PlayJazzGuitar.com Forum Index PlayJazzGuitar.com Forum
Jazz Guitar Discussion
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Damn Hackers!!

 
Post new topic   Reply to topic    PlayJazzGuitar.com Forum Index -> Information & Announcements
View previous topic :: View next topic  
Author Message
PlayJazzGuitar



Joined: 11 Feb 2004
Posts: 114
Location: Los Angeles, CA

PostPosted: Mon Dec 12, 2005 1:46 am    Post subject: Damn Hackers!! Reply with quote

I'm sure many of you found out this forum got hacked. I'm still fixing a few things but things should be back to normal fairly soon... Rolling Eyes

Chris
_________________
http://www.playjazzguitar.com
Back to top
View user's profile Send private message Visit poster's website
PaulD



Joined: 18 Sep 2004
Posts: 1129
Location: Chicago

PostPosted: Mon Dec 12, 2005 2:16 am    Post subject: Reply with quote

Glad to have the forum back Cool Cool

Why do people do that??

Paul
Back to top
View user's profile Send private message
draqza



Joined: 28 Dec 2004
Posts: 205

PostPosted: Mon Dec 12, 2005 3:17 am    Post subject: Reply with quote

Yeah, it was so weird, I think I'd just posted a response and then like 5 minutes later I clicked back out to the index to check for new posts, and got the "defaced" page instead.
Back to top
View user's profile Send private message Visit poster's website AIM Address
Gorecki
Site Admin


Joined: 06 Oct 2005
Posts: 62518
Location: Davis, CA

PostPosted: Mon Dec 12, 2005 1:37 pm    Post subject: Reply with quote

PHP Fact of reality, this board will probably get hit again sooner or later because of it. Freeware has it's price! Wink
Back to top
View user's profile Send private message Visit poster's website
alfonso



Joined: 25 May 2005
Posts: 1258
Location: Sacramento

PostPosted: Mon Dec 12, 2005 3:00 pm    Post subject: Reply with quote

The hacker most likely did what he/she did just to read about what we're talking about right now. Sick shit needs to start playin' jazz guitar or get a life...
Back to top
View user's profile Send private message
dkaplowitz



Joined: 28 Apr 2005
Posts: 193

PostPosted: Sat Dec 17, 2005 11:42 pm    Post subject: Reply with quote

Gorecki wrote:
PHP Fact of reality, this board will probably get hit again sooner or later because of it. Freeware has it's price! Wink

Why would you blame an unpatched installation of PHPBB on PHP or "freeware"? That would be like saying Microsoft's security issues (of which there are many more) are the fault of the C++ programming language in which it was written.

Anyway, I'm glad the board recovered from the attack. Damn script kiddies really get annoying with those automated exploits!

Cheers,

Dave
Back to top
View user's profile Send private message
Gorecki
Site Admin


Joined: 06 Oct 2005
Posts: 62518
Location: Davis, CA

PostPosted: Sun Mar 05, 2006 5:10 pm    Post subject: Reply with quote

Resurrecting this thread because I never answered.

This site is locked down pretty tight now but PHP in general has about 2500 outstanding security holes and a vast majority of orginizations I work with won't even allow it.

The example you gave "C++" is a great contrasting example. C++ is a compiled binary environment, what it does can't be modified. PHP is an 'interpreted' language meaning the interpreter reads the code at runtime and has these security holes not necessarily the language.

Just thought I'd answer that. Wink
Back to top
View user's profile Send private message Visit poster's website
dkaplowitz



Joined: 28 Apr 2005
Posts: 193

PostPosted: Sun Mar 05, 2006 9:28 pm    Post subject: Reply with quote

Gorecki wrote:
The example you gave "C++" is a great contrasting example. C++ is a compiled binary environment, what it does can't be modified. PHP is an 'interpreted' language meaning the interpreter reads the code at runtime and has these security holes not necessarily the language.

Just thought I'd answer that. Wink


Good point. Maybe mine was not the best direct analogy. I should have said "...is like blaming your virus scanner for getting the I Love You virus on a computer that has never had its virus definitions updated." Or something along those lines.

I still maintain that PHP, though admittedly not designed with security in mind, is not as insecure as many of its implementations. For instance, would your fix for the hack have been enough if you'd just installed the latest PHP, or did you have to update PHPBB? I find it's less to do with the PHP version being run as it is a matter of changing something like "register globals" to off in the php.ini and updating the way PHPBB allows file uploads, etc. (usually by updating PHPBB). Regardless, running an unpatched PHP/MySQL CMS like PHPBB is just asking for trouble. I did it and I got hacked. Lesson learned. Apparently this site learned it that way too. Wink
Back to top
View user's profile Send private message
Gorecki
Site Admin


Joined: 06 Oct 2005
Posts: 62518
Location: Davis, CA

PostPosted: Sun Mar 05, 2006 9:55 pm    Post subject: Reply with quote

dkaplowitz wrote:

Good point. Maybe mine was not the best direct analogy. I should have said "...is like blaming your virus scanner for getting the I Love You virus on a computer that has never had its virus definitions updated." Or something along those lines.

I still maintain that PHP, though admittedly not designed with security in mind, is not as insecure as many of its implementations. For instance, would your fix for the hack have been enough if you'd just installed the latest PHP, or did you have to update PHPBB? I find it's less to do with the PHP version being run as it is a matter of changing something like "register globals" to off in the php.ini and updating the way PHPBB allows file uploads, etc. (usually by updating PHPBB). Regardless, running an unpatched PHP/MySQL CMS like PHPBB is just asking for trouble. I did it and I got hacked. Lesson learned. Apparently this site learned it that way too. Wink


Naw, your right, I don't think it's that bad. But it's not as secure as things I have to deal with need to be but when it came to the trouble here, it was phpBB. File system beyond that is the biggest issue and I think we're good here. Wink
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    PlayJazzGuitar.com Forum Index -> Information & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group