why is zth always being hacked??

[Torment]

i just sent & replied a bunch of PMs yesterday! it's very frustrating to have things like this happen over and over again! have any steps been taken to rectify this? i propose that a daily backup should be seriously considered. short posts or PMs might be easier to replace, but long well thought out ones are not.

 

[vestax]

When this shit happens , the hosting always gets the blame :rolleyes: , daily back up ? maybe you should propose to tom , that you're willing to be a volunteer and help him back up daily . Cause we conduct back up every 4 days .

Read up on SQL Injections :

Source by :
http://www.securiteam.com/securityreviews/5DP0N1P76E.html

The following article will try to help beginners with grasping the problems facing them while trying to utilize SQL Injection techniques, to successfully utilize them, and to protect themselves from such attacks.

Credit:
The information has been provided by SK.

Details
1.0 Introduction
When a machine has only port 80 opened, your most trusted vulnerability scanner cannot return anything useful, and you know that the admin always patch his server, we have to turn to web hacking. SQL injection is one of type of web hacking that require nothing but port 80 and it might just work even if the admin is patch-happy. It attacks on the web application (like ASP, JSP, PHP, CGI, etc) itself rather than on the web server or services running in the OS.

This article does not introduce anything new, SQL injection has been widely written and used in the wild. We wrote the article because we would like to document some of our pen-test using SQL injection and hope that it may be of some use to others. You may find a trick or two but please check out the "9.0 Where can I get more info?" for people who truly deserve credit for developing many techniques in SQL injection.

1.1 What is SQL Injection?
It is a trick to inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.

1.2 What do you need?
Any web browser.

2.0 What you should look for?
Try to look for pages that allow you to submit data, i.e: login page, search page, feedback, etc. Sometimes, HTML pages use POST command to send parameters to another ASP page. Therefore, you may not see the parameters in the URL. However, you can check the source code of the HTML, and look for "FORM" tag in the HTML code.

more info?
One of the earliest works on SQL Injection we have encountered should be the paper from Rain Forest Puppy about how he hacked PacketStorm.
http://www.wiretrip.net/rfp/p/doc.asp?id=42&iface=6

Great article on gathering information from ODBC error messages:
http://www.blackhat.com/presentations/win-usa-01/Litchfield/BHWin01Litchfield.doc

A good summary of SQL Injection on various SQL Server on
http://www.owasp.org/asac/input_validation/sql.shtml

Senseport's article on reading SQL Injection:
http://www.sensepost.com/misc/SQLinsertion.htm

 

[gti88]

Torment,

Relax la, you think Tom and the host likes it whenever it happens ?
shit happens right ? so sometimes you'd just have to live with it ..

 

[Torment]

not blaming the hosting yet vesty, merely enquiring. not the 1st or 2nd or 3rd time this thing happen rite, i dun think have to wait until someone say it to know that daily backup is a feasible option under such circumstances.

thanks for the links, will read up on them. :)

 

[Torment]

i reckon they don't either. i can live with shit happening, but how many time have i gotta live with the same shit happening over & over again? actually what frustrates me is that i keep losing PMs to these hacks, i'm not blaming vesty or tom it's not their fault shit happens, just want to know if there's a way to minimised damage. :)

 

[starwing]

That article was dated May 2002 wo ..

 

[vestax]

The article 2002 but then its the same mah , anyway starwing , you claim your self to be a hacker , so i bet you should know how sql injections work , and its not a new thing .

How to minimise ? well to tell u the truth , no matter how good is the security of the server it still happens , cause sql injections are access by using port 80 , so if firewall block port 80 :lol: , cannot access the web lo . Well the best is to get the forum updated , cause currently this Invasion Board is on version 1.3.1 kind of outdated , anyway we are updating v2.0 board .

 

[jinkl]

aiyaa..
hackers come hackers go ..
which site la so bullet proof hehe..
must be some kids la playing with injection tercucuk TOM lolx..
let point our finger on.. errrm errrmm.. no one

 

[vestax]

I hope all of you understand that my position in here is to look after the server , as in monitoring the network , the server performance , errors , rebooting and etc etc .

Just to make things clear , im not the Administrator for Zerotohundred.com , Tom is the one & only Admin in here . So this forum is basically being managed by Tom him self , so updating / patching up the forum suppose to be Tom's job .

But since we are very understanding and since zerotohundred users are very demanding , we do extra's & take extra responsibility just to make sure that , Zth serves the community better .

Our responsibility is to keep the server runing , backing up the server every 4 days , getting the latest updates , and do what a normal server admin does .

Asking us to back up the forum daily is abit too much , 12GB aint small , it may sound little to some of you guy's . Day by day its growing , it gets bigger day by day . There are more then 30,000 picture attachment files , like i said its still growing .

Here is a scenario , car parks act like servers , cause they host parking space to who ever wants to park , they'll provide the space , basic security such as cctv , guards are deployed and the maintainance works on the mechinery , ticket system is all done by the Parking Co = Hosting . But then as a car owner , he should be aware that the car park security ain't enough , even with high tech security system being engage in the car , the car is still at risk , and if the car gets jacked who is resposible for its lost ? the Parking Co ? the Owner ? , Or the surrounding who witness it but didn't do anything about it ?.

What im trying to say is , shit happens and it happens for a reason , when this shit occur , all we can do is learn from mistakes , try to improve what we are capable at . As for the surroundings who talks about it and doesnt do anything , they should take some responsibility too .

