Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - Hacked
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Hacked
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
wistex View Drop Down
Mod Builder Group
Mod Builder Group


Joined: 30 August 2003
Location: United States
Status: Offline
Points: 877 		Post Options Post Options   Thanks (0) Thanks(0)   Quote wistex Quote  Post ReplyReply Direct Link To This Post Topic: Hacked
    Posted: 02 October 2003 at 1:10pm

My site was just hacked.  No damage was done (that I could find).

Someone created an account on my forum that had Administrator rights.  It was not set as active, however.

I'm guess that they created an account with a fake e-mail address, then cracked my password and made themselves an administrator? 

That's the only thing I can guess.

I've changed my passwords to something much harder to crack.

It might be one of my students.  I teach a Cisco networking class and I know some of them have access to password cracking programs.  But it could be someone else.

If they never posted, is their a way to track the IP address they used when creating the account?
WisTex Solutions
CaribbeanChoice Forums
Back to Top
Gullanian View Drop Down
Senior Member
Senior Member
Avatar

Joined: 04 January 2002
Location: England
Status: Offline
Points: 4373 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Gullanian Quote  Post ReplyReply Direct Link To This Post Posted: 02 October 2003 at 1:38pm

Does your server have a log file?  You could look from there.

You were lucky no damage was done, now you will be more careful!
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 02 October 2003 at 2:06pm
Password cracking programs could be run on the login page where the tool will just keep guessing passwords till it gets the right one, that's why it is probally better to have a difficult to guess password with laters and numbers.

To try and prevent this version 7.01 checks the session ID of the user to prevent remote attacks, version 7.5 builds on this by adding the extra security of a security code that is displyed using images that the user must enter when logging in.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
fernan82 View Drop Down
Mod Builder Group
Mod Builder Group
Avatar

Joined: 17 November 2002
Location: United States
Status: Offline
Points: 362 		Post Options Post Options   Thanks (0) Thanks(0)   Quote fernan82 Quote  Post ReplyReply Direct Link To This Post Posted: 02 October 2003 at 7:24pm

On this topic you posted the following:

Originally posted by Wistex Wistex wrote:

I am not sure what he is doing, but one possible use for this type of configuration is to allow multiple websites to share the same forum, yet have their own look and feel.  That way, when people post in one website, their post appears on the other, and vice versa.  As a result, the forum builds more users and more posts than it would otherwise.  And more users and more posts attracts more users and more posts.  It speeds growth.

Actually, I have seen this done before with a forum, and it worked quite well for them.  Within a year, their forum has become quite busy.  They currently have about a dozen websites who have their own skinned version of the forums all sharing the same database.

I liked the idea so much, that I am going to do the same with one of my forums. We are already putting together a package that will allow websites that complement ours to have our forums on their website.  This arrangement is great for smaller sites who want the stickiness that a forum creates, yet does not have enough traffic to generate enough posts to sustain an active forum, yet has enough traffic to bring new members and posts.

Plus, as an added bonus, our website, which we are developing into a portal, will get recognition and advertising on other websites.  It's a win-win situation.

If you really did that then that's the most possible explanation, since WWF requires more than just permission to execute stored procedures anyone you make that deal with will actually have permission to execute any query on your database so they could have easily add a new admin account like that... That's why it's really a bad idea to do that... I was gonna post this on that topic but I forgot...



Edited by fernan82
FeRnAN
Back to Top
wistex View Drop Down
Mod Builder Group
Mod Builder Group


Joined: 30 August 2003
Location: United States
Status: Offline
Points: 877 		Post Options Post Options   Thanks (0) Thanks(0)   Quote wistex Quote  Post ReplyReply Direct Link To This Post Posted: 03 October 2003 at 11:36pm

All the forums code resides on my server and they do not have access to it.  We make the forums look like their site, but it is still on my server.  That eliminates any security hole there.  I assign all accounts and am currently the only admin.
WisTex Solutions
CaribbeanChoice Forums
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.