Jump to content

Techzones Up again

Conan

By Conan
in Websites and Boards

 Share

Recommended Posts

Conan

Conan

Posted
Posted

Techzones was hacked this morning by some jealous idiots. We have all of their IP's (thanks to Boogs taking some timely screenshots) and our Web Host is going to prosecute the people responsible for this. We're back online once again.:dance

Link to comment
Share on other sites

xper

xper

Posted
Posted

I can't imagine how he did it. Someone said bruteforce pass in Admin CP, well how? I know some programs for cracking passwords (ftp, pop3, nt servers or whatever) with bruteforce, but for vB Admin CP, that sounds unknown. He found another way to penetrate, like cross-site scripting or sendings javascript code.

Yeah, vBulletin is known for many exploits.

One of many:

http://online.securityfocus.com/archive/1/264020

Link to comment
Share on other sites
FthrJACK

FthrJACK

Posted
Posted

thats what i said, it wasnt brute force because the server would stop taking requests after a bit, it was probably done by injecting java into the templates and then snatching the passwords, or by a PHP exploit sending the admin pass or config.php, encrypted or otherwise to a webserver or email account.

anyways, glad u have it sorted rev and know whos to blame.

Link to comment
Share on other sites
Blackwar

Blackwar

Posted
Posted

well i don't know if you guys heard but i found a way by searching on the net that there were scripts written to take brute force dic's and attack the server, and whenever the server gets interrupted, there is an interval..

I think anyone who knows php here and there can do this very easily. You just tell the script to read off a wordlist, and then add a "$if" command so when it shows an error page, it skips it and continues on.. It's pretty hard to explain .. wish i could show it to u guys..

I would post the link, but for security reasons , i won't

:nerves

Blackwar

EDIT -- W00t! , on to level four :)

Link to comment
Share on other sites
FthrJACK

FthrJACK

Posted
Posted

yeh i know what you mean BW, i dont think it would be hard to write such a script, if url = the failure page then it just tries again. most people use words and numbers in thier passwords these days anyhow, so dictionary attacks are pretty lame and are probably only usefull for getting into young kids email accounts ... hardly worth the hassle, a hacker would bust in not mess around with brute forcing like that.

Link to comment
Share on other sites
Blackwar

Blackwar

Posted
Posted

well in my opinion, brute force dic attacks are still pretty powerful if and only if you use very comprehensive wordlists..

I've seen ones that are over 60 megs :eek:

now that is a wordlist

Blackwar

Link to comment
Share on other sites
Blackwar

Blackwar

Posted
Posted

well me and boogs were talking about that stuff the other day.. He said they are looking into reporting and making sure the people who did it get their deserved amount of punishment.. And hopefully, they will :)

Link to comment
Share on other sites
Big Booger

Big Booger

Posted
Posted

well I have another theory.

Let's say someone got the administrative password by other means, say key logger, a rival forum that knew the password, or some other means. The question remains, why? I mean, techzonez is a small site. We aren't really in any competition with anyone. We maintain a friendly environment, are supportive of other forums, and basically just want to absorb new members, assist where we can, and enjoy the net.

Now ask yourself this, why attack techzonez?

It doesn't make sense to me... So I pose this question to you all, why do you think someone would try to hack the site?

Further, I am gonna guess that it wasn't a brute force attack BW, as you are assuming reverend's password was a word, when in fact it might have not been a word at all, for example

kjihuhbnjkhh200341

So that word above would be in the dictionary of the brute force attack? I think not... but I could be wrong.

Further, how can you use a brute force attack if Reverend's hosts' server suspends logins after a small number of unsuccessful login attempts?

I am more inclined to think that this was an educated guessing attack which can only succeed if a large number of guesses can be made in a reasonable amount of time.

or through some other means...

The perpetrators will be caught, and if not, then let it be a warning, once you ruffle the feathers, the next time the chicken might peck at you...

BB

Link to comment
Share on other sites
Blackwar

Blackwar

Posted
Posted

well see, I agree with you Boogs, but as far as i know, a dictionaries purpose is to try different combinations of passwords in a given amount of time, which is like it would try "123123123asldkhj" then "123123123asldkhj2" etc etc.. About the time thing, that really can be passed by , like a script, per say PHP script.. and then when you forward that php script, you can also set an interval of reading from the dic file.. And as far as i know, no host can control the number of logins allowed on a specifc script. If there is anything that is going to block login from vBulletin, it is vBulletin it's self indeed. It is pretty confusing ofcourse, im not saying it is true, but there is a possibility imo.. :hohum

Blackwar

Link to comment
Share on other sites
piaqt

piaqt

Posted
Posted
The perpetrators will be caught, and if not, then let it be a warning, once you ruffle the feathers, the next time the chicken might peck at you...

BB

Appropriate warning for that peckerwood!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...