'[Sandy] Forum hacked and database erased'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       osflash-sandy
Subject:    [Sandy] Forum hacked and database erased
From:       mengpg2 () engene ! se (Marcus Engene)
Date:       2007-08-30 13:14:47
Message-ID: 46D6C2C7.9010705 () engene ! se
[Download RAW message or body]

Hi!

I intend to rant a litle bit now: isp:s providing php have to an 
amazingly stubborn extent held on to PHP4 which has no bind variable 
support in the API for postgres and I think not for mysql either. So 
looking at the phpbb code there is stupid escape routines for text 
strings and several db:s had problems with these ' -> \' ish functions 
having loopholes when using for example utf-8. Luckily the php-gang is 
now doing coup forcing isp:s to upgrade by stopping supporting php4.

This situation upsets me slightly so I have to blow some steam about it 
from time to time. ;-P

Ranting regards,
Marcus

kiroukou wrote:
> HI Marcus,
>
> Well there's a security issue in IPB forums I guess. They make the  
> administrator receive a password recovery mail, and benefit from  
> omething here to get into the administrator account.
> I'm kind of warned that something is wrong since I received a  
> recovery mail that I don't want, but it is too late, they change the  
> admin password. Afterthat, the time to go into the database, they  
> empty the forum rooms.
>
> I'm gonna to check the yahoo forum, but also look at phpBB3 (even if  
> RC5).
>
> Bruce > yes you are right.. Thanks :)  But that's true that it is  
> really dissapointing. All that information/knowledge wasted. But as  
> you said, it will have even more in the near future :)
>
> Thomas
>
> Le 30 ao?t 07 ? 00:05, Marcus Engene a ?crit :
>
>   
>> How was it hacked? Via sql injection or did they manage to log in  
>> to the
>> server?
>>
>> Personally I find Yahoo forums convenient, they allow forum files,  
>> read
>> online, mail forward, link section etc. But they send html mails which
>> looks like (us style) christmas trees by default.
>>
>> Best regards,
>> Marcus
>>
>> kiroukou wrote:
>>     
>>> yes I'm sure.
>>> The blog database has a backup, but unfortunately for us, the forum
>>> one (why did I created another one??!!) isn't.
>>>
>>> And I don't have done any backup for months....
>>>
>>>
>>>
>>> Le 29 ao?t 07 ? 23:19, jerome birembaut a ?crit :
>>>
>>>
>>>       
>>>> what?
>>>>
>>>> are you sure chipal lost all data?
>>>> he tell me today the server is in dns tranfert process and it will
>>>> return
>>>> tomorow
>>>>
>>>> 2007/8/29, Petit <petit at petitpub.com>:
>>>>
>>>>         
>>>>> This is too bad Thomas, in the short run.
>>>>> At the same time it is true that the oldest posts were not useful
>>>>> anymore,
>>>>> except of course as a history trail.
>>>>>
>>>>> Hopefully in a few days we'll have a new forum.
>>>>>
>>>>> I had a look at Google Groups and in my opinion it doesn't have  
>>>>> that
>>>>> cosy feeling of home.
>>>>> It is a bit anonymous, and as often is the case at Google sites, it
>>>>> isn't very user friendly.
>>>>>
>>>>> In my opinion, it would be nice if we had a good forum application
>>>>> hosted somwhere safe.
>>>>> If it has a real database, such as MySQL, which is backed up it
>>>>> would be
>>>>> fine.
>>>>>
>>>>> And for the contents - well we'll fill it with non sense,  
>>>>> guesses and
>>>>> good advice as always ;-)
>>>>> For it to be effective, it should be possible to upload images,
>>>>> code and
>>>>> live swiffs.
>>>>>
>>>>> /Petit
>>>>>
>>>>>
>>>>> kiroukou wrote:
>>>>>
>>>>>           
>>>>>> I'm sadly annouce that the forum has been hacked (once again) and
>>>>>> worst, database has been destroyed this time.
>>>>>>
>>>>>> Thiking that my gracious free host was doig some automatic  
>>>>>> backup, I
>>>>>> haven't done some manually. Bad inspiration since it was not the
>>>>>> case, and I dont have any backup of our great forum.
>>>>>>
>>>>>>
>>>>>> You certainly just can't imagine how disapointed I am, all the  
>>>>>> hard
>>>>>> work people here have done, knowledge database, contributions ...
>>>>>> Well everything is lost.
>>>>>>
>>>>>>
>>>>>> Now I have a bad feeling with forum and hesitate to open up one
>>>>>> more.
>>>>>> If some of you have some ideas : using google group,etc. let me
>>>>>> know !
>>>>>>
>>>>>> What a lost!
>>>>>>
>>>>>> Thomas
>>>>>>             



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic