Fucking hackers

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • theking
    Nice Kitty
    • Sep 2002
    • 21053

    #1

    Fucking hackers

    ...got to me...on every site I had...and affected me in a bad way with google. My host told me that I would have to download everything from my host and go through it all to find the problem/problems. I am in the process of doing this but it is a real time consuming process and will probably take me a month or more and in the meantime all of my sites are dead. In addition they told me to change my password on my account.

    A question are sites written in PHP more vunerable than sites written in HTML? I assume that there is not anyway to stop hackers but what is the state of the art way to make it more difficult for them?
    When you're running down my country hoss...you're walking on the fighting side of me!

    FOR THE LYING LOWLIFE POSTING AS PATHFINDER...http://gfy.com/fucking-around-and-pr...athfinder.html
  • HorseShit
    Too lazy to set a custom title
    • Dec 2004
    • 17513

    #2
    What exactly is the matter with your brain?

    Comment

    • d-null
      . . .
      • Apr 2007
      • 13724

      #3
      I've lost ALOT of google trust on some domains in the past due to hackers, it is an extreme piss off

      __________________

      Looking for a custom TUBE SCRIPT that supports massive traffic, load balancing, billing support, and h264 encoding? Hit up Konrad!
      Looking for designs for your websites or custom tubesite design? Hit up Zuzana Designs
      Check out the #1 WordPress SEO Plugin: CyberSEO Suite

      Comment

      • marketsmart
        HOMICIDAL TROLL KILLER
        • Dec 2004
        • 20419

        #4
        Originally posted by theking
        but what is the state of the art way to make it more difficult for them?
        keep them out of your server to begin with...

        meaning that if you dont know what you are doing then make sure your host does..

        Comment

        • mmcfadden
          So Fucking Banned
          • Oct 2008
          • 5099

          #5
          Originally posted by Justin
          What exactly is the matter with your brain?
          give him some comfort man... jeez

          i just lost my google revenue and decided that anyone that fucks with me will get a serious ass beating....

          i still don't have my google ranking but i do feel better ;)

          Comment

          • st0ned
            Confirmed User
            • Mar 2007
            • 8437

            #6
            It is usually something simple, like leaving your .htaccess open. However there are vulnerabilities in certain scripts which would allow them access. Without more info it is really hard for us to offer input on the situation. Javascript injections?
            Conversion Sharks - 1,000+ adult dating offers, traffic management, and consistently high payouts.
            We will guarantee and beat your current EPC to win your dating traffic!
            Skype: ConversionSharks || Email: info /@/ conversionsharks.com

            Comment

            • theking
              Nice Kitty
              • Sep 2002
              • 21053

              #7
              Originally posted by marketsmart
              keep them out of your server to begin with...

              meaning that if you dont know what you are doing then make sure your host does..
              That seems to be an impossibility as large companies get hacked, the government gets hacked.
              When you're running down my country hoss...you're walking on the fighting side of me!

              FOR THE LYING LOWLIFE POSTING AS PATHFINDER...http://gfy.com/fucking-around-and-pr...athfinder.html

              Comment

              • d-null
                . . .
                • Apr 2007
                • 13724

                #8
                I've heard of situations where one customer on a shared server runs a vulnerable script can put all of the customers on that server at risk

                __________________

                Looking for a custom TUBE SCRIPT that supports massive traffic, load balancing, billing support, and h264 encoding? Hit up Konrad!
                Looking for designs for your websites or custom tubesite design? Hit up Zuzana Designs
                Check out the #1 WordPress SEO Plugin: CyberSEO Suite

                Comment

                • marketsmart
                  HOMICIDAL TROLL KILLER
                  • Dec 2004
                  • 20419

                  #9
                  Originally posted by theking
                  That seems to be an impossibility as large companies get hacked, the government gets hacked.
                  thats like saying "people rob houses, so why bother locking the door"..

                  you can keep out the majority of the script kiddies and low level hackers with some basic security..

                  most hosts are complacent when it comes to security, but some actually work hard to keep their networks and customers servers secure..

                  i am willing to bet that your server was hacked because it was not maintained on a consistent basis..

