General Discussion - My forum was hacked, well ok they TRIED

Print Page | Close Window

My forum was hacked, well ok they TRIED

Printed From: Web Wiz Forums
Category: General Discussion
Forum Name: General Discussion
Forum Description: General discussion and chat on any topic.
URL: https://forums.webwiz.net/forum_posts.asp?TID=20922
Printed Date: 30 March 2026 at 1:18am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com

Topic: My forum was hacked, well ok they TRIED

Posted By: Scotty32
Subject: My forum was hacked, well ok they TRIED
Date Posted: 04 August 2006 at 10:46pm

i decided id set up a nice script that emails me when someone hits the custom 404 page, so i can fix any errors, it tells me what page they came from to get to it, so it helps debugging....

.. anyway i was greeted with a nice surprise today

Page Not Found
-----------------------

We found a page that was missing, the page was:
/forum/admin/database/wwForum.mdb

The page was referred by:

i found this highly amusing as, excluding the fact i use MSSQL, they thought id leave it in the "default location"

to make it funnier, my sites quite big, i got alot of posts and members, which is why i moved to MSSQL ages ago (i had to find a host that gave it away cheap)

it took me a while to also realise that .... the path is pointing to the old version 7 default location, and ... am running version 8

this would be hacker seems to have a very low IQ, anyway, i set up a nice suprise for next time they try

i hope they do

PS: anybody know the default location for version 8? as i cant be bothered downloading it to find out

-------------
S2H.co.uk - http://www.s2h.co.uk/wwf/" rel="nofollow - WebWiz Mods and Skins

For support on my mods + skins, please use http://www.s2h.co.uk/forum/" rel="nofollow - my forum .

Replies:

Posted By: the boss
Date Posted: 04 August 2006 at 11:09pm

can we know whats that surprise..

-------------
http://www.web2messenger.com/theboss">

Posted By: aks427
Date Posted: 04 August 2006 at 11:36pm

Probably a database with just one table and one result saying something.

Posted By: dfrancis
Date Posted: 04 August 2006 at 11:54pm

/forum/database/wwForum.mdb

Yeah... saying "something" LOL

I tried the email thing but on the nights when the PHP hackers fly through and look for old files to exploit, I end up with thousands of email to delete. I created a custom error that inserts into a sql db instead.

Posted By: dpyers
Date Posted: 05 August 2006 at 12:48am

http://www.plinko.net/404/ - http://www.plinko.net/404/

-------------

Lead me not into temptation... I know the short cut, follow me.

Posted By: MadDog
Date Posted: 05 August 2006 at 12:54am

Wanna share your 404 page Scott? :D

-------------
http://www.iportalx.net" rel="nofollow">

Posted By: Scotty32
Date Posted: 05 August 2006 at 1:37pm

aks427 wrote:

Probably a database with just one table and one result saying something.

close - its a database with one form, that gives them a nice message explaining its the wrong database

, pops up on start-up.

ive just noticed "/radio/admin/database/wwForum.mdb"

and its even appeared on another website as
"/forum/database/wwForum.mdb"
this otherwebsite doesnt even use WWF, so somethings goin on

MadDog wrote:

Wanna share your 404 page Scott? :D

my names acctually Matt, but sure:

i have a "custom error" page set up, am not sure how servers normally do it, but mine atleast does "http://www.domain.com/404.asp?404;http://www.domain.com/folder/page.asp"

so if your custom error page looks like that then it'll work:

       strEmailBody = "Page Not Found" & vbCrlf & "-----------------------" & vbCrlf & vbCrlf
        strEmailBody = strEmailBody & "We found a page that was missing in *your domain*, the page was: " & vbCrlf
        strEmailBody = strEmailBody & Mid(Request.QueryString(),5,(Len(Request.QueryString())-3)) & vbCrlf & vbCrlf
        strEmailBody = strEmailBody & "The page was referred by: " & vbCrlf
        strEmailBody = strEmailBody & Request.ServerVariables("HTTP_REFERER") & vbCrlf
        blnSentEmail = SendMail(strEmailBody, "your_name", "your_email", "your_domain", "from_email_address", "MISSING PAGE!", strMailComponent, false)

thats off the WWF site, so uses the WWF Email Function

-------------
S2H.co.uk - http://www.s2h.co.uk/wwf/" rel="nofollow - WebWiz Mods and Skins

For support on my mods + skins, please use http://www.s2h.co.uk/forum/" rel="nofollow - my forum .

Posted By: dpyers
Date Posted: 05 August 2006 at 2:03pm

I've been getting 404's on /images/blank.gif for a couple of weeks on several sites that are in the same link stream. In my situation it was referer spam.
- A site links to something that they won't find so they appear in your weblogs. They then submit the url for your weblog directory to the SE's who score a linkback for their site.

I tossed back a 500 - Server error instead of the 404 and they stopped doing it.

The requests were all coming from sites with an identical look and feel that were loaded with adwords.
The alternative way of handling it would have been to password protect the weblogs but that would have caused some issues with the client.

-------------

Lead me not into temptation... I know the short cut, follow me.

Posted By: Mikey
Date Posted: 05 August 2006 at 2:11pm

Scotty32 wrote:

i set up a nice suprise for next time they try

i hope they do

-------------
Handyman man?