Look like somebody hacked gov forum
http://www.darebin-libraries.vic.gov.au/forum/
http://www.devon.gov.uk/discussion/index.php
But the admin dunno about this hacking...you can see it left corner on the top one
Printable View
Look like somebody hacked gov forum
http://www.darebin-libraries.vic.gov.au/forum/
http://www.devon.gov.uk/discussion/index.php
But the admin dunno about this hacking...you can see it left corner on the top one
doesn't surprise me... both sites are runing phpBB 2.0.10 and there have been some "critical" updates and releases upto 2.0.13.
If you want to be secure, you've gotta keep current.
or use software that doesn't suck
That has got to be the shortest post I have seen you make Catch, :DQuote:
or use software that doesn't suck
So what would you recommend and why?
Powered by phpBB 2.0.11 © 2001, 2002 phpBB Group
He aint elite, anyone could have hacked that server ... ****'in jesus, the source is public, doesnt make you elite, not completely destroying the site wont make you a skiddie either
Heh, yeah usually a little more long winded.
Just sick of software that requires the user to remain on the bleeding edge, else suffer through serious, well published exploits.
In the past when I used a web based message board system I added my own security additions using an external flatfile with hashes to ensure that users cannot change account accesses within a session. This was joined with a trusted operating system to ensure that the web server or the system itself couldn't be leveraged to alter the BBS. However all of that isn't needed.
Other techniques would be to limit access to files and functions by IP address and direct create several DB accounts with different powers (least privilege) and assign each script to the appropriate DB connection. This dramatically reduces the risk of SQL injection attacks.
These techniques are not full proof, but they greatly add to the overall security and can easily be added to the application even by a crappy programmer like myself. ;)
cheers,
catch
If you don't trust your software you can try a web application firewall, given you don't have time to hack your app's source.
http://www.modsecurity.org/
Well I just fired off an email to the Devon County peeps, asking what they thought of this thread and pointing them to the Elite Hackors, Hacked page.
Hopfuly they will see you post, Catch.
An application firewall only prevents an application from over-extending itself, for example forking a shell (or really anything involving writing to parts of the memory that it shouldn't). An application firewall will not help issues like SQL injection or hacks that otherwise do not violate the applications rights. For example, a normal BBS users using BBS admin rights is not doing anything beyond the scope of the application, just a user that shouldn't be doing it.
cheers,
catch
edited to add:
Perhaps I should add a paypal donate button. ;)Quote:
Hopfuly they will see you post, Catch
I'll take 15% commision, thank you very much.LmaoQuote:
Perhaps I should add a paypal donate button.