Guest askjames01 Posted February 4, 2006 Share Posted February 4, 2006 [b]ATTENTION:[/b] Geeks, CRacker, Hacker, Gurus... : )What are you worse php attacks experiences...I just want to hear it from you guys...I believed discussing this topic will inform most of us PHP developers,so that when we encounter these problem we all now have a little know how, to avoidthese malicious cases!And maybe we can prepare to patch the holes!... in the future!Waiting for your grudges and experiences...thanks for your advance cooperation...-/james------------Your good neighborhood Quote Link to comment https://forums.phpfreaks.com/topic/3319-worse-php-attacks/ Share on other sites More sharing options...
play_ Posted February 4, 2006 Share Posted February 4, 2006 [!--quoteo(post=342614:date=Feb 4 2006, 07:21 AM:name=askjames01)--][div class=\'quotetop\']QUOTE(askjames01 @ Feb 4 2006, 07:21 AM) [snapback]342614[/snapback][/div][div class=\'quotemain\'][!--quotec--][b]ATTENTION:[/b] Geeks, CRacker, Hacker, Gurus... : )What are you worse php attacks experiences...I just want to hear it from you guys...I believed discussing this topic will inform most of us PHP developers,so that when we encounter these problem we all now have a little know how, to avoidthese malicious cases!And maybe we can prepare to patch the holes!... in the future!Waiting for your grudges and experiences...thanks for your advance cooperation...-/james------------Your good neighborhood[/quote]Been hacked only once really. I guess it was brute foce. I opened my ftp and saw a random folder with a file in there. went to the link and it said "hacked by (whatever)".But i'd say the most common is defacing. and the worst would be a buffer overflow. Quote Link to comment https://forums.phpfreaks.com/topic/3319-worse-php-attacks/#findComment-11315 Share on other sites More sharing options...
Guest askjames01 Posted February 4, 2006 Share Posted February 4, 2006 Hey! play?what do you think it was an egg drop like this --> [a href=\"http://www.eggheads.org/pipermail/eggheads/1999-November/001978.html\" target=\"_blank\"]http://www.eggheads.org/pipermail/eggheads...ber/001978.html[/a]or a backdoor?Is it hacked passing thru using LINUX, APACHE, FTP or the PHP script?and by the way what was the OS for that case?And who was your suspects and that time?waiting for more details from you [b]play[/b]?-/james/-and also i remember a few months ago that phpfreaks.com was also hacked, i wonder who was their suspect? Did 'Eric' found out who did that to this website?-and how many times did phpfreaks.com was hacked? What do you think? Quote Link to comment https://forums.phpfreaks.com/topic/3319-worse-php-attacks/#findComment-11322 Share on other sites More sharing options...
play_ Posted February 4, 2006 Share Posted February 4, 2006 [!--quoteo(post=342706:date=Feb 4 2006, 02:10 PM:name=askjames01)--][div class=\'quotetop\']QUOTE(askjames01 @ Feb 4 2006, 02:10 PM) [snapback]342706[/snapback][/div][div class=\'quotemain\'][!--quotec--]Hey! play?what do you think it was an egg drop like this --> [a href=\"http://www.eggheads.org/pipermail/eggheads/1999-November/001978.html\" target=\"_blank\"]http://www.eggheads.org/pipermail/eggheads...ber/001978.html[/a]or a backdoor?Is it hacked passing thru using LINUX, APACHE, FTP or the PHP script?and by the way what was the OS for that case?And who was your suspects and that time?waiting for more details from you [b]play[/b]?-/james/-and also i remember a few months ago that phpfreaks.com was also hacked, i wonder who was their suspect? Did 'Eric' found out who did that to this website?-and how many times did phpfreaks.com was hacked? What do you think?[/quote]I have no idea how it was done. but the server OS was linux. I know it wasnt through any php coding of mine because at the time i didnt program in php. only css and html Quote Link to comment https://forums.phpfreaks.com/topic/3319-worse-php-attacks/#findComment-11328 Share on other sites More sharing options...
Guest askjames01 Posted February 4, 2006 Share Posted February 4, 2006 ah, huh!intereseting...did you used FTP at that time? if yes, then is it free? cause i have a feeling that theymaybe use that ftp as a method of hacking your site.And what hosting company is that? I think [b]BARAND[/b] can give more hacked experiences with us cause i think he is the mostexperienced guy here. Yo! brother what was your HACK ATTACK experiences?I hope you can share ideas too...?thanks n advance...-/james Quote Link to comment https://forums.phpfreaks.com/topic/3319-worse-php-attacks/#findComment-11330 Share on other sites More sharing options...
steelmanronald06 Posted February 6, 2006 Share Posted February 6, 2006 wouldn't call it php but it was pretty bad. I manage a website for some friends, and their website is the base and order form of their business. I did daily backups on my server and i wasn't being very secure about it. Someone with a grudge found out about their site and my backups. They hacked my backups at around 1 in the morning, to ensure I wouldn't back up anytime soon, and then deleted their entire site.I was saved because I had a backup of the site from about 2 weeks back, and not much had really changed. Quote Link to comment https://forums.phpfreaks.com/topic/3319-worse-php-attacks/#findComment-11366 Share on other sites More sharing options...
Guest askjames01 Posted February 6, 2006 Share Posted February 6, 2006 Yo, [b]steelman_[/b] bro!long time no see... : )I think you forgot to set up the gateway properly bro... am i wrong?I found a lot of websites discussing TCP/IP hacking and cracking and listening...And with some free tools with the hacking instructions...but for the good purpose i don't want to show them here...Just a good discussion maybe will inform us php gurus!I think it's a hardware/server related hacking....So what was your suspect?In your case it was the "Habit of Saving files" saved you from disaster!that's a good basic lesson...Have you forgot to put some firewall with that server?And did you caught the perpetrator? Quote Link to comment https://forums.phpfreaks.com/topic/3319-worse-php-attacks/#findComment-11383 Share on other sites More sharing options...
steelmanronald06 Posted February 7, 2006 Share Posted February 7, 2006 Not caught. It was saved on my webhost server, not on a personal server. I have this cheap hosting service, about 2.99 per month, and I just ftped the files to there. I didn't really think that he could ftp onto my account, but he managed.The only thing that saved me was I had, for some odd reason, kept a copy saved on my personal computer Quote Link to comment https://forums.phpfreaks.com/topic/3319-worse-php-attacks/#findComment-11411 Share on other sites More sharing options...
Guest askjames01 Posted February 8, 2006 Share Posted February 8, 2006 Are you sure it's not the server administrator(s) of your Hosting company, that was playing withyour files?And how did you know they used the FTP thing?Thru my readings a website can be hacked using through TCP/IP hacking, and i think the windows platform is the weakest OS compare to LINUX...Cause in my opinion The Best Hackers Knows how The Hardware related matter works... Quote Link to comment https://forums.phpfreaks.com/topic/3319-worse-php-attacks/#findComment-11466 Share on other sites More sharing options...
Guest askjames01 Posted February 9, 2006 Share Posted February 9, 2006 How about you do you have a BAD experiences with your website and that you also suspected that your website has been hacked by someone out there!Yeah, YOu alright! You!, the one reading this! : )I know you have, and would also like to share your grudges!Isn't it? Quote Link to comment https://forums.phpfreaks.com/topic/3319-worse-php-attacks/#findComment-11498 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.