                  Comment

                  • Platinumpimp
                    Logos and such.
                    • Jan 2004
                    • 10214

                    #10
                    Originally posted by d-null
                    I've lost ALOT of google trust on some domains in the past due to hackers, it is an extreme piss off
                    But at the end of the day they are still nerds behind their computers, with only an online life.
                    I design logo's.

                    Comment

                    • sortie
                      Confirmed User
                      • Mar 2007
                      • 7771

                      #11
                      Originally posted by theking
                      ...got to me...on every site I had...and affected me in a bad way with google. My host told me that I would have to download everything from my host and go through it all to find the problem/problems. I am in the process of doing this but it is a real time consuming process and will probably take me a month or more and in the meantime all of my sites are dead. In addition they told me to change my password on my account.

                      A question are sites written in PHP more vunerable than sites written in HTML? I assume that there is not anyway to stop hackers but what is the state of the art way to make it more difficult for them?
                      Where are you hosted?

                      Comment

                      • ProG
                        Confirmed User
                        • Apr 2009
                        • 1319

                        #12
                        what did the hackers do? I've seen them modify templates and such with iframes/embeds, just curious what they did to you
                        History will be kind to me for I intend to write it.

                        Comment

                        • seeandsee
                          Check SIG!
                          • Mar 2006
                          • 50945

                          #13
                          Originally posted by theking
                          ...got to me...on every site I had...and affected me in a bad way with google. My host told me that I would have to download everything from my host and go through it all to find the problem/problems. I am in the process of doing this but it is a real time consuming process and will probably take me a month or more and in the meantime all of my sites are dead. In addition they told me to change my password on my account.

                          A question are sites written in PHP more vunerable than sites written in HTML? I assume that there is not anyway to stop hackers but what is the state of the art way to make it more difficult for them?
                          html is hackers problem :D
                          BUY MY SIG - 50$/Year

                          Contact here

                          Comment

                          • niche25
                            GoFuckYourself
                            • Nov 2006
                            • 407

                            #14
                            Your host sounds special... "your fucked, good luck and change your password!"

                            Good luck. I'm not sure what it could be if your sites are completely down and you have to download your sites to find out what's wrong... doesn't make much sense.

                            Most hackers drop iframe or javascript on sites but hackers usually want the site up and running - not down.

                            Comment

                            • directfiesta
                              Too lazy to set a custom title
                              • Oct 2002
                              • 30135

                              #15
                              Originally posted by niche25

                              Most hackers drop iframe or javascript on sites but hackers usually want the site up and running - not down.
                              Those are thieves....

                              Real hackers are using your site(s) like a wall to paint graffitis.

                              I could put a link here of advanced advertized defacing from a group with the word " zone " in it 's name ... but I wont.

                              They list 100's of sites defaced, erased evey single day. They even have some vids of it on utube and were interviewed ( masked ) by major TV network.

                              It is a sport to them
                              I know that Asspimple is stoopid ... As he says, it is a FACT !

                              But I can't figure out how he can breathe or type , at the same time ....

                              Comment

                              • raymor
                                Confirmed User
                                • Oct 2002
                                • 3745

                                #16
                                Originally posted by theking
                                A question are sites written in PHP more vunerable than sites written in HTML? I assume that there is not anyway to stop hackers but what is the state of the art way to make it more difficult for them?
                                As of the latest report, something like 85% of all server hacks came through PHP.
                                So yes, PHP is by FAR the most likely way for your server to get hacked. Zend recognizes
                                this huge problem, but fixing some of the problems would make certain old code stop working,
                                so they can;t just fix everything immediately. The most recent version of PHP closes some
                                of the most obvious gigantic security holes in PHP itself, but it's still horrible. The upcoming
                                PHP 6 is slightly better, but still pretty bad. As an example, currently ANY PHP script
                                will allow hackers to upload any file they want onto your server. That's a HUGE security
                                hole built right into the language and there's not much that the person writing the script
                                can do about it. If your host runs Apache "SuExec", which several large hosts do, that's
                                even worse because that means all visitors to your site have the same rights to your files
                                that you do when you FTP. The combination is SuExec and PHP version 4.0 or less takes
                                down sites every day.

