gov forum hacked
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: gov forum hacked

  1. #1
    Junior Member
    Join Date
    Mar 2005
    Posts
    1

    gov forum hacked

    Look like somebody hacked gov forum
    http://www.darebin-libraries.vic.gov.au/forum/
    http://www.devon.gov.uk/discussion/index.php

    But the admin dunno about this hacking...you can see it left corner on the top one

  2. #2
    Senior Member
    Join Date
    Jan 2004
    Posts
    172
    doesn't surprise me... both sites are runing phpBB 2.0.10 and there have been some "critical" updates and releases upto 2.0.13.

    If you want to be secure, you've gotta keep current.

  3. #3
    Banned
    Join Date
    May 2003
    Posts
    1,004
    or use software that doesn't suck

  4. #4
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    or use software that doesn't suck
    That has got to be the shortest post I have seen you make Catch,

    So what would you recommend and why?
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  5. #5
    Senior Member
    Join Date
    Jan 2005
    Posts
    128
    Powered by phpBB 2.0.11 2001, 2002 phpBB Group

    He aint elite, anyone could have hacked that server ... ****'in jesus, the source is public, doesnt make you elite, not completely destroying the site wont make you a skiddie either
    http://sfx-images.mozilla.org/affili...88x31/take.gif
    If You\'ve Done Something Right. People Wont Know You\'ve Done Anything At All - God (futurama)

  6. #6
    Banned
    Join Date
    May 2003
    Posts
    1,004
    Heh, yeah usually a little more long winded.

    Just sick of software that requires the user to remain on the bleeding edge, else suffer through serious, well published exploits.

    In the past when I used a web based message board system I added my own security additions using an external flatfile with hashes to ensure that users cannot change account accesses within a session. This was joined with a trusted operating system to ensure that the web server or the system itself couldn't be leveraged to alter the BBS. However all of that isn't needed.

    Other techniques would be to limit access to files and functions by IP address and direct create several DB accounts with different powers (least privilege) and assign each script to the appropriate DB connection. This dramatically reduces the risk of SQL injection attacks.

    These techniques are not full proof, but they greatly add to the overall security and can easily be added to the application even by a crappy programmer like myself.

    cheers,

    catch

  7. #7
    If you don't trust your software you can try a web application firewall, given you don't have time to hack your app's source.

    http://www.modsecurity.org/

  8. #8
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Well I just fired off an email to the Devon County peeps, asking what they thought of this thread and pointing them to the Elite Hackors, Hacked page.

    Hopfuly they will see you post, Catch.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  9. #9
    Banned
    Join Date
    May 2003
    Posts
    1,004
    An application firewall only prevents an application from over-extending itself, for example forking a shell (or really anything involving writing to parts of the memory that it shouldn't). An application firewall will not help issues like SQL injection or hacks that otherwise do not violate the applications rights. For example, a normal BBS users using BBS admin rights is not doing anything beyond the scope of the application, just a user that shouldn't be doing it.

    cheers,

    catch

    edited to add:
    Hopfuly they will see you post, Catch
    Perhaps I should add a paypal donate button.

  10. #10
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Perhaps I should add a paypal donate button.
    I'll take 15% commision, thank you very much.Lmao
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •