Web Wiz Forums - Turkish hacker.

Print Page | Close Window

Turkish hacker.

Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=17075
Printed Date: 16 April 2026 at 6:14am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com

Topic: Turkish hacker.

Posted By: Lynford
Subject: Turkish hacker.
Date Posted: 29 October 2005 at 3:20pm

Sorry if this has been done before, but I have been hacked

I have not used all of Borg's anti-hacking measures partly due to the fact that I am new to all this and don't understand some of it

Right, so I have been hacked - I have deleted (and replaced with a new downloaded version) all forum files from my server and replaced my Database with a backup that I made this morning. I still have that bloody hackers logo up though. What have I done wrong, or what else should I delete please ?

Thanks for any help

Why do these twats do this ?

Replies:

Posted By: dj air
Date Posted: 30 October 2005 at 5:04am

can you paste a link so we can see if its a WebWiz hack or server hack

it maybe they have uplaoded files to the server

Posted By: Lynford
Date Posted: 30 October 2005 at 5:09am

dj air wrote:

can you paste a link so we can see if its a WebWiz hack or server hack

it maybe they have uplaoded files to the server

Thanks for your help DJ

The forums can be found at http://www.fromthelane.co.uk/forum/default.asp

Would you need a login account ?

Posted By: dj air
Date Posted: 30 October 2005 at 5:16am

ok it does seem to be a WebWiz hack

you need ot go to the admin configuration area and change the top image url to something else or nothing

to avoid this:

don't allow image or file uploading unless you know the person well
make sure your password is atleast 8 charecters and letters and numbers and not directory word like hello etc
make sure your database is outside the root folder so it cant be accessed
failing 3. change the path to the database to .asp not .mdb and change the name of the database to .asp not .mdb

there are some ideas

Posted By: Lynford
Date Posted: 30 October 2005 at 5:55am

Thanks DJ, you are a star. For No3, what do you mean by the root folder please (As I said, I'm quite new to this)

In my FTP prog I have 3 folders at the very start - htdocs / Logfiles / Private. Should it be in one of those ?

My Folder forum is in htdocs

Thanks again for your help

Posted By: dj air
Date Posted: 30 October 2005 at 7:00am

you want to place the database in the private folder then set the path within the common.asp files to the physical path

E:\domains\yourdomain\private\forum.mdb

example

you can get the physical path from your webhost or use

response.write server.mappath("../../private/forum.mdb")

note the above may be dis allowed, but your host will know

Posted By: Hogmanus
Date Posted: 30 October 2005 at 9:55am

I too got hacked by the Turks.

They got in via the upload facility and placed 2 files on the server Zephir and hacktool.

They then used this to creat a default and index page with every extension ( htm, html, asp, cfm and php ) creating a total of five default and five index pages in each folder with my site including the log folder and private.

There are 4056 pages hosted on my site withn 53 subfolders (yes its a big site) You can imagine the horror I am faced with deleting all the extra files and restoring the site to its former glory. If it was a standard static site it wouldnt be too bad but as its live data (League tables etc) its not that easy.

11 hours yesterday and not finished yet.... Oh dear

Posted By: WebWiz-Bruce
Date Posted: 31 October 2005 at 8:34am

It sounds like you left your site open to hackers by not disabling write permissions.

With write permissions enabled a hacker doesn't need to use the forum to hack your site, they can simply manipulate HTTP to upload files to the server writing any files they want in any folder that has write permissions.

As the latest version doesn't use the ADO.Stream object you should also consider disabling this as there is a security hole in this object that means by changing HTTP headers to 'PUT' files can be placed anywhere within your site.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: JJLatWebWiz
Date Posted: 01 November 2005 at 3:22pm

I don't think most web site admins are going to have the option to disable ADODB.Stream as it would probably have to be disabled for entire server hosting hundreds of other sites.

However, I think the security flaws in ADODB.Stream actually compromise the client when combined with flaws with Internet Explorer. The ADODB.Stream/IE security flaws allow a web page to execute script on the client machine in the Local Machine internet zone.

The Turkish hacker utility that I've seen doesn't exploit any unintentional security bugs or flaws. It will work on ANY server that uses ANY enabled version of the ADODB.Stream and no correction of unintensional flaws therein will hinder this hacker utility. Only server administrators using best practice security configurations can stop this utility from working.

Even a flawed ADODB.Stream is working with the security rights of the anonymous web user, so ADODB.Stream can be used to upload files ONLY to folders to which the anonymous user has such permission.

Of course, there are always other security flaws and poor server configurations that could be exploited to change that, but WWF is required or even useful for any of this hacking. And don't let your host tell you that by using WWF, it was your fault that the server was compromised.

-------------
p.s. I'm not affiliated with Web Wiz Guide in any way. I'm just an average Web Wiz user repaying my debt for the use of their fine forum by trying to help other Web Wiz Guide users.