|
ISJX_YICK
New Member
France
68 Posts |
 Posted - 08 May 2002 : 04:54:11
|
well so much forum have been hacked now :( it would be great to know what is a "MUST DO IT NOW" regarding all fix i patched the
members.asp and the post.asp , is there also INC_Fonction.inc to do ?
i think that we should think about creating a special ASP which would randomly change every users password and send them an email with the new password.
because it's possible that they used the bug to get all members password...
to be sure, try to get your IIS log and look for the uri containing
members.asp with the member name in the params ... i'm sure we can know more about what was hacked ...
and btw were they able to "see" our password our only to "change" it ?
because in the first case as most of the users use the same pass everywhere ... well no need to tell more ....
Good Luck, we all have to work hard to counter thoses punks attacks!!
too bad that it seems that too few people are aware of the current bug ... it should be important to send an email to ALL snitz members about that so that they correct it asap imho
may be with the coding included rather than links to other topics ...
i hope this won't happen again, i was lucky to see that really fast and i don't think we lost any data in the database but it was just ;)
may be a new feature would be a log sent by email when any admin is logged on ... so that we would be alerted if someone stole our password...
just some ideas ...
WOW THAT's NICE !!! |
|
Topic Locked
