Author |
Topic |
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 15 May 2002 : 02:20:16
|
goto the admin_login.asp page and login there. Then go back to the default.asp page. |
|
|
Hopeton
Starting Member
4 Posts |
Posted - 15 May 2002 : 03:12:23
|
That worked! Thanks. So it seems as if they were able to get in as admin, change the password, change the site status to 'down', modify the down.asp to show their message (Hacked by...). How do I prevent this in the future?
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
|
James
Average Member
USA
539 Posts |
Posted - 15 May 2002 : 21:30:31
|
quote:
The default global.asa file that is put in the root web <snip>
Thanks Richad. BTW, could you update the IPs as needed in this post or another one?
- *Interested in Radio Control* *The RC Web Board - http://www.rcwebboard.com/* |
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 15 May 2002 : 21:52:04
|
Those are just the IPs that have attempted to hack this site. That's the only ones that I have put in there. My suggestion would be to install the MOD that foo wrote so you will be e-mailed the IP Address when someone tries to hack your forum, and then just update the IP Address list in the global.asa file as you get them. Most of these IP Address are dynamic, so the person doing the hacking won't have the same IP Address everytime. |
|
|
MDGamezz
Junior Member
USA
100 Posts |
Posted - 15 May 2002 : 22:55:21
|
Richard , Is it possible to ban a block of IP's using global.asa ? Example being 195.175.???.??? .
I currently use the ban ip mod. It's very limited on space though. Thank you.
MDGamezz |
|
|
alex042
Average Member
USA
631 Posts |
Posted - 16 May 2002 : 08:51:46
|
Banning IP's is not the answer. This will end up being a time consuming and fruitless venture and will end up punishing legitimate people who just happen to pull the same DHCP number of a banned IP while the hacker pulls a new number and rehacks the site again.
The best disaster recovery program will prepare for the inevitible to happen. Keep regular backup copies of the entire site just in case something happens. I found this out the hard way when my ISP's server crashed and they didn't have an adequate disaster recovery program initiated. I ended up losing my entire website.. almost 500mb, 100's of files because their backup wasn't recoverable. Fortunately, I had most of the files on my hard drive, but it's taking me several weeks to rebuild it back to what it was before the server crash. Now, I keep a backup copy locally.
In the meantime, the best we can do is learn how the hackers got in and close each hole as they find them.
|
|
|
Classicmotorcycling
Development Team Leader
Australia
2084 Posts |
Posted - 15 June 2002 : 18:40:15
|
I got one as well from this mod..
213.45.51.201 - 6/15/2002 11:36:08 PM
The owner if the IP is Telecom Italia Net. Just a regular joe trying to be funny me thinks.. Maybe not after I reported him/her.
I would still love to know what the code is to try it on my site. *hint, hint*
quote:
hehe....I´ve got one from the hackpatrol:
62.xx.128.xxx - 5/10/2002 2:11:23 AM
Morten (x´s by me)
Edited by - morten on 09 May 2002 21:18:09
Cheers,
Clasicmotorcycling |
|
|
Dan Martin
Average Member
USA
528 Posts |
Posted - 18 June 2002 : 01:49:30
|
I've been running this for about a month, and suprisingly only had two hits. Either way, great idea on the mod. Even though I've not found any good use for the IPs, I'm sure it gave the wannabee hackers a scare.
|
|
|
raw
Starting Member
45 Posts |
Posted - 18 June 2002 : 10:45:31
|
I have my own anti hacking measure but it's not on the fly.
In inc_top.asp I added this
<!--#INCLUDE FILE="inc_redirect.asp" -->
Then created a page caled inc_redirect.asp and it contains this
<% if request.ServerVariables("remote_addr")= "24.57.33.27" or request.ServerVariables("remote_addr")= "192.127.94.7" or request.ServerVariables("remote_addr")= "64.218.161.249" then response.redirect("http://www.fbi.gov") window.open("http:/www.fbi.gov") end if if request.ServerVariables("remote_addr")= "203.108.88.169" or request.ServerVariables("remote_addr")= "216.0.189.130" or request.ServerVariables("remote_addr")= "144.132.100.189" then response.write "<script>alert ('owned')</script>" end if %>
I will admit it's childish but I scared off a hacker trying to post a URL (which is in my bad words list now) that stole cookie information. Myself and the other admin were on the site at the time and changed our passwords immediately.
This hacker used an img src=blah onerror=window.open('url') so if you opened a thread he snagged your password. We ended up playing him for a fool and net sending some messages to his machine.
Anyway this is what my bad words list consists of now.
:glow|<TH>|<script|<object|onload|144.132.100.189|onerror
|
|
|
E*DAVE
Starting Member
USA
49 Posts |
Posted - 18 June 2002 : 10:49:36
|
Yeah, that guy was easy
|
|
|
raw
Starting Member
45 Posts |
Posted - 18 June 2002 : 10:50:40
|
Speak of the devil. Here's my other admin.
Edited by - raw on 18 June 2002 10:51:06 |
|
|
Dan Martin
Average Member
USA
528 Posts |
Posted - 22 June 2002 : 16:43:38
|
I like your use of the bad word filter. Can I ask, why <TH>? And what is :glow?
-Dan
|
|
|
fillup07
Starting Member
2 Posts |
Posted - 29 June 2002 : 14:40:55
|
I just found this site and I think I'm gonna switch my site from Yabb (www.yabbforum.com) to Snitz because it is ASP based.
I was curious about something... (my YABB forum got hacked as well), how exactly do they find/get in and change the admin password? And what does this patch do to fix it?
|
|
|
blackinwhite
Average Member
Turkey
657 Posts |
Posted - 29 June 2002 : 15:19:24
|
quote:
I just found this site and I think I'm gonna switch my site from Yabb (www.yabbforum.com) to Snitz because it is ASP based.
I was curious about something... (my YABB forum got hacked as well), how exactly do they find/get in and change the admin password? And what does this patch do to fix it?
The general security hole that was recently came to surface was a "sql injection" kinda thing.
this is a common method that most of the SQL-using codes exposed. You can search in google about the issue.
|
|
|
Topic |
|