GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   hacking (https://gfy.com/showthread.php?t=92796)

smileygirls 12-09-2002 08:26 AM
hacking
 
Anyone know how to prevent hacking of htaccess?
We use pennywize, but many ppl I have talked to say, this is not enough. Any ideas?

JamesK 12-09-2002 08:35 AM
lol

MarcoTC 12-09-2002 08:39 AM
Most 'hackers' use stolen creditcards # and sign up via an AOL account using an address of the CC's country of origin. If they had enough of it, they post the username/pw on a password site.

People then think their site is hacked while it's not.

If you use Apache 1.23.26 (or higher) and your Linix box doesn't contain all kind of shit that have open ports (webmin etc.) and the box is normally closed with IPChains, you're pretty much done.

Pennywize should then take care of brute force password tries and multiple users logging in from different IP's with the same username and password.

smileygirls 12-09-2002 10:06 AM
Thanks. We dont have any bandwidth spurts or even problems really regarding password trading, since penny does take care of that, but I have a few members bitch and moan about how they are not trading their passes and blah blah blah.. and that the htaccess has been hacked and that their pass was just stolen...

We dont keep that info on our sites or servers, so IF these members are telling the truth, which I highly doubt, then hackers are able to find a pass here and there, that works, before penny blocks from brute force and it just happens to be one of those complaining ho's passes.

I guess I just to confirm if htaccess is replaceable with a better means of protection against this or what should I tell these guys, IF they are honest?

Should I just change their userpass once and slap em on the wrist and if it happens again, they're fucked? That is what I do now. Only if they write, which is rare. Maybe 1 a month or max 2.

JayJay 12-09-2002 12:20 PM
Quote:
Originally posted by MarcoTC
Most 'hackers' use stolen creditcards # and sign up via an AOL account using an address of the CC's country of origin. If they had enough of it, they post the username/pw on a password site.

People then think their site is hacked while it's not.

If you use Apache 1.23.26 (or higher) and your Linix box doesn't contain all kind of shit that have open ports (webmin etc.) and the box is normally closed with IPChains, you're pretty much done.

Pennywize should then take care of brute force password tries and multiple users logging in from different IP's with the same username and password.
your wrong dick wad
If they used a stolen CC then there not a hacker

Simon-interaid 12-09-2002 01:09 PM
Smiley,


Make sure your .htaccess file and .htpasswd are not in the same directory.



And the directory you put your .htpasswd in or whatever the password database is called, is not in a web viewable directory.



Put it above the public_html or whatever your home directory is.
so if you have this:

/home/smiley/public_html ---> which shows the content of smiley.com lets say...

and your protecting /home/smiley/public_html/members

and you have .htaccess in the /home/smiley/public_html/members


make sure you put your .htpasswd somewhere like this
/home/smiley/db/.htpasswd

or a directory like that which you can't access through the browser by typing in a url.


and than have your .htaccess point to /home/smiley/db/.htpasswd
for its password database.


Hope this helps. :glugglug

MarcoTC 12-09-2002 03:39 PM
Quote:
Originally posted by JayJay


your wrong dick wad
If they used a stolen CC then there not a hacker
read moron.
:sleep


All times are GMT -7. The time now is 09:25 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123