|
-
March 1st, 2005, 11:39 PM
#1
Junior Member
gov forum hacked
Look like somebody hacked gov forum
http://www.darebin-libraries.vic.gov.au/forum/
http://www.devon.gov.uk/discussion/index.php
But the admin dunno about this hacking...you can see it left corner on the top one
-
March 2nd, 2005, 12:56 AM
#2
Senior Member
doesn't surprise me... both sites are runing phpBB 2.0.10 and there have been some "critical" updates and releases upto 2.0.13.
If you want to be secure, you've gotta keep current.
-
March 2nd, 2005, 12:57 AM
#3
or use software that doesn't suck
-
March 2nd, 2005, 01:09 AM
#4
or use software that doesn't suck
That has got to be the shortest post I have seen you make Catch, 
So what would you recommend and why?
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
March 2nd, 2005, 01:52 AM
#5
Senior Member
Powered by phpBB 2.0.11 © 2001, 2002 phpBB Group
He aint elite, anyone could have hacked that server ... ****'in jesus, the source is public, doesnt make you elite, not completely destroying the site wont make you a skiddie either
-
March 2nd, 2005, 01:56 AM
#6
Heh, yeah usually a little more long winded.
Just sick of software that requires the user to remain on the bleeding edge, else suffer through serious, well published exploits.
In the past when I used a web based message board system I added my own security additions using an external flatfile with hashes to ensure that users cannot change account accesses within a session. This was joined with a trusted operating system to ensure that the web server or the system itself couldn't be leveraged to alter the BBS. However all of that isn't needed.
Other techniques would be to limit access to files and functions by IP address and direct create several DB accounts with different powers (least privilege) and assign each script to the appropriate DB connection. This dramatically reduces the risk of SQL injection attacks.
These techniques are not full proof, but they greatly add to the overall security and can easily be added to the application even by a crappy programmer like myself. 
cheers,
catch
-
March 2nd, 2005, 02:04 AM
#7
If you don't trust your software you can try a web application firewall, given you don't have time to hack your app's source.
http://www.modsecurity.org/
-
March 2nd, 2005, 02:27 AM
#8
Well I just fired off an email to the Devon County peeps, asking what they thought of this thread and pointing them to the Elite Hackors, Hacked page.
Hopfuly they will see you post, Catch.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
March 2nd, 2005, 02:30 AM
#9
An application firewall only prevents an application from over-extending itself, for example forking a shell (or really anything involving writing to parts of the memory that it shouldn't). An application firewall will not help issues like SQL injection or hacks that otherwise do not violate the applications rights. For example, a normal BBS users using BBS admin rights is not doing anything beyond the scope of the application, just a user that shouldn't be doing it.
cheers,
catch
edited to add:
Hopfuly they will see you post, Catch
Perhaps I should add a paypal donate button.
-
March 2nd, 2005, 02:39 AM
#10
Perhaps I should add a paypal donate button.
I'll take 15% commision, thank you very much.Lmao
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote