Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 15 Jul 2004, 10:18
MindTrix's Avatar
MindTrix MindTrix is offline
 
Join Date: Apr 2002
Real name: Liam Hawkins
Hacking message board?

I always see posts about peoples message boards beeing hacked into and deleted. I dont want to know how to do it obviously that doesnt interest me, just more or less why it happens. I mean, i know someone who goes around bragging he hacks and deletes boards, and he registered at my forums and got an instant ban etc. But can he really hack and delete my board? Or does this usualy only happen when u let people have admin access or ftp info?

Just wondering thats all :surprised:
__________________
Hacks Made :
Store 3.0 Color Name Add On.
Last 5 Attachments On Forum Home
Rap Battle System -=RBS=-

Tutorials Made :
The Basics Of PHP For Beginners and The Basics Of PHP [Part 2]

Running away from that Thousand Post Mark
Reply With Quote
  #2  
Old 15 Jul 2004, 10:25
Dean C's Avatar
Dean C Dean C is offline
 
Join Date: Jan 2002
Real name: Dean Clatworthy
Well there are vulnrabilities in older versions of vB but right now it's pretty secure so I doubt anyone will be able to hack their way in
__________________
Dean Clatworthy - Web Developer/Designer
Reply With Quote
  #3  
Old 15 Jul 2004, 10:26
Zero Tolerance's Avatar
Zero Tolerance Zero Tolerance is offline
 
Join Date: Feb 2004
Real name: Scot
My site got hacked a couple of months ago, this was using httpd, he managed to upload install.php into my install/ directory, and authenticate.php (so the member number required to access to install could be whatever he wanted). Upon doing so he did a fresh installation of my forum, about 1000 members, 20,000 posts wiped. To stop this been repeated i simple deleted the install/ directory.

Why he/her did it? Not a clue, pissed me off a great deal too. But to them it's just fun over and over to see forum's crumble at there handy work.

Quite sad id say, those people need attention, fast.

- Zero Tolerance
Reply With Quote
  #4  
Old 15 Jul 2004, 10:33
MindTrix's Avatar
MindTrix MindTrix is offline
 
Join Date: Apr 2002
Real name: Liam Hawkins
So people cannot hack into your forums unless they have like admin access or ftp access?
__________________
Hacks Made :
Store 3.0 Color Name Add On.
Last 5 Attachments On Forum Home
Rap Battle System -=RBS=-

Tutorials Made :
The Basics Of PHP For Beginners and The Basics Of PHP [Part 2]

Running away from that Thousand Post Mark
Reply With Quote
  #5  
Old 15 Jul 2004, 10:35
Zero Tolerance's Avatar
Zero Tolerance Zero Tolerance is offline
 
Join Date: Feb 2004
Real name: Scot
Yes, the guy who hacked me had no access to my site or ftp, he used a form of hacking known as httpd, that's all i know. He used a browser to uplaod a script to my site...

But this method cannot add folders, so by deleting the folder the process couldn't be repeated.

- Zero Tolerance
Reply With Quote
  #6  
Old 15 Jul 2004, 10:41
MindTrix's Avatar
MindTrix MindTrix is offline
 
Join Date: Apr 2002
Real name: Liam Hawkins
So i can delete INSTALL folder safely and it wont mess up vbulletin? and then i will be safer from attacks?
__________________
Hacks Made :
Store 3.0 Color Name Add On.
Last 5 Attachments On Forum Home
Rap Battle System -=RBS=-

Tutorials Made :
The Basics Of PHP For Beginners and The Basics Of PHP [Part 2]

Running away from that Thousand Post Mark
Reply With Quote
  #7  
Old 15 Jul 2004, 10:52
Zero Tolerance's Avatar
Zero Tolerance Zero Tolerance is offline
 
Join Date: Feb 2004
Real name: Scot
I would greatly advise it, it will stop the method of hacking that happened to me, and i wouldn't want it to happen to anyone else.

- Zero Tolerance
Reply With Quote
  #8  
Old 15 Jul 2004, 10:53
MindTrix's Avatar
MindTrix MindTrix is offline
 
Join Date: Apr 2002
Real name: Liam Hawkins
Ok ill do it now then ( or just rename it ) oh check your pms pleaseee
__________________
Hacks Made :
Store 3.0 Color Name Add On.
Last 5 Attachments On Forum Home
Rap Battle System -=RBS=-

Tutorials Made :
The Basics Of PHP For Beginners and The Basics Of PHP [Part 2]

Running away from that Thousand Post Mark
Reply With Quote
  #9  
Old 15 Jul 2004, 12:09
Tony G's Avatar
Tony G Tony G is offline
 
Join Date: Nov 2001
Real name: ITS A SECRET
Originally Posted by Zero Tolerance
My site got hacked a couple of months ago, this was using httpd, he managed to upload install.php into my install/ directory, and authenticate.php (so the member number required to access to install could be whatever he wanted). Upon doing so he did a fresh installation of my forum, about 1000 members, 20,000 posts wiped. To stop this been repeated i simple deleted the install/ directory.

Why he/her did it? Not a clue, pissed me off a great deal too. But to them it's just fun over and over to see forum's crumble at there handy work.

