Web Wiz - Green Windows Web Hosting - Celebrating 25 Years!
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - crackers_child
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

crackers_child
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
ToJaRo View Drop Down
Groupie
Groupie
Avatar

Joined: 20 April 2005
Location: United States
Status: Offline
Points: 158 		Post Options Post Options   Thanks (0) Thanks(0)   Quote ToJaRo Quote  Post ReplyReply Direct Link To This Post Topic: crackers_child
    Posted: 23 January 2006 at 10:42pm
I run a couple of WWF forums and noticed a unrecognized user signing up on two of my sites...  The sites are unrelated and unlinked so when the same user showed up on both it peaked my interest.  The user called themself crackers_child and had a made up email address @mycom.net. (Turkish ISP I believe). Anyway, nothing has happened to either of my sites because I watch them regularly and keep them updated both with WWF and my OS patches etc...   I did a Google search on crackers_child and noticed that this user is showing up on several other WWF sites... not sure if they are fishing for unpatched WWF sites or what but it's awfully fishy to me... Any one else notice this user on your site?
 
FYI - I deleted this user and plan on upgrading to 7.97 tonight after I test (thanks for keeping us up to date Borg...Clap)  I run SQL version so maybe they were looking for an Access version.


Edited by ToJaRo - 23 January 2006 at 10:56pm
ToJaRo
The SoupBone Community
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 24 January 2006 at 2:34pm
Thanks for the heads up.

They could well be looking for unpatched or insecurely setup forums.

The Turkish hacker has been defacing allot of sites recently on forums where the Access database has not been secured.

Version 7.97 will prevent this and add extra protection for all versions, but Access versions will not be secure unless the database is secured.

The SQL version that you are using is much more secure and robust, I'm hoping that with version 8 most users will use either SQL Server or mySQL, to prevent the security, and performance issues that come with using Access.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
Ipshwitz View Drop Down
Groupie
Groupie
Avatar

Joined: 23 July 2002
Location: United States
Status: Offline
Points: 97 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Ipshwitz Quote  Post ReplyReply Direct Link To This Post Posted: 31 January 2006 at 7:34pm
Kinda heartless sounding...
 
Most people don't think to put their database outside of their site root folder or even to change the name of it.  Which makes it very easy for a person to download their access database.  A search on google/yahoo, etc for a web wiz forum will show up many ppl using it.  If the administrator doesn't think to at least rename the database, they almost deserve what happens to them.
 
It's stressed repeatedly in the readme file, setup docs, etc that you should do this.  Another option you can do is Password protect the database and then just configure the common.asp file to login whenever it accesses teh database. (i believe that's the only file that needs updated).
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 01 February 2006 at 9:32am
Password protected Access databases are not supported on allot of servers and with many Access password recovery tools out there they are extremely simple to crack.

The latest version, 7.97, does add extra protection for Access users including security pop-ups when entering the admin area informing the user their forums database is not secure, with links to instructions on how to secure their database.

Other security features also include having to re-enter passwords to enter the admin area, this should give extra protection against a hacker using data from a downloaded database as passwords are 160bit encrypted.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.