Web Wiz Forums - Hacked by raco55 Help Me please

Print Page | Close Window

Hacked by raco55 Help Me please

Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=17680
Printed Date: 30 March 2026 at 3:54am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com

Topic: Hacked by raco55 Help Me please

Posted By: TechnoDream
Subject: Hacked by raco55 Help Me please
Date Posted: 30 December 2005 at 6:24am

Hello

Help Me please

web wiz forum hacked all version

User is Turkey nick raco55 hacked ale forums world

http://www.google.pl/search?hl=pl&q=hacked+by+raco55&lr - http://www.google.pl/search?hl=pl&q=hacked+by+raco55&lr =

user registration and pasword admin and closed forum and delete all

where password admin???

sorry my english bad

help me please

My version forum 7.92

Turkey people group hacked forums web wiz forums

http://www.ravalnet.org/xer/forum_webwiz/default.asp - http://www.ravalnet.org/xer/forum_webwiz/default.asp

http://www.teradoty.com/pt3/forum/forum_closed.asp - http://www.teradoty.com/pt3/forum/forum_closed.asp

http://forum.virus.nl/forum_closed.asp - http://forum.virus.nl/forum_closed.asp

http://www.tibetanlama.com/forum/forum_closed.asp - http://www.tibetanlama.com/forum/forum_closed.asp

http://forums.myweatherguide.com/default.asp?C=3 - http://forums.myweatherguide.com/default.asp?C=3

http://www.thegospelzone.com/forum/forum_closed.asp - http://www.thegospelzone.com/forum/forum_closed.asp

http://www.theatre-epicentre.org/forum/forum_closed.asp - http://www.theatre-epicentre.org/forum/forum_closed.asp

WHERE BUG WEB WIZ FORUMS???

help!!!!!!

Replies:

Posted By: Tgard
Date Posted: 30 December 2005 at 9:45am

hi ...I suggest u delete the hole forum and install it again and this tims put the database some were else on ur computer where he cant access it...

Posted By: JCH2
Date Posted: 30 December 2005 at 3:55pm

Tgard is right. This type of thing is usually only possibly if you've placed the database in...

a browser accessible directory, and/or
a directory that isn't hidden, and/or
the file name of the database hasn't been changed, and/or
the location of the database is the default installed directory.

This type of amateur "hacking" is only possible if the hacker can depend on the database being in an accessible directory or in the default name location that s/he knows from studying the standard WWF package. Download your database (if using Access) and change as many of these options for the database as possible before you manually reset the admin name/password and re-upload it.

Posted By: clownfire
Date Posted: 30 December 2005 at 8:51pm

It would be a shame if that is happening because that like item number 1 on the install instructions.

Posted By: WebWiz-Bruce
Date Posted: 31 December 2005 at 11:56am

The Turkish hacker is using a number of exploits to get in, he mainly uses CSS to deface your site and place an image on there that says you have been hacked.

Please read the following on how he hacks sites and ways to prevent it:-

He looks for older versions of Web Wiz Forums, or ones that have not been updated correctly and then uses old exploits to get in. To prevent this make sure you are running the latest version.
He downloads the Access database and gets admin username and password from that. Make sure you place the database out side of your web site where he can not download the database see, ../web_wiz_forums/docs_access_move_db.asp - http://www.webwiz.net/web_wiz_forums/docs_access_move_db.asp
He also looks for holes in the servers own security, for sites that have not setup permissions securely and have write permissions enabled on public files and folder, this allows a hacker to upload his/her own files to the server to deface of hack the site. Permissions need to be set by your web host, contact them to setup secure permissions for your site.
Do not enable upload features in the forum. For uploading to work you need to make your server insecure by enabling write permissions on the upload directory, these can be used by a hacker to hack your site (as in point 3).

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: JJLatWebWiz
Date Posted: 04 January 2006 at 12:28am

clownfire wrote:

It would be a shame if that is happening because that like item number 1 [a browser accessible directory] on the install instructions.

The first risk of having the MDB in a browser accessible folder is that any browser can download the entire MDB all in one shot. That means that every email address you have in the database is wide open for the world to see (maybe we should think about encrypting the email address), every restricted forum is open, every username is known by the hacker. Now, the hacker has the hashed password, which is still pretty safe, but if the password is something simple like a dictionary word or just stupid, the hacker can perform a dictionary attack or even a brute force attack to determine the admin password. Such an attack is nearly impractical to run through the web interface.

So, assuming you changed the password from the default "letmein" and didn't change it to "admin123", and haven't sent a Private Message (which are stored in the exposed MDB) with the admin password, then the only security risk left is from the hacker somehow being able to upload a modified MDB back to the web server in the same location.

WWF will only allow a user to upload files to directories specified in the configuration record and only files with safe extensions like jpg and zip. So in order to upload the MDB with a new admin password hash, they had to modify the configuration record first, which they could not do without knowing the admin password.

As far as I can tell, except for a ridiculously simple admin password, the only way to truly hack the WWF MDB (even if it's stored in an unsafe location) is to compromise the host server.

IMHO

-------------
p.s. I'm not affiliated with Web Wiz Guide in any way. I'm just an average Web Wiz user repaying my debt for the use of their fine forum by trying to help other Web Wiz Guide users.