I can't beleive this really worked. (ridding yourself of a hacker)

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • ChanServ
    Senior Member
    • Jul 2002
    • 148

    I can't beleive this really worked. (ridding yourself of a hacker)

    For the last week we've had the most the annoying script kiddie hacking our forum. What he had done and I didn't know was uploaded a trojan to the public ftp folder giving him access to all login passwords and shell access. So he kept logging into my accounts, but i .htaccessed and deleted some admin functions fairly nuetralizing him.

    Even though he was no longer of threat to the forum, he was hurting the member base. So me and my administrators got together and made a plan of attack, which we called Operation Overlord after The D-day assault. You see we knew his reason for hacking us was that he thought we were scared of his deleting the forum, we'll what we thought was, why not show him we don't care. So we made a backup of the forum and made sure it worked, which it did. And when he came back he said "Admin me or I'll hack you agian." So we Wiped the thread/post tables, and then made a thread "See how much we care Standard AI(thats what he calls himself". And he was so confused. Then I rebooted the database, and said "See how much what you do matters?". And then I removed his trojan and said "See how easy you are to counter?" and he gave up.

    Hehe, i guess the oddest things work.
  • Raz Meister
    Senior Member
    • Jun 2001
    • 1148

    #2
    How on earth did he get full access from just uploading a file?

    Do you know how he got access in the first place?
    Raz - KMC Forums

    Comment

    • Dave#
      Senior Member
      • Jul 2000
      • 1845

      #3
      How on earth did he get full access from just uploading a file?
      just upload a simple php or perl shell emulator . . . it's how a huge amount of crackers get in.
      http://forums.cpfc.org/

      Comment

      • ChanServ
        Senior Member
        • Jul 2002
        • 148

        #4
        Originally posted by Dave#
        just upload a simple php or perl shell emulator . . . it's how a huge amount of crackers get in.
        yeah thats it's exactly what he does.

        then from there he can use the login info he gets from the server. Standard AI isn't very good at all, just a nuisance.

        Comment

        • AWS
          Senior Member
          • Apr 2000
          • 1830
          • 5.2.x

          #5
          just upload a simple php or perl shell emulator . . . it's how a huge amount of crackers get in.
          That will only work if you allow uploading php or perl files. If you allow those extensions you deserve to be hacked. It's worse than enabling html in posts.
          Admins Zone - Resources for Forum Administrators

          Comment

          • rylin
            Senior Member
            • Jan 2001
            • 1067

            #6
            err,
            ultimately, it doesn't matter what he uploads, as long as people use their brains and don't run stuff they have no idea what it is.

            ChanServ: if he's (in your own words) a script kiddie, and you actually got hit, then i'd have serious talks with whoever is running the server.

            Staying up-to-date with software packages will eliminate an easy 90% of all script kiddies.
            Couple that with sane firewall configurations, and you will "never" (hey, I *am* using quotation marks here ) get hit by a mere script kiddie.

            Yeah sure, they could go for the actual connection or hog the connections to the server, but it would actually take a fair bit of skill to get past firewalls & recent software packages.

            To me, it sounds as if you should consider switching hosts or read up on basic security
            My open eyes see everything, and you see nothing. . .
            That forum

            Comment

            • Dave#
              Senior Member
              • Jul 2000
              • 1845

              #7
              Originally posted by AWS
              That will only work if you allow uploading php or perl files. If you allow those extensions you deserve to be hacked. It's worse than enabling html in posts.
              thanks for that insight into webserver security
              http://forums.cpfc.org/

              Comment

              • ChanServ
                Senior Member
                • Jul 2002
                • 148

                #8
                Originally posted by okidoki
                err,
                ultimately, it doesn't matter what he uploads, as long as people use their brains and don't run stuff they have no idea what it is.

                ChanServ: if he's (in your own words) a script kiddie, and you actually got hit, then i'd have serious talks with whoever is running the server.

                Staying up-to-date with software packages will eliminate an easy 90% of all script kiddies.
                Couple that with sane firewall configurations, and you will "never" (hey, I *am* using quotation marks here ) get hit by a mere script kiddie.

                Yeah sure, they could go for the actual connection or hog the connections to the server, but it would actually take a fair bit of skill to get past firewalls & recent software packages.

                To me, it sounds as if you should consider switching hosts or read up on basic security
                No it wasn't my hosts fault. If you read the first post I said that anon ftp was on without my knowing, one of admins with access to the ftp controls had turned it on to allow a friend to upload some info to the server, and didn't turn it back off. This allowed a way for the hacker to upload the worm ^_^;.

                edit: And hell no I don't allow perl scripts or php srcipts o.o;
                Last edited by ChanServ; Sat 14 Jun '03, 6:50pm.

                Comment

                • AWS
                  Senior Member
                  • Apr 2000
                  • 1830
                  • 5.2.x

                  #9
                  Originally posted by Dave#
                  thanks for that insight into webserver security
                  Your welcome. I see you still haven't changed since the days on scriptkeeper. Still rude and obnoxious and never lends anything to a conversation.
                  Admins Zone - Resources for Forum Administrators

                  Comment

                  • Dave#
                    Senior Member
                    • Jul 2000
                    • 1845

                    #10
                    Originally posted by AWS
                    Your welcome. I see you still haven't changed since the days on scriptkeeper. Still rude and obnoxious and never lends anything to a conversation.
                    Thanks for that, btw I have no idea who you are - let's keep it that way
                    http://forums.cpfc.org/

                    Comment

                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...