                                Add to that the one thing that everyone who likes PHP says about it - "PHP is so easy.
                                Anyone can write PHP, with no programming training required." Exactly. Any idiot can write
                                a PHP script and thousands of idiots do. If these people who have never taken a single
                                programming class or read a single computer science book were writing software for your
                                desktop, that would just mean there would be a bunch of crappy software available. But
                                take all this crap written by clueless people, in a braindead language, and put it on a public
                                web server and you have the worst computer security nightmare in history.

                                You've read about some of the more well known hacks, like NATS. We hear about smaller
                                programs being hacked a couple of week - almost always through stupid PHP scripts.

                                Your web host or admin can set several security related settings for PHP in the PHP
                                configuration file, php.ini. Setting some of these as restrictive as possible may reveal
                                security holes in some of your scripts, when HP refuses to execute certain parts of them.
                                Those scripts can be fixed. It's almost always just one or a few lines that need to be fixed
                                to make the script more secure, so it'll work in a more secure environment. Unless, of
                                course, the scriptor was dumb enough to use dozens of autoglobals spread all throughout
                                the code, with no central validation routine that can be used to populate them properly.
                                Similarly, if you're not using PHP 5 you can update first and some of the worst holes
                                from PHP 4 will be patched. Some scripts written for PHP 4 may have used deprecated
                                functions that were available, but not supposed to be used. They may have some small
                                problems under PHP 5, which is improved and has removed or changed some of the
                                worst things people could do under PHP 4.

                                We're also just starting to test a new service where we heck several thousand possible
                                security issues on your server. We make sure that it complies with the standards that
                                the department of defense uses for military computers. It's a pretty thorough scan which
                                will find a couple of dozen problems on a typical web server. However, it's brand new to
                                us, something we're testing. It's good enough for the military, so it's probably quite good,
                                but I can't make any guarantees of the quality just yet.
                                For historical display only. This information is not current:
                                support@bettercgi.com ICQ 7208627
                                Strongbox - The next generation in site security
                                Throttlebox - The next generation in bandwidth control
                                Clonebox - Backup and disaster recovery on steroids

                                Comment

                                • sortie
                                  Confirmed User
                                  • Mar 2007
                                  • 7771

                                  #17
                                  Originally posted by raymor
                                  As of the latest report, something like 85% of all server hacks came through PHP.
                                  So yes, PHP is by FAR the most likely way for your server to get hacked. Zend recognizes
                                  this huge problem, but fixing some of the problems would make certain old code stop working,
                                  so they can;t just fix everything immediately. The most recent version of PHP closes some
                                  of the most obvious gigantic security holes in PHP itself, but it's still horrible. The upcoming
                                  PHP 6 is slightly better, but still pretty bad. As an example, currently ANY PHP script
                                  will allow hackers to upload any file they want onto your server. That's a HUGE security
                                  hole built right into the language and there's not much that the person writing the script
                                  can do about it. If your host runs Apache "SuExec", which several large hosts do, that's
                                  even worse because that means all visitors to your site have the same rights to your files
                                  that you do when you FTP. The combination is SuExec and PHP version 4.0 or less takes
                                  down sites every day.

                                  Add to that the one thing that everyone who likes PHP says about it - "PHP is so easy.
                                  Anyone can write PHP, with no programming training required." Exactly. Any idiot can write
                                  a PHP script and thousands of idiots do. If these people who have never taken a single
                                  programming class or read a single computer science book were writing software for your
                                  desktop, that would just mean there would be a bunch of crappy software available. But
                                  take all this crap written by clueless people, in a braindead language, and put it on a public
                                  web server and you have the worst computer security nightmare in history.

                                  You've read about some of the more well known hacks, like NATS. We hear about smaller
                                  programs being hacked a couple of week - almost always through stupid PHP scripts.

