Hard Light Productions Forums
Off-Topic Discussion => General Discussion => Topic started by: an0n on November 05, 2004, 09:00:21 am
-
Got any?
PHP version, MySQL version, bandwidth usage, space usage?
There used to be a phpinfo file some fool left on from the forum installation, but that's apparently been removed.
-
Ha ha.
-
Yes, yes - it's all fun and games till I have to poke out somebody's eye.
It's not like I can't find out. It's just a pain in the ass for me to do so and thus infintely more likely to make me Hulk-angry.
-
At least this time we know who's behind next downtime...
-
Thanks to a small bug in ProFTPd 1.2.10 (upon which GS operates) it's possible to determine valid and invalid usernames.
Now, the fix that's out is described as a "band aid" and, being professionals, I doubt the GS admins would be inclined to slap a half-assed patch onto the server.
So, knowing valid usernames, it may be possible to simply brute-force into the FTP using a dictionary list of popular gamer words and phrases and a sequential number inserter.
And given the general ignorance of site-admins like Virtu, it wouldn't take long to get a bite and onto the server even using a relatively slow attempt frequency across the various valid usernames (IE, without sending up red flags).
From there it's just a case of uploading the server info php file that comes with vBulletin and going to the URL with a browser.
This is all based on a glance at the bug info, mind.