Jump to content

Recommended Posts

yup me. I thought to myself Is this for real whats going on.

So pressed escape before the redirect and the checked the html source and found this in phpfreaks html

<body>
<META HTTP-EQUIV="Refresh" CONTENT="0; URL=http://xsaimex.net">

Link to comment
https://forums.phpfreaks.com/topic/144551-xsaimexnet/#findComment-758563
Share on other sites

We thought it was a flaw in SMF. Eventually we found out that one of the admin accounts on the forums had been used by an IP address in Latvia to modify the ads to have the meta redirects instead. Bloody idiots could at least have done it during day hours instead of in the middle of the night (for me)...

Link to comment
https://forums.phpfreaks.com/topic/144551-xsaimexnet/#findComment-758570
Share on other sites

I'm curious as to how they got an admin account without SOME type of exploit in SMF code.  my password is a random mixture of letters, numbers, and symbols.  and there are no english words or dates/years in my password. I'm fairly sure the other admins passwords are of similar caliber, which makes me believe it is possibly a flaw in SMF source

Link to comment
https://forums.phpfreaks.com/topic/144551-xsaimexnet/#findComment-758625
Share on other sites

well if they can get into Mysql and figure out salt then they could dehash your passwords

 

that website had music downloads... now they are gone lol but now it has a lot of script kiddie tools so i would bet that it was not the owner of the website but it was a user of it and might have used some of the tools off that site.

Link to comment
https://forums.phpfreaks.com/topic/144551-xsaimexnet/#findComment-758861
Share on other sites

I'm curious as to how they got an admin account without SOME type of exploit in SMF code.  my password is a random mixture of letters, numbers, and symbols.  and there are no english words or dates/years in my password. I'm fairly sure the other admins passwords are of similar caliber, which makes me believe it is possibly a flaw in SMF source

 

Reminds me of the movie hackers....

 

GOD is the number 1 password used, how dumb is that. lol

Link to comment
https://forums.phpfreaks.com/topic/144551-xsaimexnet/#findComment-758877
Share on other sites

Although this current incident is not directly related to SMF I am still for a switch. Believe me when I say I tried to make a connection to SMF but I really don't think there is one. It doesn't appear that they brute forced their passwords either. So it could still end up being some unknown exploit in SMF but I don't think that is the case.

 

 

Link to comment
https://forums.phpfreaks.com/topic/144551-xsaimexnet/#findComment-758892
Share on other sites

Another scenario could be that the passwords were retrieved from somewhere else, i.e. a vulnerability on another site revealed the passwords.

 

What about the option that SMF coded a "sleeper" in their code? Someone who found it or knew about it used to exploit it.

 

I know VBB code's sleeper's in their code, maybe SMF did the same?

Link to comment
https://forums.phpfreaks.com/topic/144551-xsaimexnet/#findComment-758899
Share on other sites

Sleeper code? As in a trojan? I doubt it. It's open source and someone would eventually find it. It would instantly ruin their reputation.

 

I take it SMF is free? I guess I never looked into it.

 

I know VBB does it so they can "thwart" people from using it who did not pay for it. I do not know if they still practice it, but I know at one point they had that in their code.

Link to comment
https://forums.phpfreaks.com/topic/144551-xsaimexnet/#findComment-758919
Share on other sites

I disagree.

 

SMF is a brilliant piece of software.

 

I highly doubt that SMF has an exploit in it.

 

If htey managed to log in it can't be session stealing or some kind of XSS as SMF asks for verification of password when someone logs in.

 

It is possible though, another site got attacked that the admin in question was a member of and someone managed to get their password?

 

Either that or careless password management.

 

Either way, I will bet my house on the fact it is not a security flaw in SMF.

Link to comment
https://forums.phpfreaks.com/topic/144551-xsaimexnet/#findComment-758945
Share on other sites

Sleeper code? As in a trojan? I doubt it. It's open source and someone would eventually find it. It would instantly ruin their reputation.

 

I take it SMF is free? I guess I never looked into it.

 

I know VBB does it so they can "thwart" people from using it who did not pay for it. I do not know if they still practice it, but I know at one point they had that in their code.

 

I know they had a callback function to see if someone paid, then if they didn't they changed a setting to close the board and bring up the "unlicensed" message.

 

However I very much doubt they coded a backdoor so they could access the site.

Link to comment
https://forums.phpfreaks.com/topic/144551-xsaimexnet/#findComment-758952
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.