Hard Light Productions Forums
Archived Boards => The Archive => Blackwater Operations => Topic started by: Trivial Psychic on March 13, 2011, 07:59:31 am
-
Ah, don't look now, but it appears as though there is an unauthorized update to your website... from yesterday.
-
nullbyt3 was here.
>12/03/2011 | IceFire
nullbyt3 was here. You website is vulnerable to multiple exploits. Please address these problems.
[email protected]
Development Team
Bobboau - Chief model designer, MOD manager
Kellan - Mission designer and story creator (absent)
ShadowWolf - Mission designer
Alikchi - Mission designer
nullbyt3 - New Team leader
http://www.safe-mail.net/
Safe-mail is the most secure, easy to use communication system. It includes encrypted mail system with collaboration features and document storage functions. Always accessible at any time from anywhere!
3 Mb space is free. More space and functionality is supplied under Premium Packages. There are no advertisements, downloads or cookies. Safe-mail supports most hardware platforms and any operating system. Includes file storage, spam filters and anti virus protection. Full compatibility with most browsers, email clients and all relevant protocols including POP, SMTP, IMAP, S/MIME and PKI.
??? I sure hope nothing else was done.
-
My avast found a virus in your gallery section! o__O
-
Pehaps he's a guy from that safe-mail trying to convince you to improve your security (by using their E-mail system and paying for premium packgages, of course).
Or maybe somebody who wanted a challenge and once he was done, just wanted to be helpfull.
Anyway, updates on BWO site are always welcome, though unfortunately, there's no info on progress in there. :)
-
Yeah, I know you have amazing assets but you showed only old outdated screenshots and low poly models :(. We want more :D!
-
Hacked again? Seriously. :no: Whoever is doing your websites should probably learn something about security.
-
nullbyt3 here.
Just letting you know that, no I didn't add any malicious content to your site, nor did I modify content in a malicious manner.. Thats not my thing. I was simply showing you how easy it is to get Administrator access on\f your site and if I can do it a skid won't be far behind trying to upload his index.
I left the email in the event you wanted advice on how to secure your site. Obviously whoever is doing it is doing a bad job. As far as how I got in? I don't remember exactly? I break a lot of sites security to leave messages like that to help Web Administrators like yourselves, but in the past few days I have used SQL injection(Full Blind, Double Query, and basic), Symlink attacks, XSS, and one unpublished php code injection(via Perl) attack.
I don't deface or ruin sites because I'm not a script kiddie. I left the email for you to contact me in the event you actually "want" to find out the problem and need a fix that will work. Safe-mail is just an email provider that encrypts emails between safe-mail users.
If you email me the site link I will give you more input on how I got in and how to stop the next guy from getting in. Oh, and as far as Avast detecting a virus, Avast has probably flagged some php code in an image or a php shell as a virus. There was NO malicious content that could infect users visiting your site.
-
So.... what are you selling, and for how much?
-
Hey, cool! An internet vigilante! Can I have your autograph, sir? :cool:
-
nullbyt3 here.
Just letting you know that, no I didn't add any malicious content to your site, nor did I modify content in a malicious manner.. Thats not my thing. I was simply showing you how easy it is to get Administrator access on\f your site and if I can do it a skid won't be far behind trying to upload his index.
I left the email in the event you wanted advice on how to secure your site. Obviously whoever is doing it is doing a bad job. As far as how I got in? I don't remember exactly? I break a lot of sites security to leave messages like that to help Web Administrators like yourselves, but in the past few days I have used SQL injection(Full Blind, Double Query, and basic), Symlink attacks, XSS, and one unpublished php code injection(via Perl) attack.
I don't deface or ruin sites because I'm not a script kiddie. I left the email for you to contact me in the event you actually "want" to find out the problem and need a fix that will work. Safe-mail is just an email provider that encrypts emails between safe-mail users.
If you email me the site link I will give you more input on how I got in and how to stop the next guy from getting in. Oh, and as far as Avast detecting a virus, Avast has probably flagged some php code in an image or a php shell as a virus. There was NO malicious content that could infect users visiting your site.
But then why hack the site instead of posting about it here?
-
Cause it would have made his point so much less viable !
-
Cause it would have made his point so much less viable !
^^Exactly!
