Conan Posted May 19, 2002 Posted May 19, 2002 Techzones was hacked this morning by some jealous idiots. We have all of their IP's (thanks to Boogs taking some timely screenshots) and our Web Host is going to prosecute the people responsible for this. We're back online once again.:dance
FthrJACK Posted May 19, 2002 Posted May 19, 2002 did it turn out who we thought it was? i hope revs provider kicks that guys a**! whats funny is he was so dumb he didnt even spoof his ip people will play with fire...
piaqt Posted May 20, 2002 Posted May 20, 2002 wasn't me.he said, with hackerprints all over his fingers!
Reverend Posted May 20, 2002 Posted May 20, 2002 hmmm We already know who did it.Don't ya just luv server logs.
xper Posted May 20, 2002 Posted May 20, 2002 I can't imagine how he did it. Someone said bruteforce pass in Admin CP, well how? I know some programs for cracking passwords (ftp, pop3, nt servers or whatever) with bruteforce, but for vB Admin CP, that sounds unknown. He found another way to penetrate, like cross-site scripting or sendings javascript code.Yeah, vBulletin is known for many exploits.One of many:http://online.securityfocus.com/archive/1/264020
FthrJACK Posted May 20, 2002 Posted May 20, 2002 thats what i said, it wasnt brute force because the server would stop taking requests after a bit, it was probably done by injecting java into the templates and then snatching the passwords, or by a PHP exploit sending the admin pass or config.php, encrypted or otherwise to a webserver or email account.anyways, glad u have it sorted rev and know whos to blame.
Blackwar Posted May 20, 2002 Posted May 20, 2002 well i don't know if you guys heard but i found a way by searching on the net that there were scripts written to take brute force dic's and attack the server, and whenever the server gets interrupted, there is an interval..I think anyone who knows php here and there can do this very easily. You just tell the script to read off a wordlist, and then add a "$if" command so when it shows an error page, it skips it and continues on.. It's pretty hard to explain .. wish i could show it to u guys..I would post the link, but for security reasons , i won't:nerves BlackwarEDIT -- W00t! , on to level four
FthrJACK Posted May 20, 2002 Posted May 20, 2002 yeh i know what you mean BW, i dont think it would be hard to write such a script, if url = the failure page then it just tries again. most people use words and numbers in thier passwords these days anyhow, so dictionary attacks are pretty lame and are probably only usefull for getting into young kids email accounts ... hardly worth the hassle, a hacker would bust in not mess around with brute forcing like that.
Blackwar Posted May 20, 2002 Posted May 20, 2002 well in my opinion, brute force dic attacks are still pretty powerful if and only if you use very comprehensive wordlists..I've seen ones that are over 60 megs :eek: now that is a wordlistBlackwar
piaqt Posted May 20, 2002 Posted May 20, 2002 Any prosecution/jail time on the horizon for those jerks? (I hope I hope)
Blackwar Posted May 21, 2002 Posted May 21, 2002 well me and boogs were talking about that stuff the other day.. He said they are looking into reporting and making sure the people who did it get their deserved amount of punishment.. And hopefully, they will
Big Booger Posted May 21, 2002 Posted May 21, 2002 well I have another theory.Let's say someone got the administrative password by other means, say key logger, a rival forum that knew the password, or some other means. The question remains, why? I mean, techzonez is a small site. We aren't really in any competition with anyone. We maintain a friendly environment, are supportive of other forums, and basically just want to absorb new members, assist where we can, and enjoy the net.Now ask yourself this, why attack techzonez?It doesn't make sense to me... So I pose this question to you all, why do you think someone would try to hack the site?Further, I am gonna guess that it wasn't a brute force attack BW, as you are assuming reverend's password was a word, when in fact it might have not been a word at all, for examplekjihuhbnjkhh200341So that word above would be in the dictionary of the brute force attack? I think not... but I could be wrong.Further, how can you use a brute force attack if Reverend's hosts' server suspends logins after a small number of unsuccessful login attempts?I am more inclined to think that this was an educated guessing attack which can only succeed if a large number of guesses can be made in a reasonable amount of time.or through some other means...The perpetrators will be caught, and if not, then let it be a warning, once you ruffle the feathers, the next time the chicken might peck at you...BB
Blackwar Posted May 21, 2002 Posted May 21, 2002 well see, I agree with you Boogs, but as far as i know, a dictionaries purpose is to try different combinations of passwords in a given amount of time, which is like it would try "123123123asldkhj" then "123123123asldkhj2" etc etc.. About the time thing, that really can be passed by , like a script, per say PHP script.. and then when you forward that php script, you can also set an interval of reading from the dic file.. And as far as i know, no host can control the number of logins allowed on a specifc script. If there is anything that is going to block login from vBulletin, it is vBulletin it's self indeed. It is pretty confusing ofcourse, im not saying it is true, but there is a possibility imo.. :hohum Blackwar
piaqt Posted May 21, 2002 Posted May 21, 2002 The perpetrators will be caught, and if not, then let it be a warning, once you ruffle the feathers, the next time the chicken might peck at you...BBAppropriate warning for that peckerwood!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now