| Author |
 Topic Search  Topic Options
|
WebWiz-Bruce 
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
 Post Options
 Thanks(0)
 Quote  Reply
 Posted: 25 September 2005 at 7:06am |
|
Some hackers are using new tricks on patched boards.
If you leave write permissions enabled on your site they are using this
to upload there own files to the server which they then run to hack
your forum.
To prevent this you need to make sure that you do not have write permissions enabled within your web site.
Also you need to make sure that if you are using the Access version
that you place the database outside of your web site in a folder on the
web server that is not accessible via a web browser, otherwise the
hacker can get in that way.
Also make sure your passwords are hard to guess.
|
|
|
 |
RAVALON
Groupie
Joined: 31 December 2003
Location: Italy
Status: Offline
Points: 132
|
Post Options
Thanks(0)
Quote Reply
Posted: 25 September 2005 at 8:10am |
|
i'll ask to server support.....
|
|
ramsey
Newbie
Joined: 25 September 2005
Status: Offline
Points: 3
|
Post Options
Thanks(0)
Quote Reply
Posted: 25 September 2005 at 12:45pm |
 RAVALON wrote:
i'll ask to server support..... |
hi guys
Another trcik is used by Turkish hackers is to change passwords. If they know users e-mail or admin e-mail, they click to forgat password button and have your forum send a new password to users e-mail.
when user tried to login, he/she can ton login because their new password is sitting in their mailbox. They did samething with admin account. Then users start to send e-mail that they can not login. I have to turn off e-mail to prevent that for the time being.
here is the question.
is there a way to add a security question before password is mailed to user. ?
My admin password is being changed 5 times a day
thanks
ramsey
|
|
RAVALON
Groupie
Joined: 31 December 2003
Location: Italy
Status: Offline
Points: 132
|
Post Options
Thanks(0)
Quote Reply
Posted: 25 September 2005 at 1:40pm |
today, my site was hacked totally....if you try to go on www.pcprimipassi.it you could see web site is hacked and not accessible....
In my FTP i can see many files uploaded into which redirect navigation.....all site in the server was hacked, about 416 sites...
System admin are studing this case of hacking.....
Is possibible obatin FTP access with some forum bugs ?????
|
|
sfd19
Senior Member
Joined: 20 December 2004
Status: Offline
Points: 263
|
Post Options
Thanks(0)
Quote Reply
Posted: 25 September 2005 at 3:09pm |
Qiuck fix:
Add
If strUsername = "admin_name" Then
Set rsCommon = Nothing
adoCon.Close
Set adoCon = Nothing
Response.Redirect "default.asp"
End If
|
right after this line:
'Read in the users details from the form
strUsername = Trim(Mid(Request.Form("name"), 1, 15))
|
in forgotten_password.asp
'admin_name' is of course the name of your admin account. |
|
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 September 2005 at 5:23am |
RAVALON wrote:
today, my site was hacked totally....if you try to go on www.pcprimipassi.it you could see web site is hacked and not accessible....
In my FTP i can see many files uploaded into which redirect navigation.....all site in the server was hacked, about 416 sites...
System admin are studing this case of hacking.....
Is possibible obatin FTP access with some forum bugs ????? |
It is not possiable to get FTP access with Web Wiz Forums as they are
two completely independent systems. The forum software is very secure and
not possible to hack the server through.
Hacking of this kind will be because your server has not been secured
and you have write permissions on folders within your site.
This is how sites and forums are generally hacked, by not securing the
server (nothing to do with Web Wiz Forums software), and leaving write
permissions enabled on folders within your site it allows a hacker to
upload files to the server through HTTP, without the need for FTP
access. They then use this to upload their own files to the server.
|
|
|
|
RAVALON
Groupie
Joined: 31 December 2003
Location: Italy
Status: Offline
Points: 132
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 September 2005 at 9:12am |
ok...i understand.....admin of server sayed no problem for permission on directory.....it sayed we have permission 644....or similar.....people could only read....
We are trying to understand something about...
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 September 2005 at 9:38am |
|
It sounds like your server admin deson't know what he/she is on about.
The permission 644 would be if you are using a Unix server and as Web
Wiz Forums only runs on windows then a 644 permission can not be set.
With a windows web server you need to set the permissions on the
server. The server admin needs to make sure that the IUSR account only
has read permissions on those directories that can be reached through a
web browser.
|
|
|
|