                                  Your web host or admin can set several security related settings for PHP in the PHP
                                  configuration file, php.ini. Setting some of these as restrictive as possible may reveal
                                  security holes in some of your scripts, when HP refuses to execute certain parts of them.
                                  Those scripts can be fixed. It's almost always just one or a few lines that need to be fixed
                                  to make the script more secure, so it'll work in a more secure environment. Unless, of
                                  course, the scriptor was dumb enough to use dozens of autoglobals spread all throughout
                                  the code, with no central validation routine that can be used to populate them properly.
                                  Similarly, if you're not using PHP 5 you can update first and some of the worst holes
                                  from PHP 4 will be patched. Some scripts written for PHP 4 may have used deprecated
                                  functions that were available, but not supposed to be used. They may have some small
                                  problems under PHP 5, which is improved and has removed or changed some of the
                                  worst things people could do under PHP 4.

                                  We're also just starting to test a new service where we heck several thousand possible
                                  security issues on your server. We make sure that it complies with the standards that
                                  the department of defense uses for military computers. It's a pretty thorough scan which
                                  will find a couple of dozen problems on a typical web server. However, it's brand new to
                                  us, something we're testing. It's good enough for the military, so it's probably quite good,
                                  but I can't make any guarantees of the quality just yet.
                                  I have heard similar things but never could determine the accuracy of the sources.

                                  Comment

                                  • theking
                                    Nice Kitty
                                    • Sep 2002
                                    • 21053

                                    #18
                                    Originally posted by raymor
                                    As of the latest report, something like 85% of all server hacks came through PHP.
                                    So yes, PHP is by FAR the most likely way for your server to get hacked. Zend recognizes
                                    this huge problem, but fixing some of the problems would make certain old code stop working,
                                    so they can;t just fix everything immediately. The most recent version of PHP closes some
                                    of the most obvious gigantic security holes in PHP itself, but it's still horrible. The upcoming
                                    PHP 6 is slightly better, but still pretty bad. As an example, currently ANY PHP script
                                    will allow hackers to upload any file they want onto your server. That's a HUGE security
                                    hole built right into the language and there's not much that the person writing the script
                                    can do about it. If your host runs Apache "SuExec", which several large hosts do, that's
                                    even worse because that means all visitors to your site have the same rights to your files
                                    that you do when you FTP. The combination is SuExec and PHP version 4.0 or less takes
                                    down sites every day.

                                    Add to that the one thing that everyone who likes PHP says about it - "PHP is so easy.
                                    Anyone can write PHP, with no programming training required." Exactly. Any idiot can write
                                    a PHP script and thousands of idiots do. If these people who have never taken a single
                                    programming class or read a single computer science book were writing software for your
                                    desktop, that would just mean there would be a bunch of crappy software available. But
                                    take all this crap written by clueless people, in a braindead language, and put it on a public
                                    web server and you have the worst computer security nightmare in history.

                                    You've read about some of the more well known hacks, like NATS. We hear about smaller
                                    programs being hacked a couple of week - almost always through stupid PHP scripts.

                                    Your web host or admin can set several security related settings for PHP in the PHP
                                    configuration file, php.ini. Setting some of these as restrictive as possible may reveal
                                    security holes in some of your scripts, when HP refuses to execute certain parts of them.
                                    Those scripts can be fixed. It's almost always just one or a few lines that need to be fixed
                                    to make the script more secure, so it'll work in a more secure environment. Unless, of
                                    course, the scriptor was dumb enough to use dozens of autoglobals spread all throughout
                                    the code, with no central validation routine that can be used to populate them properly.
                                    Similarly, if you're not using PHP 5 you can update first and some of the worst holes
                                    from PHP 4 will be patched. Some scripts written for PHP 4 may have used deprecated
                                    functions that were available, but not supposed to be used. They may have some small
                                    problems under PHP 5, which is improved and has removed or changed some of the
                                    worst things people could do under PHP 4.

                                    We're also just starting to test a new service where we heck several thousand possible
                                    security issues on your server. We make sure that it complies with the standards that
                                    the department of defense uses for military computers. It's a pretty thorough scan which
                                    will find a couple of dozen problems on a typical web server. However, it's brand new to
                                    us, something we're testing. It's good enough for the military, so it's probably quite good,
                                    but I can't make any guarantees of the quality just yet.
                                    Makes sense to me.
                                    When you're running down my country hoss...you're walking on the fighting side of me!

