My site was hacked into..
Results 1 to 8 of 8

Thread: My site was hacked into..

  1. #1
    Junior Member
    Join Date
    Jan 2003
    Posts
    2

    My site was hacked into..

    Hey everyone, first off this looks like a great website, very education. Anyhow, Mr. LieuMang (he actually has an account on here I noticed, and this is where he learned how to hack into PHP forums, which is what I have on my site) hacked in there. I've got a couple of questions. First, does anybody have any experience with Can-Host? It's the hosting company I use. It's pretty cheap, and usually they are alright with support, but I e-mailed them 6 days ago and have still not received anything back. Also, I am 99.5% sure that Mr LieuMang hacked in through the PHP forum using a buffer overflow, so how could I protect against this in the future? Anything short of taking the PHP out and getting something else in there? Thanks.

    Also, I forgot one thing, if you want to check out the site it's www.rabidchipmunkmusic.com. The message he put up is still there, as I can't get back in. I'm about to the point where I'm going to try to hack into my own stinking website to get control of it again!
    -Beano
    Bassist/Vocalist of Rabid Chipmunk
    www.rabidchipmunkmusic.com

  2. #2
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Im sure that he did NOT LEARN that in here......I would really goto the newbies faq sections and read up on how or what to post in here.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  3. #3
    A buffer overflow? (like instronics said) I'm sure he didn't learn that @ AO...

    You should look for any updates on your PHP software, it's most likely that your friend Mr LieuMang found the buffer overflow exploit on some skript kiddie sight (ie- PacketStorm)... These exploits and fixes go hand in hand, as soon as the exploit is posted on the www, a fix will usually come out a few weeks later...

    I suggest searching for updates and or exploits for your PHP package...

    I hope this helped :-)
    When you connect to your ISP, you are potentially opening your computer to the world. There are \'naughty people\' out there who enjoy breaking into other people\'s computers. Give some thought to the security of your computer...
    http://www.AntiOnline.com/sig.php?imageid=360

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    181
    Web application security is a massive topic, and a buffer overflow attack is only one method.

    Have a look at www.owasp.org as this is the best web site for web application security. They also have a paper on securiting web applications

    But to start you off, in sloving this problem, you need to write some form of input validation for for form. Ie, is you expect a number between 1 and 10, test to see if it's a number between 1 and 10. If it not, then dont process any of the data.

    Hope that gives you something to go on

    SittingDuck
    I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"

  5. #5
    Junior Member
    Join Date
    Jan 2003
    Posts
    2

    Smile

    Finally we have control of our website again, I guess the question now is how to keep it secure. I upgraded the PHP forum to the latest version, and changed security settings. Now members cannot upload anything to the server, and you must be a member to post. Basically, anything to make it secure I did. Thanks for the responces guys.
    -Beano
    Bassist/Vocalist of Rabid Chipmunk
    www.rabidchipmunkmusic.com

  6. #6
    Senior Member
    Join Date
    Jan 2003
    Posts
    100
    just because he is a member of this site .. there are tonnes of sites on the net that you can get exploits etc off .
    Just because you don\'t see it doesn\'t mean it\'s not there

  7. #7
    er0k
    Guest
    hrm.. i could see him learning about buffer overflows and stuff here, but not how to do them, etc. he may have learned the theory but not the way in which to practice. since this site deals with everything security related, he could have read some discourse on how to prevent buffer overflows, and took it there, so dont throw out him learning about buffer overflows completely at AO, that just makes this site look lame if you completely eliminate the possibility of a person learning about something here, just not *how* to do it maliciously...

  8. #8
    Senior Member
    Join Date
    Jan 2003
    Posts
    100
    you could learn about buffer overflows from just about anywhere on the net.. this site included. a quick search on www.google.com will get you anything
    Just because you don\'t see it doesn\'t mean it\'s not there

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •