GoFuckYourself.com - Adult Webmaster Forum - View Single Post - How can these hackers insert passes to my passwd file.

chupacabra · 10-31-2002, 11:19 AM

alibaba, if you are using a third-party processor like iBill, ccBill, etc., they most likely are not adding the password pairs through any security hole in your server, much more likely that they are being added through a weakness or exploit in the scripts of your processor... we use ccBill, and occasionally will see 'rogue' password pairs appear out of nowhere like this... if using ccBill, check the ccBill logs in your /secure directory, you will see that the password pairs in question were in fact added by the processors script somehow, and will usually even have a subscription ID number associated w/ them that is bogus... i've spoken to ccBill at length about this issue in the past, and some of the higher tech's there have acknowledged that the system has been compromised on occasion, and it is to be expected w/ such a far-flung processor... many undesirables are probably plugging away at this very moment looking for a hole. they always get them plugged quickly it seems, and i just delete the errant password pairs when they arrive. a real point of interest to me is that most of the pairs that appear unexpectedly never show any usage in my pw sentry logs, which has always baffled me... happy halloween all you freaks..!

10-31-2002, 11:19 AM
chupacabra Confirmed User Join Date: Sep 2002 Posts: 3,626	alibaba, if you are using a third-party processor like iBill, ccBill, etc., they most likely are not adding the password pairs through any security hole in your server, much more likely that they are being added through a weakness or exploit in the scripts of your processor... we use ccBill, and occasionally will see 'rogue' password pairs appear out of nowhere like this... if using ccBill, check the ccBill logs in your /secure directory, you will see that the password pairs in question were in fact added by the processors script somehow, and will usually even have a subscription ID number associated w/ them that is bogus... i've spoken to ccBill at length about this issue in the past, and some of the higher tech's there have acknowledged that the system has been compromised on occasion, and it is to be expected w/ such a far-flung processor... many undesirables are probably plugging away at this very moment looking for a hole. they always get them plugged quickly it seems, and i just delete the errant password pairs when they arrive. a real point of interest to me is that most of the pairs that appear unexpectedly never show any usage in my pw sentry logs, which has always baffled me... happy halloween all you freaks..!