Author Topic: Unauthorized Update  (Read 8101 times)

0 Members and 1 Guest are viewing this topic.

Offline Mobius

  • Back where he started
  • 213
  • Porto l'azzurro Dolce Stil Novo nella fantascienza
    • Skype
    • Twitter
    • The Lightblue Ribbon | Cultural Project
Well, wait until BlackDove comes back.
The Lightblue Ribbon

Inferno: Nostos - Alliance
Series Resurrecta: {{FS Wiki Portal}} -  Gehenna's Gate - The Spirit of Ptah - Serendipity (WIP) - <REDACTED> (WIP)
FreeSpace Campaign Restoration Project
A tribute to FreeSpace in my book: Riflessioni dall'Infinito
My interviews: [ 1 ] - [ 2 ] - [ 3 ]

 

Offline rev_posix

  • Administrator
  • 213
  • I have the password to your shell account...
    • Trials and Tribulations
What can we do about it?
I would say that what 'you' (defining you as a forum member without r00t or whatever access to the main site/machine/whatever) can do is make sure that whoever is the one in charge of a hosted site keeps the software used on the site up to date and writes/uses code that isn't known to have as many holes in it as a mafia informant.

Keeping a hosting machine running and secure is difficult enough.  Add in sites that run on said machine that are not secure just adds to the headache, especially if the site is exploited and lands the entire machine on a blacklist.

Remember kids, always wear your digital wellies when going out to The Internet, it's dirty out there!
--
POSIX is fine, as is Rev or RP

"Although generally it is considered a no no to disagree with a mod since it's pretty much equivalent to kicking an unpaid janitor in the nuts while he's busy cleaning up somebody elses vomit and then telling them how bad they are at cleaning it up cause you can smell it down the hall." - Dennis, Home Improvement Moderator @ DSL Reports

"wow, some people are thick and clearly can't think for themselves - the solution is to remove warning labels from poisons."

 

Offline IceFire

  • GTVI Section 3
  • Moderator
  • 212
    • http://www.3dap.com/hlp/hosted/ce
I don't even know if I have the FTP passwords anymore... just saw this pop up on the threads list.  If I do have access is there anything I can do?
- IceFire
BlackWater Ops, Cold Element
"Burn the land, boil the sea, you can't take the sky from me..."

 
This was not an FTP issue, nor was it the same issue that occurred last time.  Last time it was the FTP that was compromised, whereas this time it would appear to have been the small administration tool I wrote to allow BlackDove to update the website without having to trawl through and manually edit HTML files to do so.

There are a couple of fairly obvious reasons why this could have happened having thought about it, the main one of which is realistically down to my naivety when I originally set this up.  That has hopefully now been corrected - though I am obviously not going to detail here what has been changed, since the hacker himself has obviously been reading this thread.

On the point of contacting him, I'm not really in favour of the idea of legitimising what hackers do by going to them cap in hand and begging for tips.  Whether some may claim "a hacker with morals" or not (something which, incidentally, I believe to be fairly preposterous as a concept in itself), all doing so achieves is the sending out of a "thanks for hacking our site" message.  I would also suggest that it would make it more likely that the hacker would try out other hosted sites under the guise of "helping".  If others want to contact him though (or indeed, already have), then that's their decision to make.

Finally, apologies for the late reply to this thread.  I do not frequent this forum often, and have not been around even moreso than usual over the last several weeks as I have been in the process of rebuilding my machine from both a hardware and software perspective.  I'll try and keep half an eye here more often from now on.