Programming C, C++, Java, PHP, Ruby, Turing, VB
Computer Science Canada 
Programming C, C++, Java, PHP, Ruby, Turing, VB  

Username:   Password: 
 RegisterRegister   
 Hacking Attempts
Index -> Network News
View previous topic Printable versionDownload TopicSubscribe to this topicPrivate MessagesRefresh page View next topic
Author Message
Dan




PostPosted: Sat Sep 22, 2007 3:05 pm   Post subject: Hacking Attempts

We have been geting alot of hacking attempts agisted the phpbb part of our code in the last 24 hours. Noramly we get a few perday but it has jumped to one or two a min. Becues of this i will be banning all ips that send an atack sting at our fourm. As far as i can tell no users are from thess IPs but if you get a message like this:

Quote:

Forbidden

You don't have permission to access /v3/index.php on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.0.58 (Gentoo) mod_ssl/2.0.58 OpenSSL/0.9.8d PHP/5.2.2-pl1-gentoo mod_watch/4.3 Server at compsci.ca Port 80


contact me ASAP (tho if you are geting that message you probly can not see this.) There is no risk in this stie being hacked by thess expoites as our code is not close enought to phpbb to be comiable with them, however they eat up neeedless bandwith and mess with the user stats so i will be blocking them at the webserver level.
Computer Science Canada Help with programming in C, C++, Java, PHP, Ruby, Turing, VB and more!
Sponsor
Sponsor
Sponsor
sponsor
crash-hack




PostPosted: Sat Nov 24, 2007 8:38 am   Post subject: Re: Hacking Attempts

Good morning admininstrator, I'm crash-hack from Italy.
I didn't attack this site and I didn't login to admininstrator.

But the bug is on the mod links, it's vulnerable of a sql injection attack...

Please disable it...Don't worry, I don't login with admin account, but I only find the misterios bug and I love help admin... Mr. Green

For question please contact me:

crash-hack@hotmail.it
www.hacktime.altervista.org



PS: I love Montreal...
Mazer




PostPosted: Sat Nov 24, 2007 11:38 am   Post subject: RE:Hacking Attempts

Montreal is pretty freaking awesome, I like this guy.
crash-hack




PostPosted: Sat Nov 24, 2007 12:22 pm   Post subject: Re: Hacking Attempts

Thanks much brother... Mr. Green
Dan




PostPosted: Sat Nov 24, 2007 1:48 pm   Post subject: Re: Hacking Attempts

Dan @ 22nd September 2007, 3:05 pm wrote:
There is no risk in this stie being hacked by thess expoites as our code is not close enought to phpbb to be comiable with them......


If you blive i am wrong in this stament could you provied more information about the expolite? I blive you are incorect in your asumtion about what this site is running :p
Computer Science Canada Help with programming in C, C++, Java, PHP, Ruby, Turing, VB and more!
crash-hack




PostPosted: Sat Nov 24, 2007 2:57 pm   Post subject: RE:Hacking Attempts

I don't understand what you say.

But I only say that the site is vulnerable, and I have hash ofthe user with id 1.
I don't hack it because the password is difficult to crack, but I always can log in with an cookie generator.
This is your hash: (It's cut, don't worry Wink )

Quote:

http://compsci.ca/v3/
BUG MOD LINKS PHPBB
User ID Number: 1
MD5-Hash is: fd9a5217de***********0cdb093


Please, disable the links mod, there are many lamers on the net...

I look into the whois of the site and I have saw that this site is hosted on a private server.
But on phpbb there is a bug on restore database and I can change a script of the avatar control and I can upload a php shell Razz

So, check the system of this site, you must get a new phpbb.

Sorry for my english...
crash-hack




PostPosted: Sat Nov 24, 2007 2:58 pm   Post subject: Re: Hacking Attempts

Dan @ Sat Nov 24, 2007 1:48 pm wrote:
Dan @ 22nd September 2007, 3:05 pm wrote:
There is no risk in this stie being hacked by thess expoites as our code is not close enought to phpbb to be comiable with them......


If you blive i am wrong in this stament could you provied more information about the expolite? I blive you are incorect in your asumtion about what this site is running :p



Sorry, now I will send the link of the source of this famous exploit... Mr. Green
Tony




PostPosted: Sat Nov 24, 2007 3:19 pm   Post subject: Re: RE:Hacking Attempts

crash-hack @ Sat Nov 24, 2007 2:57 pm wrote:
So, check the system of this site, you must get a new phpbb.

This site isn't running phpbb. We just use crappy mods. Dan?
Latest from compsci.ca/blog: Tony's programming blog. DWITE - a programming contest.
Dan




PostPosted: Sat Nov 24, 2007 3:47 pm   Post subject: Re: RE:Hacking Attempts

crash-hack @ 24th November 2007, 2:57 pm wrote:
I don't understand what you say.

But I only say that the site is vulnerable, and I have hash ofthe user with id 1.
I don't hack it because the password is difficult to crack, but I always can log in with an cookie generator.
This is your hash: (It's cut, don't worry Wink )

Quote:

http://compsci.ca/v3/
BUG MOD LINKS PHPBB
User ID Number: 1
MD5-Hash is: fd9a5217de***********0cdb093


Please, disable the links mod, there are many lamers on the net...

I look into the whois of the site and I have saw that this site is hosted on a private server.
But on phpbb there is a bug on restore database and I can change a script of the avatar control and I can upload a php shell Razz

So, check the system of this site, you must get a new phpbb.

Sorry for my english...


So many things wrong with this:

1. we do not have a user with an id 1
2. we do not have a hash in our database matching that string (i put wild cards in for the *s)
3. my user id is not 1
4. the coest user id to 1 is -1 and that user does not have a hash as it is a speahal user.
5. the other user id closest to 1 is mine and it does not have that hash


So for the link mod expolite, it cleary does not work.

Not shure about this avtar thing but i will have to look in to it more to see if you are full of it or not (you lost some creditbilty with me with that fake hash stunt).


tony wrote:

This site isn't running phpbb. We just use crappy mods. Dan?


We started with a very moded copy of phpbb and then moded it even more, so it once was phpbb but no longer compbtial with anything phpbb inlcuding (lucky for us) alot of phpbb exploites. And yes we do have some crapy mods running with could have expolites, however i am prity shure i fixed the link mod.
Computer Science Canada Help with programming in C, C++, Java, PHP, Ruby, Turing, VB and more!
Display posts from previous:   
   Index -> Network News
View previous topic Tell A FriendPrintable versionDownload TopicSubscribe to this topicPrivate MessagesRefresh page View next topic

Page 1 of 1  [ 9 Posts ]
Jump to:   


Style:  
Search: