crackers_child
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=18101
Printed Date: 13 April 2026 at 12:12pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: crackers_child
Posted By: ToJaRo
Subject: crackers_child
Date Posted: 23 January 2006 at 10:42pm
|
I run a couple of WWF forums and noticed a unrecognized user signing up on two of my sites... The sites are unrelated and unlinked so when the same user showed up on both it peaked my interest. The user called themself crackers_child and had a made up email address @mycom.net. (Turkish ISP I believe). Anyway, nothing has happened to either of my sites because I watch them regularly and keep them updated both with WWF and my OS patches etc... I did a Google search on crackers_child and noticed that this user is showing up on several other WWF sites... not sure if they are fishing for unpatched WWF sites or what but it's awfully fishy to me... Any one else notice this user on your site?
FYI - I deleted this user and plan on upgrading to 7.97 tonight after I test (thanks for keeping us up to date Borg...  ) I run SQL version so maybe they were looking for an Access version.------------- ToJaRo http://www.thesoupbone.com - The SoupBone Community |
Replies:
Posted By: WebWiz-Bruce
Date Posted: 24 January 2006 at 2:34pm
|
Thanks for the heads up. They could well be looking for unpatched or insecurely setup forums. The Turkish hacker has been defacing allot of sites recently on forums where the Access database has not been secured. Version 7.97 will prevent this and add extra protection for all versions, but Access versions will not be secure unless the database is secured. The SQL version that you are using is much more secure and robust, I'm hoping that with version 8 most users will use either SQL Server or mySQL, to prevent the security, and performance issues that come with using Access. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: Ipshwitz
Date Posted: 31 January 2006 at 7:34pm
|
Kinda heartless sounding...
Most people don't think to put their database outside of their site root folder or even to change the name of it. Which makes it very easy for a person to download their access database. A search on google/yahoo, etc for a web wiz forum will show up many ppl using it. If the administrator doesn't think to at least rename the database, they almost deserve what happens to them.
It's stressed repeatedly in the readme file, setup docs, etc that you should do this. Another option you can do is Password protect the database and then just configure the common.asp file to login whenever it accesses teh database. (i believe that's the only file that needs updated).
|
Posted By: WebWiz-Bruce
Date Posted: 01 February 2006 at 9:32am
|
Password protected Access databases are not supported on allot of servers and with many Access password recovery tools out there they are extremely simple to crack. The latest version, 7.97, does add extra protection for Access users including security pop-ups when entering the admin area informing the user their forums database is not secure, with links to instructions on how to secure their database. Other security features also include having to re-enter passwords to enter the admin area, this should give extra protection against a hacker using data from a downloaded database as passwords are 160bit encrypted. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |