Web Wiz Support and Community Forums : Turkish hacker. https://forums.webwiz.net/ Copyright (c) 2006-2013 Web Wiz Forums - All Rights Reserved. Sat, 18 Apr 2026 12:32:42 +0000 Tue, 01 Nov 2005 15:22:23 +0000 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 12.08 360 https://forums.webwiz.net/RSS_post_feed.asp?TID=17075 <![CDATA[Web Wiz Support and Community Forums]]> https://forums.webwiz.net/forum_images/web_wiz_forums.png https://forums.webwiz.net/ <![CDATA[Turkish hacker. : I don&#039;t think most web site...]]> https://forums.webwiz.net/turkish-hacker_topic17075_post93114.html#93114 Author: JJLatWebWiz
Subject: 17075
Posted: 01 November 2005 at 3:22pm

I don't think most web site admins are going to have the option to disable ADODB.Stream as it would probably have to be disabled for entire server hosting hundreds of other sites.

However, I think the security flaws in ADODB.Stream actually compromise the client when combined with flaws with Internet Explorer. The ADODB.Stream/IE security flaws allow a web page to execute script on the client machine in the Local Machine internet zone.

The Turkish hacker utility that I've seen doesn't exploit any unintentional security bugs or flaws. It will work on ANY server that uses ANY enabled version of the ADODB.Stream and no correction of unintensional flaws therein will hinder this hacker utility. Only server administrators using best practice security configurations can stop this utility from working.

Even a flawed ADODB.Stream is working with the security rights of the anonymous web user, so ADODB.Stream can be used to upload files ONLY to folders to which the anonymous user has such permission.

Of course, there are always other security flaws and poor server configurations that could be exploited to change that, but WWF is required or even useful for any of this hacking. And don't let your host tell you that by using WWF, it was your fault that the server was compromised.]]> Tue, 01 Nov 2005 15:22:23 +0000 https://forums.webwiz.net/turkish-hacker_topic17075_post93114.html#93114 <![CDATA[Turkish hacker. : It sounds like you left your site...]]> https://forums.webwiz.net/turkish-hacker_topic17075_post93017.html#93017 Author: WebWiz-Bruce
Subject: 17075
Posted: 31 October 2005 at 8:34am

It sounds like you left your site open to hackers by not disabling write permissions.

With write permissions enabled a hacker doesn't need to use the forumto hack your site, they can simply manipulate HTTP to upload files tothe server writing any files they want in any folder that has writepermissions.

As the latest version doesn't use the ADO.Stream object you should alsoconsider disabling this as there is a security hole in this object thatmeans by changing HTTP headers to 'PUT' files can be placed anywherewithin your site.
]]> Mon, 31 Oct 2005 08:34:33 +0000 https://forums.webwiz.net/turkish-hacker_topic17075_post93017.html#93017 <![CDATA[Turkish hacker. : I too got hacked by the Turks. They...]]> https://forums.webwiz.net/turkish-hacker_topic17075_post92978.html#92978 Author: Hogmanus
Subject: 17075
Posted: 30 October 2005 at 9:55am

I too got hacked by the Turks.
They got in via the upload facility and placed 2 files on the server Zephir and hacktool.
They then used this to creat a default and index page with every extension ( htm, html, asp, cfm and php ) creating a total of five default and five index pages in each folder with my site including the log folder and private.
 
There are 4056 pages hosted on my site withn 53 subfolders (yes its a big site) You can imagine the horror I am faced with deleting all the extra files and restoring the site to its former glory. If it was a standard static site it wouldnt be too bad but as its live data (League tables etc) its not that easy.
11 hours yesterday and not finished yet.... Oh dear
]]> Sun, 30 Oct 2005 09:55:06 +0000 https://forums.webwiz.net/turkish-hacker_topic17075_post92978.html#92978 <![CDATA[Turkish hacker. : you want to place the database...]]> https://forums.webwiz.net/turkish-hacker_topic17075_post92967.html#92967 Author: dj air
Subject: 17075
Posted: 30 October 2005 at 7:00am

you want to place the database in the private folder then set the path within the common.asp files to the physical path


