guild website hack
Moderator: Shaman Mods
5 posts
• Page 1 of 1
by ophidion » Sun Jan 29, 2006 2:41 pm
Same thing happened to my old guild on Vazaelle (I refuse to call it MS, sorry). They changed it to some turkish gobbledegook so the front page was taken down.
"I am your brain damaged brother that you never knew. Call me today or I'll kill somebody."
[NO VIDEO GAMES FOR OIL]
[NO VIDEO GAMES FOR OIL]
- ophidion
-
- Posts: 226
- Joined: Sun Sep 04, 2005 4:53 am
- Server: Vazaelle (Maelin Starpyre is Trash)
by Tekno » Sun Jan 29, 2006 11:34 pm
There are various ways to achieve such a goal, ranging from cross site script attacks (XSS), insecured SQL injections, Union attacks, Script attacks, etc etc.
I run our guilds website, and we get upwards of 10 of these attempted attacks per month ....
After a sucessful attack, if you do not find the injection that the hacker used to get access to Admin passwords, they can continue to get in that way (that is, if you backup your database with the SQL injection used, and restore from that backup, the Hacker still has access) ...
So alot of the time all that can be done is to flush the database and start over with a more secure website ...
Keeping up with software updates is also a big part of it ... most of the time messageboards like phpBB, etc release software patches before sucessful attack methods become too mainstream ....
I won't go into full details, but one of the most secure Website Management packages (RavenNUKE 76 v2.02.00 FULL) can be downloaded, installed and used for free from the RavenScript site
Keep in mind, nothing it 100% secure .... if a hacker wants to get in badly enough, they will always be able to find a way ....
I am happy to answer any subject on the matter of security if your sites webmaster would like to PM me here, or email me at: tekno@cold-fury.net ...
Tek
I run our guilds website, and we get upwards of 10 of these attempted attacks per month ....
After a sucessful attack, if you do not find the injection that the hacker used to get access to Admin passwords, they can continue to get in that way (that is, if you backup your database with the SQL injection used, and restore from that backup, the Hacker still has access) ...
So alot of the time all that can be done is to flush the database and start over with a more secure website ...
Keeping up with software updates is also a big part of it ... most of the time messageboards like phpBB, etc release software patches before sucessful attack methods become too mainstream ....
I won't go into full details, but one of the most secure Website Management packages (RavenNUKE 76 v2.02.00 FULL) can be downloaded, installed and used for free from the RavenScript site
Keep in mind, nothing it 100% secure .... if a hacker wants to get in badly enough, they will always be able to find a way ....
I am happy to answer any subject on the matter of security if your sites webmaster would like to PM me here, or email me at: tekno@cold-fury.net ...
Tek
<center></center>
<center>of on the Tribunal Server</center>
<center>of on the Tribunal Server</center>
- Tekno
- Posts: 127
- Joined: Wed Jul 27, 2005 11:35 pm
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 15 guests