Separate names with a comma.
Discussion in 'NMA News and Information' started by Odin, Sep 27, 2011.
So, that's why the Blacklist is blank? Has everyone been unbanned?
Wee, more hacking crap. Keeping all the info on a backup doesn't seem shitty and suspicious at all.
Thats the same as inviting someone to try oO
Wow... How lame and pointless to hack this site.
I'm using an ancient pw too so no big deal. Changing it now
edit: The email I use here is not my main one hehe
If a hacker really wants to be ethical, once they get into a system they just peak at the internal workings/security and then make a copy of some random config file that only an admin would have access to (for proof). Maybe add a brief message on the front page just so users know about it.
If a hacker does anything that compromises or destroys data, etc. then they lose the right to consider their act as being beneficial to others. Now if you are hacking an site that is through and through evil, maybe there is an argument to be made for that.
Well, some would consider us through and through evil.
In addition to:
you can use the mysql_real_escape_string() function before using a variable in a sql statement. A nice & easy tutorial can be found here
Florida IP? Doesn't Todd Howard have a vacation home there?
Mysql_real_escape_string() has to be applied to the mySQL statement, and Odin fessed up about not being all that savy of a programmer, so I was thinking of a global band-aid. By itself, it offers insufficient protection for a true SQL injection attack. It also does not escape % and _ wildcards in MySQL.
phpBB out of the box is very vulnerable to injection attacks. Even on its form posting it offers little in the way of protection.
Yo, hacker, I'm really happy for you an' Imma letchoo finish...
...but you just got told by the greatest deity of ALL TIME.
Todd Howard hacked NMA? That's just... just...
Hey I just beat the shit out of your car with a sledgehammer. Because... you know... I've got a sledgehammer and you had a car. I just wanted to be helpful and show you it could be done.
Oh and I also made a backup of your car before smashing it and I don't know why exactly I'm telling you that but it sounds cool I guess.
lol, OMG, I don't think anyone would believe me when I say what email I used to register at this place. Damn, have I really be here that long? Ok, netscape, let's see if I remember your password...
Looks like my old acc was either deleted as suspended, interesting, but it still let me enter using the old address. Everything else was deleted.
Word to the wise, only gmail and yahoo doesn't seem to delete acc after long periods of inactive use. Hm.., lost some old exes' contacts, oh well.
I'm not familiar with phpBB to be honest, but your code in combination with the mysql_real_escape_string would take care of most of the injections.