| Author |
 Topic  |
|
|
JoJo
New Member
USA
55 Posts |
 Posted - 22 September 2002 : 21:07:16
|
One of my forum visitors got this message today when attempting to access the forums, for about 15 minutes:
"The URL has been modified! Possible Hacking Attempt!"
I am running version 3.4.01.
Can anybody please tell me what occurred there, what I need to look for, and anything I might need to do? The forums look fine.
Thanks,
JoJo
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 22 September 2002 : 21:20:44
|
What was this user trying to do? Certainly he tried to access some pages without specifying the proper URL (pop_delete.asp or pop_lock.asp)... Ask him and let me know.
This messages shows when some pages aren't properly called, meaning that the QueryString values they get called with are incorrect. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
Edited by - ruirib on 22 September 2002 21:23:27 |
 |
|
|
JoJo
New Member
USA
55 Posts |
Posted - 22 September 2002 : 21:26:09
|
Well, according to her:
First e-mail from her:
"Jojo i just got a url warning saying possible hack attempt! When i tried to go back to forums"
And her reply after I asked her what occurred:
"I was on [another page on the site], then I clicked forums to go over and read more posts and it said url closed hacker attempt. So I closed window and tried typing in babysnark and got the reply several times then I gotback thru no problem about 5:20 or so for 5 or ten mins, the url thing was not operating."
So I assume she meant she clicked on the "Forums" link on the site navigation, which would bring her to /forum/default.asp.
I will post more data when I can get it from her. Any ideas, in the meantime?
Muito obrigada,
JoJo
|
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 22 September 2002 : 21:32:30
|
I didn't even know that the forum showed these messages, until you posted about that. A quick search showed that the message is present only in three files: pop_delete.asp pop_open.asp and pop_lock.asp and only shows in a specific condition met by all the values these pages should get from the query strings. So the would be hacker had to be your user...
I wouldn't worry too much. Try to find out what she really did. It would be interesting to know that.
Ah, é um prazer poder ajudar. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
JoJo
New Member
USA
55 Posts |
Posted - 22 September 2002 : 23:48:47
|
Well, I got from her exactly what she did, and it's exactly what I thought -- she clicked on a navigation link from another page on my site, which goes to /forums/default.asp. She's definitely not hacking (she's one of my best friends, and is completely computer illiterate). So I haven't got a clue why her attempt to access the forum would have presented the right conditions to give that error. I saw the code in those ASP's earlier, but I just don't know why she would have gotten the error (especially just trying to go to default.asp).
Something else odd happened last night, which was I found myself logged in to the forum as my user account, not my admin account (but I did not log out of my admin account). Also, all the topics in the forums showed up as "unread" even though they were read (and previously showed up as "read"), and I had not deleted my browser history or temp internet files. I don't know why that occurred either. But I changed my admin password to be on the safe side!
Well, if you have any ideas about *any* of the above, I'd like to hear them.
Thanks again !!! It's great to read some Portuguese again. It's been a long time! 
Ciao,
JoJo
|
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 23 September 2002 : 01:25:08
|
| the only way you would show up as logged in as another user is if someone logged in as that user on your specific computer. They would have had to physically log in from your computer. |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
JoJo
New Member
USA
55 Posts |
Posted - 23 September 2002 : 21:09:30
|
Muito obrigada, Rui !!!
I remember all the umbrellas on tables at outside cafe's, which always said "Chao" all over them. Also "Compal". 
Yeah, I quit worrying yesterday evening when the forum was fine and kept on being fine.
It turns out today that her computer is all screwed up and she is mid-doing a complete restore on it. So probably something bizarre happened to her cookies or something. She had actually done 2 out of 3 restore disks and was operating with a partially-restored computer. Wheee!!!
Thanks again,
JoJo (Joana em Portuguese) |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
JoJo
New Member
USA
55 Posts |
Posted - 23 September 2002 : 23:17:07
|
Hi Rui!,
If I could get people in the USA to pronounce "Joana" with the Portuguese pronunciation, I would go by that name always. 
Chao & thanks again!,
JoJo
|
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
| |
Topic |
|
Topic Locked
.