Outpost Universe Forums
Community => News => Topic started by: xfir on January 10, 2004, 07:17:36 PM
-
We were hacked.
Now, don't let this alarm you. No damage was done.
The problem has been resolved.
As a note though, the shoutbox will stay offline until I can get it more secure (and make sure it isn't on EVERY page)
-
Thread is gone... And so is my finely crafted message... *sob*
Well, No matter :) We're secure again ^_^ :P
-
Who/what was responsible for it?
And how did they do it? (I'd be willing to help "patch" the shoutbox.... I'm guessing they injected SQL thru it..?)
edit: You should use a regular expression to remove stuff that starts with ibf_ from the shoutbox, preventing the database from being touched.
-
No... Zircon explained it, but at length.
Basically, this version is now a "pure" Invision 1.3 Final..
-
YAY, now y was my skin different from wht i had it at? I just barely had to change it back. Could it of had something to do with this hack?
-
Actually, I deleted all the old skins and reuploaded everything.
That is the reason for the switch back to the default skin.
-
Xfir: The skin sets are still stored in the database.. Should I go in and delete them out?
Also, make sure you re-CHMOD'ed the uploads/ and html/emoticons/ folders to 777.
-
Xfir: The skin sets are still stored in the database.. Should I go in and delete them out?
Also, make sure you re-CHMOD'ed the uploads/ and html/emoticons/ folders to 777.
That's all done already. I took care of everything.
-
I liked the shout box, it's the first time i've seen one on a forum
-
I hate it when people do stupid things like that. Hacking is okay the way it is being used in our case, because we just want to try to keep this game alive. When you hack a forum or a site, that's just wrong.
-
NOooooo THE SHOUTBOX!!!!! sob.... :'( :'( ......
-
well now theres no shoutbox people should come on irc and chat there.
-
With out the shoutbox, luweeg is powerless lol.
-
:'( I feel sad cause nobody was in IRC when I needed my OP2 fix*....Not even Leviathan. Don't cry Luqeeg we all loved the shoutbox :'( . Will it ever come back......
-
:'( I feel sad cause nobody was in IRC when I needed my OP2 fix*....Not even Leviathan. Don't cry Luqeeg we all loved the shoutbox :'( . Will it ever come back......
Yes it will come back.. but I want to redo some portions of it.
-
Yeah, all you gotta do is stop SQL injection.....
(What you could do, is use eregi() or something to remove words like UPDATE, DELETE, INSERT, DROP, CREATE, etc.
Btw I consider OP2 "hacking" more "cracking" and "reversing" than hacking... Those words define it better.
-
so change ur name to racking lol.
-
i'm beginning to think lev makes money off us visiting the shoutbox :lol:
-
you mean IRC? or the shoutbox?
-
the shoutbox
Um, yeah the shoutbox.
And this topic is going (OT).
-
Xfir how long to you think it would take to bring the shoutbox back?
-
Xfir how long to you think it would take to bring the shoutbox back?
I may take the board offline tonight to make the modifications.
-
k, as long as it is back up and running tommorrow.
-
As you can see, the shoutbox is back.. there currently isn't a fader though.. I don't plan on adding one..
Also, I plan to take the forum down again on Sunday for another modification.
-
yay shoutbox is back
-
I like using the smilies in the shoutbox. Xfir are you gonna be adding that back in?
-
smilies work in the shoutbox.
-
How do get the smilies in the shoutbox. Do you have to enter something like 8) <--- this to get it to work?
-
How do get the smilies in the shoutbox. Do you have to enter something like 8) <--- this to get it to work?
Well.. you could try clicking the link above the box where you enter your shout. :whistle:
-
x, are you 100% sure that the new shoutbox is hack resistant? (no such thing as 100% hack proof)
-
um, hack resistant? i don't think there is a 100% hack resistant. There is a class at my school that quit trying to put that sort of security on the comps cause hackers get around it.
-
Technically, there is no way to execute PHP or MySQL commands through the shoutbox or through the forum (at least to my knowledge, but I know there isn't through the shoutbox)
-
well, only way i can c the forum really being hacked, is if someone knows xfir's codes.
-
Who is responsible for this outrageous event?!
-
www.icehack.com, I think.
And yes I'm sure there are ways in the forum that hacking could be done.
-
why would somone want to hack the forum anyway?
-
watch, beta is going to answer that question on the next page
-
Why do they want to hack a forum?
Interesting question.. most of the time they do it to prove that they can do it.
-
dang, beta was supposed to say that lol, but i agree
-
so they hack a forum
whoop de do, not somthing you can brag to your friends about
now if you hacked into the control center for icbm's and launched one at china, then people would be impressed, right before you get shot for starting WW3
-
Well, technically, hacking forum software is a lot harder than it sounds.. and it proves that nothing is invunerable.
-
why would somone want to hack the forum anyway?
I believe it's revenge.
-
I don't think so, the only people who would want revenge on use are Kiler and Xkr, both of whom I do notthink have the experience let alone the meterials needed to do it. I think it was someone trying out their new hacking abilities.
-
All he did was leave a little message (in x-firs name), someone evilminded knowing of that exploit could have easily screwed up the entire forum...
(im just comparing the different outcomes, one message compared to a wiped user database for example)
He "informed" us of our lacking security which i think was pretty good actually so that we could prevent any possible evil minded persons ^ ...
And it's not like he "hacked" the forum, He used an already known exploit...
A real hack is when you figure out an exploit no one else knows about...
(atleast that's my opinion)
-
i wouldn't know, i don't know how to hack, so, my opinion, anything that gets around security that isn't a virus, worm, or ect, is a hack.
-
All I know how to do is a backround search using only email and ip.
-
i wouldn't know, i don't know how to hack, so, my opinion, anything that gets around security that isn't a virus, worm, or ect, is a hack.
So is breaking a cipher considered a hack?
All he did was leave a little message (in x-firs name), someone evilminded knowing of that exploit could have easily screwed up the entire forum...
(im just comparing the different outcomes, one message compared to a wiped user database for example)
He "informed" us of our lacking security which i think was pretty good actually so that we could prevent any possible evil minded persons ^ ...
And it's not like he "hacked" the forum, He used an already known exploit...
A real hack is when you figure out an exploit no one else knows about...
(atleast that's my opinion)
Yes, this is good that he didn't do any major damage.
-
well, i meant web based stuff, enlighten me if ciphers are web based.
-
Technically, http://www.xfir.net/xfir/itsasecret.php (http://www.xfir.net/xfir/itsasecret.php) is a web-based cipher.
So, in effect, ciphers can be web-based. But I can understand your idea.. I think you instead intended Internet Security.
-
just wondering, I remember when op2hacker decrypted our cyphers that we were having fun with, I was just wondering how he did that lol
it probly has abunch of computer junk that only he and fellow hackers know how to read lol