hacker.org Forum Index
RegisterSearchFAQMemberlistUsergroupsLog in
Server hacked
Goto page 1, 2, 3, 4, 5, 6, 7, 8  Next
 
Reply to topic    hacker.org Forum Index » The Hacker's Server View previous topic
View next topic
Server hacked
Author Message
adum



Joined: 19 Apr 2007
Posts: 391

Post Server hacked Reply with quote
as you probably noticed, hacker.org was hacked last weekend. oh, the irony! Smile

truth to be told, we hadn't spent much effort in securing the site. which was a little foolish.

as well as defacing the site, somebody dumped the user table with names and passwords. we use the phpbb2 reg system here, and i guess they don't salt their passwords, which is unfortunate. any password that is short or based on a dictionary word has probably been reversed at this time. therefore, it's very important to change your password to something robust, and if you used the same password on any other site or email account to change that too. sorry for any trouble.

i've spent some time closing out all the SQL injection points i could think of, but in case i missed something, if you happen to notice it please drop me a PM.
Wed Mar 04, 2009 11:45 pm View user's profile Send private message Visit poster's website
PaRaDoX



Joined: 22 Aug 2008
Posts: 708
Location: In your fridge, waiting to pop out and scare you.

Post Reply with quote
lol yea, we'd just "notice an un-sterilized form: :3

_________________


~You are a glitch in my reasoning.
Thu Mar 05, 2009 1:04 am View user's profile Send private message
plope0726



Joined: 15 Dec 2008
Posts: 826

Post Reply with quote
Laughing
Thu Mar 05, 2009 1:24 am View user's profile Send private message
S3th



Joined: 11 Sep 2008
Posts: 411

Post Reply with quote
Eh, My password was made up of Lower and uppercase, with numbers. sorta like
LiK3sH1HwN <Example.
And even if someone wanted to crack my account...Woopdie do, I created a new email address upon signing up here, so it wouldn't get far.

_________________
See through the master
Become the master
Thu Mar 05, 2009 6:36 am View user's profile Send private message
theStack



Joined: 02 Nov 2008
Posts: 72

Post Reply with quote
Well, I'm glad the site is back again, my apprehensions were that the bad guy destroyed the database and there were never made any backups of hacker.org.
Anyway, I noticed the system for the HVM challenges seems to be broken since the evil 0wnage:
Quote:

Parse error: syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or '}' in /home/.mazie/hacker_apache/html/hacker/html/hvm/hvmchallenge.php on line 3

adum, could you fix that please? Smile
Thu Mar 05, 2009 6:53 am View user's profile Send private message
DanielG



Joined: 13 Nov 2008
Posts: 30

Post Reply with quote
Also, the SVG version of the map isn't working.

Quote:
Warning: domdocument() expects at least 1 parameter, 0 given in /home/.mazie/hacker_apache/html/hacker/html/challenge/svg/mapsvg.php on line 31

Fatal error: Call to undefined function: loadxml() in /home/.mazie/hacker_apache/html/hacker/html/challenge/svg/mapsvg.php on line 34

Thu Mar 05, 2009 8:21 am View user's profile Send private message
teebee



Joined: 10 Nov 2008
Posts: 89
Location: Germany

Post Reply with quote
Moreover, the system for the SuperHack challenges is broken:
Quote:
Parse error: syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or '}' in /home/.mazie/hacker_apache/html/hacker/html/sh/shack.php on line 3

and the php source of the SuperHack vm is not available at http://www.hacker.org/sh/shphp.phps.
Thu Mar 05, 2009 8:32 am View user's profile Send private message
adum



Joined: 19 Apr 2007
Posts: 391

Post Reply with quote
i'll fix all that stuff soon... thanks
Thu Mar 05, 2009 9:25 am View user's profile Send private message Visit poster's website
Codux



Joined: 20 Nov 2008
Posts: 1
Location: IN Germany

Post Reply with quote
Just a notice: Since the incident (i. e. since the hashes (and email) list is online) users might get bulk mail on the used mail address (I do). Only because of that I noticed that somthing is not ok (I was quite inactive the last time Wink ).
I hope you haven't lost the fun on running the site!

_________________
C | Chaotic
O | Organized
D | Destructive
U | Unbelieveable
X | eXtreme
——
@milw0rm You didn't own my password… Bread is able to mould. What ability do you have? :ţ
Thu Mar 05, 2009 10:56 am View user's profile Send private message
Defil3d



Joined: 05 Mar 2009
Posts: 4

Post Sup Reply with quote
Hello, I'm new to this site and since I saw that a hacking site just got hacked...All I can say is lol
Thu Mar 05, 2009 10:58 pm View user's profile Send private message MSN Messenger
PaRaDoX



Joined: 22 Aug 2008
Posts: 708
Location: In your fridge, waiting to pop out and scare you.

Post Re: Sup Reply with quote
Defil3d wrote:
Hello, I'm new to this site and since I saw that a hacking site just got hacked...All I can say is lol


I wouldn't laugh, go start up a site of your own and watch what happens in like the first 2 days. (shitty free sites don't count, I mean one where you have to do the security, smartass)

_________________


~You are a glitch in my reasoning.
Fri Mar 06, 2009 1:57 am View user's profile Send private message
Mr_K_13



Joined: 16 Apr 2008
Posts: 1
Location: Australia

Post Reply with quote
Quite unfortunate, I hope all is fixed soon. =)
Fri Mar 06, 2009 3:38 am View user's profile Send private message
the_impaler



Joined: 30 Apr 2008
Posts: 61

Post Reply with quote
Please let us know when it's safe to change password back to 6 stars.
The stickies are not holding for long
On the other positive side - the only email I got so far was that I just inherited $13,000,000. I didn't know that adum was so rich. Wink

cheers,
Fri Mar 06, 2009 4:11 am View user's profile Send private message
m!nus



Joined: 28 Jul 2007
Posts: 202
Location: Germany

Post Reply with quote
58.4% of the passwords got cracked

the news is even on heise.de: http://www.heise.de/security/Nutzerpasswoerter-fuer-Raetselseite-hacker-org-veroeffentlicht--/news/meldung/134052 (german)

maybe it's time for a new era on hacker.org, make it open source, so everyone can find vulnerabilities and let you fix them. Smile


btw, how exactly did they get in the system, vulnerabilities in the challenge system or in the forum?
Fri Mar 06, 2009 9:44 am View user's profile Send private message
S3th



Joined: 11 Sep 2008
Posts: 411

Post Reply with quote
"About the circumstances of the burglary, the operator is almost no information."
What happened adum. ;3

_________________
See through the master
Become the master
Fri Mar 06, 2009 10:09 am View user's profile Send private message
Display posts from previous:    
Reply to topic    hacker.org Forum Index » The Hacker's Server All times are GMT
Goto page 1, 2, 3, 4, 5, 6, 7, 8  Next
Page 1 of 8

 
Jump to: 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Design by Freestyle XL / Flowers Online.