Meh, like I've said. I dont mind that people hack sites, its more of a sport for them. But he could have contacted me or some other admin and warned us instead, its not like he won any fame points by doing this.
NMA was hacked
- Thread starter Odin
- Start date
He could go back and brag to his fellow hackers. I imagine it'd be the mental equivalent of trying to brag to gangsters about stealing an old lady's purse.
Odin said:
Sure, I've done a fair amount with phpbb2 in the past so it's not too foreign. Happy to do whatever I can.
here is some quick fix help.
In your php.ini file, add
auto_prepend_file = filepath/scrubber.php
with filepath being actual physical location of a new file, scrubber.php
something like
C:/myphpfolder/someotherfolder/scrubber.php
in this new file, use notepad to create and edit, insert the following code between php start and stop calls
and restart your apache.
This will remove any nasty commands from GET variables.
It isn't a sure fire cure, but it is a band-aid.
In your php.ini file, add
auto_prepend_file = filepath/scrubber.php
with filepath being actual physical location of a new file, scrubber.php
something like
C:/myphpfolder/someotherfolder/scrubber.php
in this new file, use notepad to create and edit, insert the following code between php start and stop calls
Code:
array_walk($_GET, 'RemoveSQLInc');
function RemoveSQLInc(&$value, $key)
{
$search = array("/delete /i", "/update /i","/union /i","/insert /i","/drop /i","/#/i","/'/i","/=/i","/--/i");
$replace = '';
$value = preg_replace( $search, $replace,$value );
}This will remove any nasty commands from GET variables.
It isn't a sure fire cure, but it is a band-aid.
Thankfully this is the same password that I used on gawker when it got hacked, so it's already been released.
Unfortunately I know very little PHP and I also don't like it with all of its dollar signs. However, maybe for good sport I will try to clone this site in Rails 3 as my side learning project. It seems like a nice, expansive project and just perhaps it could be eventually useful.
Unfortunately I know very little PHP and I also don't like it with all of its dollar signs. However, maybe for good sport I will try to clone this site in Rails 3 as my side learning project. It seems like a nice, expansive project and just perhaps it could be eventually useful.
rabidpulse
First time out of the vault
I recently read this on XKCD and it got my rethinking about how i should make my passwords now.
http://www.xkcd.com/936/
Still I hate f'ing hackers.
http://www.xkcd.com/936/
Still I hate f'ing hackers.
shihonage
Made in USSR
He truly sounds like a person of integrity and control and I completely trust him not to sell the private information he stole.
Oh wait.
Oh wait.
Arcane Back Up Thrills
Arcane Back Up Thrills
Was using a 2005 P-word generated by NMA.
My hand scripting may have been accurate for each '05 change, but my penmanship for the exact date threw me into the tedious muzzle of trial and error.
New 2011 P-word recognized. Mission Accomplished!
NMA hostage data may be soon depicted on a milk carton near you!
4too
Arcane Back Up Thrills
Brother None said:
Was using a 2005 P-word generated by NMA.
My hand scripting may have been accurate for each '05 change, but my penmanship for the exact date threw me into the tedious muzzle of trial and error.
New 2011 P-word recognized. Mission Accomplished!
Implies malicious intent and evidence of an act of theft.Reconite said:
NMA hostage data may be soon depicted on a milk carton near you!
4too
whirlingdervish
Brahmin Cavalry Commander
hope this faggy little thief was using a proxy, otherwise his ISP is getting a call regarding malicious use of their network to perpetrate a crime.
Re: Arcane Back Up Thrills
Hey, I got that much. I meant why would he bother to try telling us he's a good guy in all of this and that he won't sell the data even though he stole it all anyway?4too said:Implies malicious intent and evidence of an act of theft.Reconite said:
Such a missed opportunity... If only he had deleted Kharn's postcount! 
I_eat_supermutants
Vault Senior Citizen
Well password changing again. Boy this is swell and unneeded.
Cimmerian Nights
So Old I'm Losing Radiation Signs
This never happens at Duck and Cover.
iridium_ionizer
Mildly Dipped
If a hacker really wants to be ethical, once they get into a system they just peak at the internal workings/security and then make a copy of some random config file that only an admin would have access to (for proof). Maybe add a brief message on the front page just so users know about it.
If a hacker does anything that compromises or destroys data, etc. then they lose the right to consider there act as being beneficial to others. Now if you are hacking an site that is through and through evil, maybe there is an argument to be made for that.
If a hacker does anything that compromises or destroys data, etc. then they lose the right to consider there act as being beneficial to others. Now if you are hacking an site that is through and through evil, maybe there is an argument to be made for that.
TheWesDude
Sonny, I Watched the Vault Bein' Built!
it doesnt really matter what password you use.
brute forcing MD5 passwords are easy.
plus there are only 128^2 possible "values" for a MD5 password.
especially if there is no "automatic account lockout" after X failed attempts.
and/or logging failed attempts.
if the only "protection" you use is MD5 hashing of passwords, you dont have any security.
brute forcing MD5 passwords are easy.
plus there are only 128^2 possible "values" for a MD5 password.
especially if there is no "automatic account lockout" after X failed attempts.
and/or logging failed attempts.
if the only "protection" you use is MD5 hashing of passwords, you dont have any security.
Wastewander
It Wandered In From the Wastes
Well, luckily the only other account I use this password on has a different e-mail. Just changed my password and will most likely change the other one just to be on the safe side.
So, that's why the Blacklist is blank? Has everyone been unbanned?
Wee, more hacking crap. Keeping all the info on a backup doesn't seem shitty and suspicious at all.