Tom sorry for this write up , cause seeing some of the posting , its really a let down for us . After working long hours in the datacenter 9pm - 2am and now monitoring the forum at 6am while doing upgrades to the forum , and then seeing some posting , really no motivation for us :lol: , which at that time i could have gone to town and check out some chicks at the club :lol:

 

[jinkl]

hehe in datacentre :P
muhahaha.. how is it.. freezing cold ka

 

[jinkl]

vestax : everyone mistaken u as admin :D hehe cos u more active than tom hehehehe .. what to do .. some of them dunno the structure of zth ..

ok let me post the structure..

Admin : TOM
Moderator : TOM
Owner : TOM
Super User : TOM
Root : TOM
SQL Admin : TOM
FTP Admin : TOM

so all TOM ? tom where got free 24/7 to do website maintenance
as well as he dint give out Moderating power or maintenance power to anyone else. So how la he gonna take all the work load. Some websites go through updates weekly , i mean Php script updates la. just see http://www.k-otik.com/exploits/ .. see how many exploits discovered for Php alone at this date..

So kena hack , kena hack lorr.. site is big enough to be aimed by hackers..
they just want to pass their msg and gain their pride.

Server maintenance : Vestax ( not zth maintenance )

aiyaaaa.. lepak la Torment :P i also lost my PM's ..

 

[vestax]

Jin Tom doesn't have access to Root , but i do :) .

 

[dollah]

Heh, PM can see already.

why ?

1. This is IPB version 2.0, I set the skin to be like previous version. But it is for 1.3.1.

2. I thought everything ok, but I did not check the PM section.

3. Heh, if PM gone, can revert back to 1.3.1 but there will be potential to get hacked again.

4. Hehehe, yes we suppose to do Server maintaince only . Not, Script updating , script patching , Zerotohundred.com Support Staff etc. We manage servers.

Vestax, everything is ok now. Already put the default skin for IPB 2.0. PM can be SEEN already.

 

[Torment]

here's sum motivation for u vestax. :lol: dun say i dun appreciate wat u do now.[attachmentid=43520]

 

[acbc]

I love DCs... used to camp overnight from 9PM to 7AM maintaining servers and taking advantage of the super high speed networks there. Lots of bandwidth at your disposal.

Those were the good old days...

Anyway, keep up the good work vestax. I know that sometimes people just don't know the responsibilities of a sysadmin.

Mind you, the sysadmin is like a commander. He or she has to plan strategies and make decisions that will affect everyone. Sometimes, we have to sacrifice many things and take the shit from those who don't understand.

 

[dollah]

acbc .. my record is 18 hours straight. at myloca.

from 2 am till 8pm next day

 

[sakuraguy]

a friend of mine ..


Quote:
Originally Posted by sakuraguy
Update .. Update ! .. Accessed tremek.com yesterday, but cant login.. says database error .. mmmm ... wonder why? ..

also yesterday my car club site has been hacked "www.zerotohundred.com" all postings after 18th March 2005 gone ..


...SakuraGuy...

----------------------------------------------------------------------------------------------------


He said ...

First thing you do when you get hacked is contact your vBulletin provider and tell them this. They will trace the IP adress and the hacker will be cought unless they took some other poor dude ISP. Be aware many hackers are trying to get into people personal info. I hate hackers like that!!. Those are not even hackers....those are cyber-terrorist or criminal.
Hacker:
One who is proficient at using or programming a computer; a computer buff.
One who uses programming skills to gain illegal access to a computer network or file.

Cyber-terrorist: a programmer who breaks into computer systems in order to steal or change or destroy information as a form of cyber-terrorism

a programmer for whom computing is its own reward; may enjoy the challenge of breaking into other computers but does no harm; "true hackers subscribe to a code of ethics and look down upon crackers" 4: one who works hard at boring task

 

[jinkl]

sakaruguy :
hackers this days are not like last time , they jump through several anonymous proxies to finally reach their destination.. no doubt you can trace them..
but the money spent to trace them are more better used to buy 100plus ..bring up the forum ..

and we zth not using vbulletin
we are using the Invision Board free version
thus we do not get support from Invision because its free edition..
the paid one comes with updates and support :)

 

[jinkl]

Originally posted by dollah@Mar 19 2005, 14:40
Heh, PM can see already.

why ?

1. This is IPB version 2.0, I set the skin to be like previous version. But it is for 1.3.1.

2. I thought everything ok, but I did not check the PM section.

3. Heh, if PM gone, can revert back to 1.3.1 but there will be potential to get hacked again.

4. Hehehe, yes we suppose to do Server maintaince only . Not, Script updating , script patching , Zerotohundred.com Support Staff etc. We manage servers.

Vestax, everything is ok now. Already put the default skin for IPB 2.0. PM can be SEEN already.

[snapback]823149[/snapback]​

muahahha.. IPB 2 looks chun ler..
PM section is running up already..
small problem jer.. attachments quote set to 0 bytes wor..
this skin looks more better for the eyes hehee..
thanks for doing it although its not ur job. thums up ok :D

 

[vestax]

Hahah acbc , nowdays the datacenter clever , they cap the lines , so that you don't steal free bandwidth from them :lol: .

I`ve spend more then 12 hours in the DC , damn man its cold , Myloca is the coldest among all DC i`ve been . At that time Cyber was so dead , no mamak , notting to eat , had to go to putrajaya prisint 8 , just for a cup of hot coffee :lol: .

Worst thing , have to work during public holidays , in the middle of the night , it suck so bad man . :lol: Now got mamak in Street Mall " Hassan " , damn the service there suck big time , but atleast can see some MMU chicks :lol: