Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - My forum was hacked, well ok they TRIED
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

My forum was hacked, well ok they TRIED
 Post Reply Post Reply Page  12>
Author
  Topic Search Topic Search  Topic Options Topic Options
Scotty32 View Drop Down
Moderator Group
Moderator Group


Joined: 30 November 2002
Location: Manchester, UK
Status: Offline
Points: 1682 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Scotty32 Quote  Post ReplyReply Direct Link To This Post Topic: My forum was hacked, well ok they TRIED
    Posted: 04 August 2006 at 10:46pm
i decided id set up a nice script that emails me when someone hits the custom 404 page, so i can fix any errors, it tells me what page they came from to get to it, so it helps debugging....

.. anyway i was greeted with a nice surprise today

Quote Page Not Found
-----------------------

We found a page that was missing, the page was:
/forum/admin/database/wwForum.mdb

The page was referred by:


i found this highly amusing as, excluding the fact i use MSSQL, they thought id leave it in the "default location"

to make it funnier, my sites quite big, i got alot of posts and members, which is why i moved to MSSQL ages ago (i had to find a host that gave it away cheap)

it took me a while to also realise that .... the path is pointing to the old version 7 default location, and ... am running version 8

this would be hacker seems to have a very low IQ, anyway, i set up a nice suprise for next time they try i hope they do

PS: anybody know the default location for version 8? as i cant be bothered downloading it to find out


Edited by Scotty32 - 04 August 2006 at 10:47pm
S2H.co.uk - WebWiz Mods and Skins

For support on my mods + skins, please use my forum.
Back to Top
the boss View Drop Down
Senior Member
Senior Member
Avatar

Joined: 19 January 2003
Location: Saudi Arabia
Status: Offline
Points: 1727 		Post Options Post Options   Thanks (0) Thanks(0)   Quote the boss Quote  Post ReplyReply Direct Link To This Post Posted: 04 August 2006 at 11:09pm
can we know whats that  surprise..

Back to Top
aks427 View Drop Down
Mod Builder Group
Mod Builder Group


Joined: 06 December 2003
Location: United States
Status: Offline
Points: 276 		Post Options Post Options   Thanks (0) Thanks(0)   Quote aks427 Quote  Post ReplyReply Direct Link To This Post Posted: 04 August 2006 at 11:36pm
Probably a database with just one table and one result saying something.
Back to Top
dfrancis View Drop Down
Senior Member
Senior Member


Joined: 16 March 2005
Location: United States
Status: Offline
Points: 442 		Post Options Post Options   Thanks (0) Thanks(0)   Quote dfrancis Quote  Post ReplyReply Direct Link To This Post Posted: 04 August 2006 at 11:54pm

/forum/database/wwForum.mdb

 

Yeah... saying "something" LOL

 
I tried the email thing but on the nights when the PHP hackers fly through and look for old files to exploit, I end up with thousands of email to delete. I created a custom error that inserts into a sql db instead.


Edited by dfrancis - 04 August 2006 at 11:56pm
Back to Top
dpyers View Drop Down
Senior Member
Senior Member


Joined: 12 May 2003
Status: Offline
Points: 3937 		Post Options Post Options   Thanks (0) Thanks(0)   Quote dpyers Quote  Post ReplyReply Direct Link To This Post Posted: 05 August 2006 at 12:48am
http://www.plinko.net/404/

Lead me not into temptation... I know the short cut, follow me.
Back to Top
MadDog View Drop Down
Mod Builder Group
Mod Builder Group
Avatar

Joined: 01 January 2002
Status: Offline
Points: 3008 		Post Options Post Options   Thanks (0) Thanks(0)   Quote MadDog Quote  Post ReplyReply Direct Link To This Post Posted: 05 August 2006 at 12:54am
Wanna share your 404 page Scott?  :D
Back to Top
Scotty32 View Drop Down
Moderator Group
Moderator Group


Joined: 30 November 2002
Location: Manchester, UK
Status: Offline
Points: 1682 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Scotty32 Quote  Post ReplyReply Direct Link To This Post Posted: 05 August 2006 at 1:37pm
Originally posted by aks427 aks427 wrote:

Probably a database with just one table and one result saying something.


close - its a database with one form, that gives them a nice message explaining its the wrong database , pops up on start-up.

ive just noticed "/radio/admin/database/wwForum.mdb"

and its even appeared on another website as
"/forum/database/wwForum.mdb"
this otherwebsite doesnt even use WWF, so somethings goin on

Originally posted by MadDog MadDog wrote:

Wanna share your 404 page Scott?  :D

my names acctually Matt, but sure:

i have a "custom error" page set up, am not sure how servers normally do it, but mine atleast does "http://www.domain.com/404.asp?404;http://www.domain.com/folder/page.asp"

so if your custom error page looks like that then it'll work:

       strEmailBody = "Page Not Found" & vbCrlf & "-----------------------" & vbCrlf & vbCrlf
        strEmailBody = strEmailBody & "We found a page that was missing in *your domain*, the page was: " & vbCrlf
        strEmailBody = strEmailBody & Mid(Request.QueryString(),5,(Len(Request.QueryString())-3)) & vbCrlf & vbCrlf
        strEmailBody = strEmailBody & "The page was referred by: " & vbCrlf
        strEmailBody = strEmailBody & Request.ServerVariables("HTTP_REFERER") & vbCrlf
        blnSentEmail = SendMail(strEmailBody, "your_name", "your_email", "your_domain", "from_email_address", "MISSING PAGE!", strMailComponent, false)


thats off the WWF site, so uses the WWF Email Function
S2H.co.uk - WebWiz Mods and Skins

For support on my mods + skins, please use my forum.
Back to Top
dpyers View Drop Down
Senior Member
Senior Member


Joined: 12 May 2003
Status: Offline
Points: 3937 		Post Options Post Options   Thanks (0) Thanks(0)   Quote dpyers Quote  Post ReplyReply Direct Link To This Post Posted: 05 August 2006 at 2:03pm
I've been getting 404's on /images/blank.gif for a couple of weeks on several sites that are in the same link stream. In my situation it was referer spam.
 - A site links to something that they won't find so they appear in your weblogs. They then submit the url for your weblog directory to the SE's who score a linkback for their site.

I tossed back a 500 - Server error instead of the 404 and they stopped doing it.

The requests were all coming from sites with an identical look and feel that were loaded with adwords.
The alternative way of handling it would have been to password protect the weblogs but that would have caused some issues with the client.

Lead me not into temptation... I know the short cut, follow me.
Back to Top
 Post Reply Post Reply Page  12>

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.