Jump to content

Archived

This topic is now archived and is closed to further replies.

Guest askjames01

Worse PHP attacks?

Recommended Posts

Guest askjames01
[b]ATTENTION:[/b] Geeks, CRacker, Hacker, Gurus... : )

What are you worse php attacks experiences...
I just want to hear it from you guys...

I believed discussing this topic will inform most of us PHP developers,
so that when we encounter these problem we all now have a little know how, to avoid
these malicious cases!
And maybe we can prepare to patch the holes!... in the future!


Waiting for your grudges and experiences...
thanks for your advance cooperation...


-/james
------------
Your good neighborhood



Share this post


Link to post
Share on other sites
[!--quoteo(post=342614:date=Feb 4 2006, 07:21 AM:name=askjames01)--][div class=\'quotetop\']QUOTE(askjames01 @ Feb 4 2006, 07:21 AM) [snapback]342614[/snapback][/div][div class=\'quotemain\'][!--quotec--]
[b]ATTENTION:[/b] Geeks, CRacker, Hacker, Gurus... : )

What are you worse php attacks experiences...
I just want to hear it from you guys...

I believed discussing this topic will inform most of us PHP developers,
so that when we encounter these problem we all now have a little know how, to avoid
these malicious cases!
And maybe we can prepare to patch the holes!... in the future!
Waiting for your grudges and experiences...
thanks for your advance cooperation...
-/james
------------
Your good neighborhood
[/quote]


Been hacked only once really. I guess it was brute foce. I opened my ftp and saw a random folder with a file in there. went to the link and it said "hacked by (whatever)".

But i'd say the most common is defacing. and the worst would be a buffer overflow.

Share this post


Link to post
Share on other sites
Guest askjames01
Hey! play?

what do you think it was
an egg drop like this --> [a href=\"http://www.eggheads.org/pipermail/eggheads/1999-November/001978.html\" target=\"_blank\"]http://www.eggheads.org/pipermail/eggheads...ber/001978.html[/a]

or a backdoor?

Is it hacked passing thru using LINUX, APACHE, FTP or the PHP script?
and by the way what was the OS for that case?
And who was your suspects and that time?

waiting for more details from you [b]play[/b]?


-/james/


-and also i remember a few months ago that phpfreaks.com was also hacked, i wonder who was their suspect? Did 'Eric' found out who did that to this website?
-and how many times did phpfreaks.com was hacked? What do you think?

Share this post


Link to post
Share on other sites
[!--quoteo(post=342706:date=Feb 4 2006, 02:10 PM:name=askjames01)--][div class=\'quotetop\']QUOTE(askjames01 @ Feb 4 2006, 02:10 PM) [snapback]342706[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Hey! play?

what do you think it was
an egg drop like this --> [a href=\"http://www.eggheads.org/pipermail/eggheads/1999-November/001978.html\" target=\"_blank\"]http://www.eggheads.org/pipermail/eggheads...ber/001978.html[/a]

or a backdoor?

Is it hacked passing thru using LINUX, APACHE, FTP or the PHP script?
and by the way what was the OS for that case?
And who was your suspects and that time?

waiting for more details from you [b]play[/b]?
-/james/
-and also i remember a few months ago that phpfreaks.com was also hacked, i wonder who was their suspect? Did 'Eric' found out who did that to this website?
-and how many times did phpfreaks.com was hacked? What do you think?
[/quote]


I have no idea how it was done. but the server OS was linux. I know it wasnt through any php coding of mine because at the time i didnt program in php. only css and html

Share this post


Link to post
Share on other sites
Guest askjames01
ah, huh!

intereseting...
did you used FTP at that time? if yes, then is it free? cause i have a feeling that they
maybe use that ftp as a method of hacking your site.

And what hosting company is that?



I think [b]BARAND[/b] can give more hacked experiences with us cause i think he is the most
experienced guy here.

Yo! brother what was your HACK ATTACK experiences?
I hope you can share ideas too...?

thanks n advance...


-/james

Share this post


Link to post
Share on other sites
wouldn't call it php but it was pretty bad. I manage a website for some friends, and their website is the base and order form of their business. I did daily backups on my server and i wasn't being very secure about it. Someone with a grudge found out about their site and my backups. They hacked my backups at around 1 in the morning, to ensure I wouldn't back up anytime soon, and then deleted their entire site.

I was saved because I had a backup of the site from about 2 weeks back, and not much had really changed.

Share this post


Link to post
Share on other sites
Guest askjames01
Yo, [b]steelman_[/b] bro!
long time no see... : )

I think you forgot to set up the gateway properly bro... am i wrong?
I found a lot of websites discussing TCP/IP hacking and cracking and listening...
And with some free tools with the hacking instructions...
but for the good purpose i don't want to show them here...
Just a good discussion maybe will inform us php gurus!

I think it's a hardware/server related hacking....
So what was your suspect?

In your case it was the "Habit of Saving files" saved you from disaster!
that's a good basic lesson...

Have you forgot to put some firewall with that server?
And did you caught the perpetrator?


Share this post


Link to post
Share on other sites
Not caught. It was saved on my webhost server, not on a personal server. I have this cheap hosting service, about 2.99 per month, and I just ftped the files to there. I didn't really think that he could ftp onto my account, but he managed.

The only thing that saved me was I had, for some odd reason, kept a copy saved on my personal computer

Share this post


Link to post
Share on other sites
Guest askjames01
Are you sure it's not the server administrator(s) of your Hosting company, that was playing with
your files?

And how did you know they used the FTP thing?
Thru my readings a website can be hacked using through TCP/IP hacking, and i think the windows platform is the weakest OS compare to LINUX...

Cause in my opinion The Best Hackers Knows how The Hardware related matter works...



Share this post


Link to post
Share on other sites
Guest askjames01
How about you do you have a BAD experiences with your website and that you also
suspected that your website has been hacked by someone out there!
Yeah, YOu alright! You!, the one reading this! : )

I know you have, and would also like to share your grudges!
Isn't it?

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.