                                    FOR THE LYING LOWLIFE POSTING AS PATHFINDER...http://gfy.com/fucking-around-and-pr...athfinder.html

                                    Comment

                                    • HandballJim
                                      Confirmed User
                                      • Sep 2008
                                      • 4024

                                      #19
                                      I usually work on my web stuff on my desktop...then uplaod the files to the host. I also make a copy of my web folders once a week incase I need to upload them again. I am tempted to work live online so I can use other computers...but I am worried about something like this that happened to you. Maybe your host might have a copy of your website files from an earlier date.

                                      I do have a mainstream website that I work live online with...and if it gets hacked it will just push me to re-design it from scratch.
                                      HOW I MAKE LOTS OF $$$

                                      Comment

                                      • Billionaire
                                        So Fucking Banned
                                        • Mar 2008
                                        • 125

                                        #20
                                        Quote Details: Sun-tzu: Keep your friends close,

                                        Comment

                                        • theking
                                          Nice Kitty
                                          • Sep 2002
                                          • 21053

                                          #21
                                          Originally posted by Billionaire
                                          Quote Details: Sun-tzu: Keep your friends close,
                                          Even though I have never identified any of my sites to anyone on this board...and it is the only board that I am a member of...I suspect that one of the...dozen or so trolls that do not like my posts and...apparently me...may have some how discovered who I host with and is probably responsible...but then again there are thousands of vandals on the internet...so I just do not know who is responsible.
                                          When you're running down my country hoss...you're walking on the fighting side of me!

                                          FOR THE LYING LOWLIFE POSTING AS PATHFINDER...http://gfy.com/fucking-around-and-pr...athfinder.html

                                          Comment

                                          • bbm
                                            So Fucking Banned
                                            • Oct 2005
                                            • 3710

                                            #22
                                            fucking hackers, yes

                                            Comment

                                            • Libertine
                                              sex dwarf
                                              • May 2002
                                              • 17860

                                              #23
                                              Originally posted by raymor
                                              As an example, currently ANY PHP script
                                              will allow hackers to upload any file they want onto your server.


                                              Bullshit.
                                              /(bb|[^b]{2})/

                                              Comment

                                              • baX
                                                Too lazy to set a custom title
                                                • Mar 2006
                                                • 17911

                                                #24
                                                What kind of sites do you have/got hacked? TGPs, blogs ...?

                                                Comment

                                                • StuartD
                                                  Sofa King Band
                                                  • Jul 2002
                                                  • 29903

                                                  #25
                                                  Originally posted by theking
                                                  A question are sites written in PHP more vunerable than sites written in HTML?
                                                  Just when you think that a 'webmaster' couldn't possibly say anything any more foolish....

                                                  Originally posted by raymor
                                                  As an example, currently ANY PHP script
                                                  will allow hackers to upload any file they want onto your server.
                                                  This is me on facebook
                                                  This is me on twitter

                                                  Comment

                                                  • directfiesta
                                                    Too lazy to set a custom title
                                                    • Oct 2002
                                                    • 30135

                                                    #26
                                                    Originally posted by theking
                                                    I suspect that one of the...dozen or so trolls that do not like my posts and...apparently me...may have some how discovered who I host with and is probably responsible...
                                                    First: it is more then a " dozen " ...

                                                    Secondly: You give yourself too much importance

                                                    Last: Nobody cares about your so-called sites and nobody believes they exist ( just like the WMD ) ...

                                                    END.
                                                    I know that Asspimple is stoopid ... As he says, it is a FACT !

                                                    But I can't figure out how he can breathe or type , at the same time ....

                                                    Comment

                                                    • tonyparra
                                                      Confirmed User
                                                      • Jul 2008
                                                      • 4568

                                                      #27
                                                      Originally posted by st0ned
                                                      It is usually something simple, like leaving your .htaccess open. However there are vulnerabilities in certain scripts which would allow them access. Without more info it is really hard for us to offer input on the situation. Javascript injections?
                                                      i got fukin hacked too and it was javascript injections. some help with this please. its a bitch to go through and remove that shit.