Quite sad id say, those people need attention, fast.

- Zero Tolerance
If the reason for hacking a forum isn't for revenge or hate, it usually is just the type of hacker that finds fun in watching sites and forums crumble and break down. Those people, they need lives.
Reply With Quote
  #10  
Old 15 Jul 2004, 18:56
FleaBag's Avatar
FleaBag FleaBag is offline
 
Join Date: Dec 2001
I run a local community music board [which I think is now the biggest in my country], but alas there are many 'rivals' - I try to keep as up to date as possible. Two of my 'rivals' have recently been hacked... One was running Inivison and was completely wiped - I noticed two days ago that another using PHPBB as a Nuke module has been hacked, it seems, by a 'muslim activist' - I say that in quotes because obviously I have no idea who actually did it, but there was lots of anti Jewish/American and pro Palastinian/Muslim info on there. Obviously a site in Wales about rock music has nothing to do with this cause, it seems people don't even need a reason to hack you.
Reply With Quote
  #11  
Old 15 Jul 2004, 20:16
EvilLS1's Avatar
EvilLS1 EvilLS1 is offline
 
Join Date: Apr 2002
I think 90% of the time its script kiddies who mess up peoples boards. They find the vulnerability in certain softwares on these security sites. Alot of these sites also tell you how to exploit the security hole. So even though the script kiddie knows nothing about code or hacking he simply follows the instructions on the security site and "hacks" peoples boards. Why does he do it? Your guess is as good as mine.

Best way to avoid being "hacked" is to keep your forum software up-to-date and be very careful which hacks you install. Only install hacks that you need and check over the code yourself if you know what to look for. I learned that the hard way. My board was hacked about a year ago due to an SQL injection vulnerability with the Store hack for vb2. Luckily damage was minimal b/c I caught him shortly after he gained admin access.
__________________
V4MuscleBike.com
Reply With Quote
  #12  
Old 15 Jul 2004, 20:57
SaN-DeeP's Avatar
SaN-DeeP SaN-DeeP is offline
 
Join Date: Jun 2002
Originally Posted by EvilLS1
I think 90% of the time its script kiddies who mess up peoples boards. They find the vulnerability in certain softwares on these security sites. Alot of these sites also tell you how to exploit the security hole. So even though the script kiddie knows nothing about code or hacking he simply follows the instructions on the security site and "hacks" peoples boards. Why does he do it? Your guess is as good as mine.

Best way to avoid being "hacked" is to keep your forum software up-to-date and be very careful which hacks you install. Only install hacks that you need and check over the code yourself if you know what to look for. I learned that the hard way. My board was hacked about a year ago due to an SQL injection vulnerability with the Store hack for vb2. Luckily damage was minimal b/c I caught him shortly after he gained admin access.
I fully agree with EvilLS1

As additional security measures.
Rename your modcp and admincp dirs and set .hta xs to those

Keep a copy of admincp and modcp dirs, with .hta acces (these dirs will be blank as u already renamed them)

but this way, these newbies or script kiddies would end up messing in places were nothing can be found at all

my 2 cents
Reply With Quote
  #13  
Old 16 Jul 2004, 00:07
filburt1 filburt1 is offline
 
Join Date: Feb 2002
Originally Posted by Zero Tolerance
Yes, the guy who hacked me had no access to my site or ftp, he used a form of hacking known as httpd, that's all i know. He used a browser to uplaod a script to my site...

But this method cannot add folders, so by deleting the folder the process couldn't be repeated.

- Zero Tolerance
httpd is Apache. Your host was probably running an old version. 99% of the time a board is hacked is due to the administrator's own fault of running an old version of the software or choosing a host who does not take security seriously and lags on software updates.
Reply With Quote
  #14  
Old 16 Jul 2004, 00:08
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Real name: Zachery Woods
Originally Posted by filburt1
httpd is Apache. Your host was probably running an old version. 99% of the time a board is hacked is due to the administrator's own fault of running an old version of the software or choosing a host who does not take security seriously and lags on software updates.
There is no reason to delete the install folder, only what it tells you to, the ONLY file that you NEED to delete is install.php as it is the ONLY file that could cause any harm.
__________________
Looking for ImpEx?
Reply With Quote
  #15  
Old 16 Jul 2004, 06:07
Modin Modin is offline
 
Join Date: Jun 2004
Yeah, there's many ways to hack a board, either by a board vulnerability (which I haven't seen any for vb3), a security vulnerability like improper passwords, improperly set permissions etc, or if the host is running vulnerable software like older versions of apache, mysql, php, has improper security permission there too, etc... (got ya scared yet?) In the later case if your host has stuff improperly set up then there's nothing you can really do to protect yourself, though with the suggestions above by others you can be sure it wasn't your own fault

They reason they hack is usually for giggles, I've known a couple of these people and they get their kicks by seeing that "404 error". The odd time it's for revenge, but rarely.

Personally, including the other's suggestions, just keep a recent backup of your site on a different pc, I usually backup every couple days or so, so worst case I've lost a couple days of posts...
__________________
return "PHP Coder";
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 01:04.

Layout Options | Width: Wide Color: