Snitz Forums 2000 - My Snitz Forum has been HACKED

Snitz Forums 2000

Username:	Password:
Save Password
Forgot your Password?

All Forums

Help Groups for Snitz Forums 2000 Users

Help: General / Classic ASP versions(v3.4.XX)

My Snitz Forum has been HACKED

New Topic

Topic Locked

Printer Friendly

Author

Topic

nankingrevenge
Starting Member

36 Posts

Posted - 11 May 2002 : 17:56:10

My Snitz Forum 3.3.03 has been hacked. Check out the winboard.info forum. Has anyone else ever experienced this? What steps can one take to prevent future hacks?

I note that I am unable to FTP to my site (invalid password) so I've requested that my webhost reset my password and email me with the new one.

Sirius
Starting Member

45 Posts

Posted - 11 May 2002 : 18:29:39

Same thing happened to me. Note that all of these changes can be made through the admin options.
So someone has...
a) cracked the admin password
b) exploited some deficiency to bypass it.

Until I get more info, I've changed my admin password to something very long.
I would be interested to hear from the developers what they think is the case here. I can take care of my admin password, but if there is some other security hole I should plug I'd like to hear about it right away.
Thanks!

Deleted
deleted

4116 Posts

Posted - 11 May 2002 : 18:38:09

If you have searched for the words "hack" or "security" spanning last week, you would see a lot of topics providing solution.

Please check this: http://forum.snitz.com/forum/topic.asp?TOPIC_ID=27863

Think Pink
==> Start Internationalization Here

crash
Advanced Member

Netherlands
2064 Posts

Posted - 11 May 2002 : 18:38:48

via a simple fake query on the members.asp page. you both should update your files like talked about in here: http://forum.snitz.com/forum/forum.asp?FORUM_ID=118

Crash's Site | Crash is from

Edited by - crash on 11 May 2002 18:39:44

nankingrevenge
Starting Member

36 Posts

Posted - 11 May 2002 : 23:50:03

I note that not only was the site visually hacked, but also the user 'admin' was deleted. Can someone tell me how to restore the user 'admin'?

kimari
Starting Member

Spain
32 Posts

Posted - 12 May 2002 : 09:51:56

(first sorry for my english i'am spanish)
i have 2 SnitZforums

in 12 may 2002 hacked by DryWiev
:(

after i fix the bug of members.asp
and i include my code for the second password (hidden in the code) for protect the section Admin.
iI am very concerned and I have made this
i use the variables of session to control the acces at Admin control with a second pass hidden in the code

i created a file login_hidden.asp
whit this form
-------------------
<%if request.form("password")="" then%>
<form method="POST" action="login_hidden.asp">
<p align="center"><font color="#FFFFFF"><b><%=request.querystring("msg")%></b></font></p>
<div align="center">
<center>
<table border="0" width="100" bgcolor="#AAB2AB">
<tr>
<td width="50%">Password: </td>
<td width="50%"> <input type="password" name="password" size="10"></td>
</tr>
<tr>
<td width="100%" colspan="2">
<p align="center"><input type="submit" value=" acces " name="B1"></td>
</tr>
</table>
<br><font color="#FFFFFF"><br></font>
</center>
</div>
</form>
<%else
correct="mysecondpassword"
password=replace(request.form("password"),"'","")
if password=correct then
session("autorizacion")=3
response.redirect "admin_home.asp?"

else
session("autorizacion")=-1

end if

if session("autorizacion")=-1 or session("autorizacion")="" then
response.redirect "login_hidden.asp?msg=incorrecto"
end if
end if%>
-------

and in all files for the admin control:
admin_forum, admin_moderators, admin_config... all
i include in top this code

<%'Acces to second password
if session("autorizacion")<1 then
response.redirect "login_hidden.asp"
end if
%>

---------------
ITS CORRECT?¿
Thanks
Kimari

Edited by - kimari on 12 May 2002 09:55:06

Topic

New Topic

Topic Locked

Printer Friendly

Jump To:

Snitz Forums 2000

This page was generated in 0.58 seconds.