E:\domains\yourdomain\private\forum.mdb

example

you can get the physical path from your webhost or use

response.write server.mappath("../../private/forum.mdb")


note the above may be dis allowed, but your host will know

]]> Sun, 30 Oct 2005 07:00:39 +0000 https://forums.webwiz.net/turkish-hacker_topic17075_post92967.html#92967 <![CDATA[Turkish hacker. : Thanks DJ, you are a star. For...]]> https://forums.webwiz.net/turkish-hacker_topic17075_post92962.html#92962 Author: Lynford
Subject: 17075
Posted: 30 October 2005 at 5:55am

Thanks DJ, you are a star. For No3, what do you mean by the root folder please (As I said, I'm quite new to this)
In my FTP prog I have 3 folders at the very start - htdocs / Logfiles / Private. Should it be in one of those ?
 
My Folder forum is in htdocs
 
Thanks again for your help Big smile
]]> Sun, 30 Oct 2005 05:55:13 +0000 https://forums.webwiz.net/turkish-hacker_topic17075_post92962.html#92962 <![CDATA[Turkish hacker. : ok it does seem to be a WebWiz...]]> https://forums.webwiz.net/turkish-hacker_topic17075_post92961.html#92961 Author: dj air
Subject: 17075
Posted: 30 October 2005 at 5:16am

ok it does seem to be a WebWiz hack

you need ot go to the admin configuration area and change the top image url to something else or nothing


to avoid this:

  1. don't allow image or file uploading unless you know the person well
  2. make sure your password is atleast 8 charecters and letters and numbers and not directory word like hello etc
  3. make sure your database is outside the root folder so it cant be accessed
  4. failing 3. change the path to the database to .asp not .mdb and change the name of the database to .asp not .mdb
there are some ideas
]]> Sun, 30 Oct 2005 05:16:34 +0000 https://forums.webwiz.net/turkish-hacker_topic17075_post92961.html#92961 <![CDATA[Turkish hacker. : dj air wrote:can you paste...]]> https://forums.webwiz.net/turkish-hacker_topic17075_post92960.html#92960 Author: Lynford
Subject: 17075
Posted: 30 October 2005 at 5:09am

Originally posted by dj air dj air wrote:

can you paste a link so we can see if its a WebWiz hack or server hack

it maybe they have uplaoded files to the server
 
Thanks for your help DJ Big smile
 
The forums can be found at http://www.fromthelane.co.uk/forum/default.asp
 
Would you need a login account ?
]]> Sun, 30 Oct 2005 05:09:40 +0000 https://forums.webwiz.net/turkish-hacker_topic17075_post92960.html#92960 <![CDATA[Turkish hacker. : can you paste a link so we can...]]> https://forums.webwiz.net/turkish-hacker_topic17075_post92957.html#92957 Author: dj air
Subject: 17075
Posted: 30 October 2005 at 5:04am

can you paste a link so we can see if its a WebWiz hack or server hack

it maybe they have uplaoded files to the server
]]> Sun, 30 Oct 2005 05:04:22 +0000 https://forums.webwiz.net/turkish-hacker_topic17075_post92957.html#92957 <![CDATA[Turkish hacker. : Sorry if this has been done before,...]]> https://forums.webwiz.net/turkish-hacker_topic17075_post92934.html#92934 Author: Lynford
Subject: 17075
Posted: 29 October 2005 at 3:20pm

Sorry if this has been done before, but I have been hacked Cry
 
I have not used all of Borg's anti-hacking measures partly due to the fact that I am new to all this and don't understand some of it Embarrassed
 
Right, so I have been hacked - I have deleted (and replaced with a new downloaded version) all forum files from my server and replaced my Database with a backup that I made this morning. I still have that bloody hackers logo up though. What have I done wrong, or what else should I delete please ?
 
Thanks for any help Big smile Why do these twats do this ? Angry
]]> Sat, 29 Oct 2005 15:20:50 +0000 https://forums.webwiz.net/turkish-hacker_topic17075_post92934.html#92934