| Author |
Message |
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
 Posted:
Tue Jan 25, 2005 5:45 am |
|
ok he has sentinel but flash-for-nuke.de just got hacked.
but it is a bit suprising....
also getting the mail...
From: Owned! http://www.flash-for-nuke.de just got hacced so you all want to see a real site wid all da shyte click dis!!!!! http://ronnies-realm.tk
i know where they put the stuff in....
its probably in the Footer Messages. |
| |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Tue Jan 25, 2005 7:58 am |
|
Look for applications that allow uploading. Did he have httpauth turned on? I doubt it. |
| |
|
|
|
|
hitwalker
|
| Posted:
Tue Jan 25, 2005 8:22 am |
|
well he's very slow on fixing it.... |
| |
|
|
|
|
djmaze
Subject Matter Expert
Joined: May 15, 2004
Posts: 727
Location: http://tinyurl.com/5z8dmv
|
| Posted:
Tue Jan 25, 2005 10:40 pm |
|
His real website is http://www.ronnies-realm.3at-me.com/
and he has a "referers list" that is filled with his own domain ronnies-realm.3at-me.com/ which is just a entrance page.
I can spam his referers list with a different site if you want  (or other bad things)
[edit]
His root is /home/eatme/public_html/ronnies-realm/ |
| |
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2496
|
| Posted:
Tue Jan 25, 2005 11:14 pm |
|
After 500kbs I got tired of waiting for his page to load. I consider it a text browsing site after that. |
_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 |
|
|
|
|
djmaze
|
| Posted:
Wed Jan 26, 2005 8:50 am |
|
|
|
|
|
sixonetonoffun
|
| Posted:
Wed Jan 26, 2005 9:53 am |
|
Trying to find my Black Hat I know its around here somewhere... |
| |
|
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6437
|
| Posted:
Wed Jan 26, 2005 3:01 pm |
|
See the updated thread that DJMaze posted. The hacked site wasn't using HTTP admin authentication. It is now... |
_________________
I search, therefore I exist...
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
valkster
New Member
Joined: May 29, 2004
Posts: 5
|
| Posted:
Thu Jan 27, 2005 5:18 pm |
|
Yep, these turds hacked my site www.zamboozle.com. I had PHPnuke 7.2 and Sent 2.13 installed, it was hacked. Sent has always blocked attempts in the past, hundreds of them on my site. I though it was the old nuke so I went to 7.6 chatserv.
Setup the vanilla site and installed sent 2.13. Went upstairs to grab a bite to eat, came back downstairs and the site was hacked again, Andrew and Ronnie.
Have turned on HTTPauth w/CGIauth on the admin.php and problem has been solved so far. I wish i would have utilized this feature long ago, just never really figured it would be needed.
Looking at my RAW access logs I see they have been trying to hack me again with proxied IPs from Australia. Actually funny they try to access my admin.php get pissed off after awhile and try an authors attack and get nailed and banned by Sent.
I wish I would have caught the first attempt early enough before my RAW logs were updated but I did not. Whatever they are doing they can access the God password and take over the site and sent doesnt catch them. I guess this means everyone would need to utilize HTTPauth for the time being or be at risk.
Regards |
| |
|
|
|
|
Raven
|
| Posted:
Thu Jan 27, 2005 5:56 pm |
|
I developed HTTPAuth for Nuke Sentinel when everyone was trying to add code here and there to try to catch all the possibles. That was a never ending job. So, I thought, well, if they can't get to it they can't hack it. Once again, necessity is the mother of invention  |
| |
|
|
|
|
PHrEEkie
Subject Matter Expert
Joined: Feb 23, 2004
Posts: 358
|
| Posted:
Thu Jan 27, 2005 9:35 pm |
|
Once you have a server-side login setup, it's over for them. You can setup a frickin' Guest account in the author's table and email them the login... they still won't get in.
The only thing you need Sentinel for, then, is to stop them from injecting their banner into your news and such. That's what they're reduced to.. without access to admin.php to be able to login, a login is useless, and they can't do any real permanent damage with just injections. Which is again why it is so silly to rename admin.php. Leave it admin.php, make the God user Guest and the password Welcome. Let's see them crack the server-side password, which when I create them, exist behind the webroot where they are not readable by anyone but the owner.
One thing I'd like to caution new webmasters about is using the same MySQL password as your FTP/Control Panel login. NO NO NO!!! hehe The highlight exploit in phpBB 2.0.10 and below allowed hackers to view your config.php, where your user and password are in plain text. If this is also your FTP/Panel login, well, they now own your whole web filesystem.
Always make your MySQL user and password UNIQUE from everything else, and make it robust! Always use both lower and upper-case letters and numbers. A few weird characters like dashes can't hurt either.
ilikeicecream is not robust...
I--liKe-42-ICE-CreAM-9x is...
PHrEEk |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
