Re: My punBB was hacked!!!

If you're running 1.2.6, yes. As far as I know anyway smile

"Programming is like sex: one mistake and you have to support it for the rest of your life."

27 (edited by Endre 2005-07-21 16:16)

Re: My punBB was hacked!!!

555|STi wrote:

Hey, i was one of the users who was hacked but... if we start to think... it was a real hacker, i mean, a well understood hacker, he broke the code, modified some things (title, subtitle) but didn't make a real damage (data loss, db loss, etc...). I'm not justifying, but certainly it could have been worst!.
So, as part of a comunity instead of trying to know where is he from or where he lives, why not try to know where is the security failure to fix it. I repeat, i'm not justifying his acts, but this things help us to make a better punBB. Thank god he was a "good" hacker.

Bye!

There is no such thing as a good cracker/hacker. If they want to help make punbb more secure they can join the community and help out without creating chaos. Even if they dont delete files they sure cause extra work and it is a major annoyance and problem.
It's like saying the terrorists in London are doing a good thing since they are helping London find security flaws.
I never understood people who have to go around and destroy the hard work of others. It's the lowest kind of people, in my opinion.

28

Re: My punBB was hacked!!!

Couldn't have said it better myself, Endre. I've had websites (and forums) that were hacked. It taught me to back everything up often, but there was still things that I'll never retrieve.

29

Re: My punBB was hacked!!!

phpbb is like a rubber.  It offers you a false sense of security while you're getting screwed.  smile

The very reason I got _away_ from phpBB is because of hack attempts, of which three in one year were successful.  I'm almost ashamed to admit that, but it's the truth.

I've stated this elsewhere on this forum, but frankly it got the to point where you had to visit phpbb's website for a daily intelligence brief. sad

One of the things we implemented (many thanks to Rickard) was First and Last name support to the registration/validation.

It doesn't prevent anyone from hacking your board. But at least it gave an extra layer of "perceived" security, and allows us to view at a glance who is genuinely interested in becoming a member of our community, or just someone who is registering for alternative reasons.  Of course, that doesn't mean we would delete them, but we definitely tell them to get their profile in shape, or we will.

You could always turn on the email notification when a new user registers, however if you have a very busy board those could get unweildly to handle.

In the end, it's like a burgler who is casing your house.  If they really want to break in, they will find a way to do it. All the locks on your doors do is keep an honest man honest.  smile

Re: My punBB was hacked!!!

Personally, I have no problem with people hacking something to prove it has a security flaw if the people responsible have been given time to fix the problem first. Vulnerability trackers such as Bugtraq on the other hand, that's a completely different story. I would love for someone to tell me what good they do.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: My punBB was hacked!!!

There are actually good crackers. I hate it when people get hackers and crackers confused as one and the same. Let me break it down for all you people who don't seem to notice the difference.

Hacker: breaks into sites and servers with the intent of causing harm.

Crackers: breaks into sites and servers to find flaws. Most report said flaws to the owner of the site/server.

It's very easy to mistake one for the other as most people don't have a very good notion of either. I have a friend thats a cracker and he makes a lot of money (and in the case of game servers sometimes a free subscription) for his help in finding security flaws. On the other hand he gets threatened with a few police phone calls sometimes too but the people don't realize he's trying to help. Thats just my oppinion.

Re: My punBB was hacked!!!

InuKalriko wrote:

There are actually good crackers. I hate it when people get hackers and crackers confused as one and the same. Let me break it down for all you people who don't seem to notice the difference.

Hacker: breaks into sites and servers with the intent of causing harm.

Crackers: breaks into sites and servers to find flaws. Most report said flaws to the owner of the site/server.

It's very easy to mistake one for the other as most people don't have a very good notion of either. I have a friend thats a cracker and he makes a lot of money (and in the case of game servers sometimes a free subscription) for his help in finding security flaws. On the other hand he gets threatened with a few police phone calls sometimes too but the people don't realize he's trying to help. Thats just my oppinion.

You have them confused wink
Cracker definition

# A cracker is one who engages in one or more of the following: 1) breaks into a computer system; 2) figures out ways to bypass security or license protection in software; 3) intentionally breaches computer security. Contrary to popular belief, Cracker is not synonymous with Hacker.
practice.findlaw.com/glossary.html

# A malicious hacker. Top
www.smoothwall.net/support/glossary.html

33

Re: My punBB was hacked!!!

A site I administer was "Hacked By KhronicK" on Wednesday and he deleted everything in the database. Luckily it was backed up and only a couple of posts were lost.

When I restored it all I upgraded to 1.2.6 and the security updates obviously work as he registered as a user (Khro) again today but couldn't get any further cool
He needs a good thrashing big_smile

Malky

34

Re: My punBB was hacked!!!

When my site hacked i considered that good point, i mean that "Some One visiting my boring site tongue"

If your people come crazy, you will not need to your mind any more.

35

Re: My punBB was hacked!!!

"If it were'nt for the search spiders, I'd get no hits"
~ Rodney Webmaster ~