006 3:33 pm Post subject: |
|
|
Anyways, he hasn't really done anything yet. If I was a legitimate hacker, I wouldn't go out and give warnings to the people I'm about to screw over or tell them that their site will be dead "in a week". I'd just go screw them over and leave.
LIKE A NINJA. |
|
| Back to top |
|
 |
|