OSDev.org

Our dead Patat-forum seems to be hacked by a group called 'Innocent Boys'. They've put a message in a language I don't understand on it. Damn them, don't they have anything better to do?

-Kon-Tiki-

stupid brazilians...

Perhaps they have many things better to do... They just require more time and energy than hacking...

You should have upgraded to 1.5.1, it is a critical update because a major security bug was found and fixed... they hacked in using the YaBBPak manager stuff. Anyway, update to 1.5.1 to make your board secure.

Chris Cromer wrote: You should have upgraded to 1.5.1, it is a critical update because a major security bug was found and fixed... they hacked in using the YaBBPak manager stuff. Anyway, update to 1.5.1 to make your board secure.

that site is phpBB 2.0.0

Oh, well same thing goes for phpBB, they have a later version than 2.0.0, it is always wise to check the boards site often for updates. I always keep the most up to date version of forum software installed, that way I don't have to worry about old bugs tha can be hacked.

Kon-Tiki wrote: They've put a message in a language I don't understand on it.

It's Portuguese. I used Google translator to read it.


Robin Gravel

Yeah, it's an "interesting" message once you've translated it .

its babble-ish :-\

let's wish those crackers Interresting Times.

I wonder, how they do this over a php board? do they use escape sequences to smuggle some commands?

They find bugs in the boards by searching the net. Then they search the internet looking for victems with the same message board and version of it that has the bug.

These arn't real crackers, they are script kiddies, they use public bug sites to find vulnerabilities, then they follow the instructions on those site to cause it. They coudln't do "real" hacking so they use step by step instructions which where meant to be used by the developer to help fix the problems in the first place.

then there is nothing really magical like tricksing out figlet to issue dangerous unix system commands, when it is called by a perl script lingering in cgi-bin, which lacks proper regex-control to avoid exactly this crap: smuggling system commands.

I've got examples about this in a book. Use something mighty like perl. Use it without proper care ab't certain things. Open a door and wait for unbidden guests to come in. I just didn't realize, this is also possible with php. D(a)mn. I'll have to redisign some of the regex's i use in my conent management system.

ok ok...before we go on...someone will have to define what "real hacking" is. I personally think that a hacker is anyone who breaks into your private files and generally causes you to be annoyed if no real damage has been made.

cracker = someone who hacks into your stuff to destroy and cause mischeif.

hacker = same as a cracker only they do it for a good cause, to help the owner learn that there is a vulnerabiltiy, and they help them fix it

script kiddie = not a hacker or cracker, they are scum, they use publicly know "bugs" and readme files on how to exploit a bug a "real" hacker/cracker has already found. Basically script kiddies are like copy cats' they use what crackers found since they usually brag about it and post the steps. Then they just follow the step by step guide on how to destroy your system.

Chris Cromer wrote: script kiddie = not a hacker or cracker, they are scum, they use publicly know "bugs" and readme files on how to exploit a bug a "real" hacker/cracker has already found. Basically script kiddies are like copy cats' they use what use hackers and crackers steps that they found to hack the board, then they just repeat the steps.

Yeah but isn't that what learning is all about? Imitation? Besides, it's still annoying. The script kiddies, I mean.