                                                      High Performance Vps $10 Linode
                                                      Manage your Digital Ocean, Linode, or Favorite Cloud Server. Simple, fast, and secure Server Pilot

                                                      Comment

                                                      • tonyparra
                                                        Confirmed User
                                                        • Jul 2008
                                                        • 4568

                                                        #28
                                                        Originally posted by raymor
                                                        As of the latest report, something like 85% of all server hacks came through PHP.
                                                        So yes, PHP is by FAR the most likely way for your server to get hacked. Zend recognizes
                                                        this huge problem, but fixing some of the problems would make certain old code stop working,
                                                        so they can;t just fix everything immediately. The most recent version of PHP closes some
                                                        of the most obvious gigantic security holes in PHP itself, but it's still horrible. The upcoming
                                                        PHP 6 is slightly better, but still pretty bad. As an example, currently ANY PHP script
                                                        will allow hackers to upload any file they want onto your server. That's a HUGE security
                                                        hole built right into the language and there's not much that the person writing the script
                                                        can do about it. If your host runs Apache "SuExec", which several large hosts do, that's
                                                        even worse because that means all visitors to your site have the same rights to your files
                                                        that you do when you FTP. The combination is SuExec and PHP version 4.0 or less takes
                                                        down sites every day.

                                                        Add to that the one thing that everyone who likes PHP says about it - "PHP is so easy.
                                                        Anyone can write PHP, with no programming training required." Exactly. Any idiot can write
                                                        a PHP script and thousands of idiots do. If these people who have never taken a single
                                                        programming class or read a single computer science book were writing software for your
                                                        desktop, that would just mean there would be a bunch of crappy software available. But
                                                        take all this crap written by clueless people, in a braindead language, and put it on a public
                                                        web server and you have the worst computer security nightmare in history.

                                                        You've read about some of the more well known hacks, like NATS. We hear about smaller
                                                        programs being hacked a couple of week - almost always through stupid PHP scripts.

                                                        Your web host or admin can set several security related settings for PHP in the PHP
                                                        configuration file, php.ini. Setting some of these as restrictive as possible may reveal
                                                        security holes in some of your scripts, when HP refuses to execute certain parts of them.
                                                        Those scripts can be fixed. It's almost always just one or a few lines that need to be fixed
                                                        to make the script more secure, so it'll work in a more secure environment. Unless, of
                                                        course, the scriptor was dumb enough to use dozens of autoglobals spread all throughout
                                                        the code, with no central validation routine that can be used to populate them properly.
                                                        Similarly, if you're not using PHP 5 you can update first and some of the worst holes
                                                        from PHP 4 will be patched. Some scripts written for PHP 4 may have used deprecated
                                                        functions that were available, but not supposed to be used. They may have some small
                                                        problems under PHP 5, which is improved and has removed or changed some of the
                                                        worst things people could do under PHP 4.

                                                        We're also just starting to test a new service where we heck several thousand possible
                                                        security issues on your server. We make sure that it complies with the standards that
                                                        the department of defense uses for military computers. It's a pretty thorough scan which
                                                        will find a couple of dozen problems on a typical web server. However, it's brand new to
                                                        us, something we're testing. It's good enough for the military, so it's probably quite good,
                                                        but I can't make any guarantees of the quality just yet.
                                                        great, now where do i swipe my cc

                                                        High Performance Vps $10 Linode
                                                        Manage your Digital Ocean, Linode, or Favorite Cloud Server. Simple, fast, and secure Server Pilot

                                                        Comment

                                                        • sortie
                                                          Confirmed User
                                                          • Mar 2007
                                                          • 7771

                                                          #29
                                                          Originally posted by tonyparra
                                                          i got fukin hacked too and it was javascript injections. some help with this please. its a bitch to go through and remove that shit.
                                                          I've been told that those type of hacks usually come through unsecured servers.

                                                          Comment

                                                          • tonyparra
                                                            Confirmed User
                                                            • Jul 2008
                                                            • 4568

                                                            #30
                                                            Originally posted by sortie
                                                            I've been told that those type of hacks usually come through unsecured servers.
                                                            dont tell me that

                                                            High Performance Vps $10 Linode
                                                            Manage your Digital Ocean, Linode, or Favorite Cloud Server. Simple, fast, and secure Server Pilot

                                                            Comment

                                                            Working...