Web Wiz Support and Community Forums : crackers

Web Wiz Support and Community Forums : crackers_child https://forums.webwiz.net/ Copyright (c) 2006-2013 Web Wiz Forums - All Rights Reserved. Mon, 13 Apr 2026 12:14:45 +0000 Wed, 01 Feb 2006 09:32:48 +0000 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 12.08 360 https://forums.webwiz.net/RSS_post_feed.asp?TID=18101 <![CDATA[Web Wiz Support and Community Forums]]> https://forums.webwiz.net/forum_images/web_wiz_forums.png https://forums.webwiz.net/ <![CDATA[crackers_child : Password protected Access databases...]]> https://forums.webwiz.net/crackers-child_topic18101_post98568.html#98568 Author: WebWiz-Bruce
Subject: 18101
Posted: 01 February 2006 at 9:32am

Password protected Access databases are not supported on allot of servers and with many Access password recovery tools out there they are extremely simple to crack.

The latest version, 7.97, does add extra protection for Access users including security pop-ups when entering the admin area informing the user their forums database is not secure, with links to instructions on how to secure their database.

Other security features also include having to re-enter passwords to enter the admin area, this should give extra protection against a hacker using data from a downloaded database as passwords are 160bit encrypted.
]]> Wed, 01 Feb 2006 09:32:48 +0000 https://forums.webwiz.net/crackers-child_topic18101_post98568.html#98568 <![CDATA[crackers_child : Kinda heartless sounding... Most...]]> https://forums.webwiz.net/crackers-child_topic18101_post98536.html#98536 Author: Ipshwitz
Subject: 18101
Posted: 31 January 2006 at 7:34pm

Kinda heartless sounding...

Most people don't think to put their database outside of their site root folder or even to change the name of it. Which makes it very easy for a person to download their access database. A search on google/yahoo, etc for a web wiz forum will show up many ppl using it. If the administrator doesn't think to at least rename the database, they almost deserve what happens to them.

It's stressed repeatedly in the readme file, setup docs, etc that you should do this. Another option you can do is Password protect the database and then just configure the common.asp file to login whenever it accesses teh database. (i believe that's the only file that needs updated).

]]> Tue, 31 Jan 2006 19:34:54 +0000 https://forums.webwiz.net/crackers-child_topic18101_post98536.html#98536 <![CDATA[crackers_child : Thanks for the heads up.They could...]]> https://forums.webwiz.net/crackers-child_topic18101_post98009.html#98009 Author: WebWiz-Bruce
Subject: 18101
Posted: 24 January 2006 at 2:34pm

Thanks for the heads up.

They could well be looking for unpatched or insecurely setup forums.

The Turkish hacker has been defacing allot of sites recently on forums where the Access database has not been secured.

Version 7.97 will prevent this and add extra protection for all versions, but Access versions will not be secure unless the database is secured.

The SQL version that you are using is much more secure and robust, I'm hoping that with version 8 most users will use either SQL Server or mySQL, to prevent the security, and performance issues that come with using Access.
]]> Tue, 24 Jan 2006 14:34:36 +0000 https://forums.webwiz.net/crackers-child_topic18101_post98009.html#98009 <![CDATA[crackers_child : I run a couple of WWF forums and...]]> https://forums.webwiz.net/crackers-child_topic18101_post97967.html#97967 Author: ToJaRo
Subject: 18101
Posted: 23 January 2006 at 10:42pm

I run a couple of WWF forums and noticed a unrecognized user signing up on two of my sites... The sites are unrelated and unlinked so when the same user showed up on both it peaked my interest. The user called themself crackers_child and had a made up email address @mycom.net. (Turkish ISP I believe). Anyway, nothing has happened to either of my sites because I watch them regularly and keep them updated both with WWF and my OS patches etc... I did a Google search on crackers_child and noticed that this user is showing up on several other WWF sites... not sure if they are fishing for unpatched WWF sites or what but it's awfully fishy to me... Any one else notice this user on your site?

FYI - I deleted this user and plan on upgrading to 7.97 tonight after I test (thanks for keeping us up to date Borg...

) I run SQL version so maybe they were looking for an Access version.

Edited by ToJaRo - 23 January 2006 at 10:56pm]]> Mon, 23 Jan 2006 22:42:22 +0000 https://forums.webwiz.net/crackers-child_topic18101_post97967.html#97967