That , and its more the fact that I didn't know that this community existed until I read the above posts yesterday. I didn't deface it or delete anything so the site itself is fine, but I hope the owner takes the time to secure it before some kids come along and ruin it just for fun. Again, if you need any help securing your DB/Website you have my safe-mail addy.
And no, I'm not trying to sell anything. I have ethics. Peace and Good luck.
-
Does this mean that the other projects' websites are equally vulnerable?
-
Mmmm yeah.
I think we should do something about our security.
I mean, its not the first time its been hacked either :P
-
A hacker with morals!
Unusual, but quite welcome :)
-
Mmmm yeah.
I think we should do something about our security.
I mean, its not the first time its been hacked either :P
What can we do about it?
-
You, nothing. The admins are looking into it.
-
That is incorrect. Admins cannot do anything about hosted project sites that have security issues. Unless of course, you want to examine and fix hosted project sites security yourself. Unlikely to happen, isn't it?
The more complex a site is, the more likely is it that you may have security problem or few. The BWO/CE website uses php and mysql, making it far more vulnerable to exploits than standard basic html. But it is possible to have exploits even in basic html, though these are rare.
What admins have control over is server-wide security, namely that of apache, php and mysql. Security updates to any and all packages are handled automatically. While I can never be 100% sure, I'm quite confident settings of apache, php and mysql are secure enough without compromising php compatibility. Improvements can be done via 3rd party tools, such as mod_security. Last time mod_security was installed it caused problems with SMF though.
Case in point, if the server had exploitable security holes, I'm pretty sure the mainpage, forums or wiki would have been victimized many times already instead of some random hosted project site that's obscure even among hosted projects. Still, it doesn't hurt to contact this guy and confirm what security exploit was used, if nothing else at least that gives yet another lesson of security to whoever is coding BWO website.
-
Well, I meant "you" as in Mobius specifically, but reading his question again that wasn't quite fair to him because he did ask the question using "we".
Anyway, we are in contact with nullbyt3 and he has given us some useful information about how the site is vulnerable. We will shortly be in contact with the BWO staff.
(Incidentally, who is in charge of website design on the BWO site, and why hasn't he posted on this thread yet?)
-
(Incidentally, who is in charge of website design on the BWO site, and why hasn't he posted on this thread yet?)
Given the age of the CE website maybe they've left. :P
-
Well, wait until BlackDove comes back.
-
What can we do about it?
I would say that what 'you' (defining you as a forum member without r00t or whatever access to the main site/machine/whatever) can do is make sure that whoever is the one in charge of a hosted site keeps the software used on the site up to date and writes/uses code that isn't known to have as many holes in it as a mafia informant.
Keeping a hosting machine running and secure is difficult enough. Add in sites that run on said machine that are not secure just adds to the headache, especially if the site is exploited and lands the entire machine on a blacklist.
Remember kids, always wear your digital wellies when going out to The Internet, it's dirty out there!
-
I don't even know if I have the FTP passwords anymore... just saw this pop up on the threads list. If I do have access is there anything I can do?
-
This was not an FTP issue, nor was it the same issue that occurred last time. Last time it was the FTP that was compromised, whereas this time it would appear to have been the small administration tool I wrote to allow BlackDove to update the website without having to trawl through and manually edit HTML files to do so.
There are a couple of fairly obvious reasons why this could have happened having thought about it, the main one of which is realistically down to my naivety when I originally set this up. That has hopefully now been corrected - though I am obviously not going to detail here what has been changed, since the hacker himself has obviously been reading this thread.
On the point of contacting him, I'm not really in favour of the idea of legitimising what hackers do by going to them cap in hand and begging for tips. Whether some may claim "a hacker with morals" or not (something which, incidentally, I believe to be fairly preposterous as a concept in itself), all doing so achieves is the sending out of a "thanks for hacking our site" message. I would also suggest that it would make it more likely that the hacker would try out other hosted sites under the guise of "helping". If others want to contact him though (or indeed, already have), then that's their decision to make.
Finally, apologies for the late reply to this thread. I do not frequent this forum often, and have not been around even moreso than usual over the last several weeks as I have been in the process of rebuilding my machine from both a hardware and software perspective. I'll try and keep half an eye here more often from now on.