NMA was hacked

Discussion in 'NMA News and Information' started by Odin, Sep 27, 2011.

  1. Verevoof

    Verevoof Cryptid oTO Moderator Orderite

    Jul 12, 2009
    So, that's why the Blacklist is blank? Has everyone been unbanned?
     
  2. Hoxie

    Hoxie King Queer oTO Orderite

    May 19, 2008
    Wee, more hacking crap. Keeping all the info on a backup doesn't seem shitty and suspicious at all.
     
  3. Odin

    Odin Carbon Dated and Proud
    Admin

    Apr 2, 2003
    Thats the same as inviting someone to try oO
     
  4. Trank

    Trank Silent

    14
    Feb 3, 2011
    Wow... How lame and pointless to hack this site.
     
  5. lisac2k

    lisac2k Vault Senior Citizen
    Modder

    Oct 26, 2004
     
  6. PooftimusPrime

    PooftimusPrime First time out of the vault

    30
    Nov 25, 2008
    I'm using an ancient pw too so no big deal. Changing it now :-)

    edit: The email I use here is not my main one hehe
     
  7. iridium_ionizer

    iridium_ionizer Where'd That 6th Toe Come From?

    492
    Jul 24, 2007
    If a hacker really wants to be ethical, once they get into a system they just peak at the internal workings/security and then make a copy of some random config file that only an admin would have access to (for proof). Maybe add a brief message on the front page just so users know about it.

    If a hacker does anything that compromises or destroys data, etc. then they lose the right to consider their act as being beneficial to others. Now if you are hacking an site that is through and through evil, maybe there is an argument to be made for that.
     
  8. Brother None

    Brother None This ghoul has seen it all
    Staff Member Admin Orderite

    Apr 3, 2003
    Well, some would consider us through and through evil.
     
  9. Boomi

    Boomi First time out of the vault

    12
    Mar 17, 2005
    In addition to:

    you can use the mysql_real_escape_string() function before using a variable in a sql statement. A nice & easy tutorial can be found here
     
  10. Guiltyofbeingtrite

    Guiltyofbeingtrite Vault Dweller

    751
    Oct 13, 2008
    Florida IP? Doesn't Todd Howard have a vacation home there?
     
  11. Corith

    Corith Still Mildly Glowing

    292
    Apr 28, 2004
    Mysql_real_escape_string() has to be applied to the mySQL statement, and Odin fessed up about not being all that savy of a programmer, so I was thinking of a global band-aid. By itself, it offers insufficient protection for a true SQL injection attack. It also does not escape % and _ wildcards in MySQL.

    phpBB out of the box is very vulnerable to injection attacks. Even on its form posting it offers little in the way of protection.
     
  12. TwinkieGorilla

    TwinkieGorilla This ghoul has seen it all

    Oct 19, 2007
    Yo, hacker, I'm really happy for you an' Imma letchoo finish...

    ...


    ...but you just got told by the greatest deity of ALL TIME.
     
  13. Morbus

    Morbus Sonny, I Watched the Vault Bein' Built!

    Aug 16, 2006
    Todd Howard hacked NMA? That's just... just...

     
  14. Bengt

    Bengt First time out of the vault

    85
    Sep 15, 2009
    Hey I just beat the shit out of your car with a sledgehammer. Because... you know... I've got a sledgehammer and you had a car. I just wanted to be helpful and show you it could be done.
     
  15. Lexx

    Lexx Background Radiant
    Moderator Modder

    Apr 24, 2005
     
  16. Per

    Per Vault Consort Staff Member Admin

    Apr 1, 2004
    Oh and I also made a backup of your car before smashing it and I don't know why exactly I'm telling you that but it sounds cool I guess.
     
  17. Per

    Per Vault Consort Staff Member Admin

    Apr 1, 2004
     
  18. Nark

    Nark Sonny, I Watched the Vault Bein' Built!

    Dec 6, 2008
  19. Starseeker

    Starseeker Vault Senior Citizen

    Jul 25, 2003
    lol, OMG, I don't think anyone would believe me when I say what email I used to register at this place. Damn, have I really be here that long? Ok, netscape, let's see if I remember your password...

    Looks like my old acc was either deleted as suspended, interesting, but it still let me enter using the old address. Everything else was deleted.

    Word to the wise, only gmail and yahoo doesn't seem to delete acc after long periods of inactive use. Hm.., lost some old exes' contacts, oh well.
     
  20. Boomi

    Boomi First time out of the vault

    12
    Mar 17, 2005
    I'm not familiar with phpBB to be honest, but your code in combination with the mysql_real_escape_string would take care of most of the injections.