Fucking hackers

[theking]

...got to me...on every site I had...and affected me in a bad way with google. My host told me that I would have to download everything from my host and go through it all to find the problem/problems. I am in the process of doing this but it is a real time consuming process and will probably take me a month or more and in the meantime all of my sites are dead. In addition they told me to change my password on my account.

A question are sites written in PHP more vunerable than sites written in HTML? I assume that there is not anyway to stop hackers but what is the state of the art way to make it more difficult for them?

[HorseShit]

What exactly is the matter with your brain?

[d-null]

I've lost ALOT of google trust on some domains in the past due to hackers, it is an extreme piss off

[marketsmart]

Quote:

Originally Posted by theking

but what is the state of the art way to make it more difficult for them?

keep them out of your server to begin with...

meaning that if you dont know what you are doing then make sure your host does..

[mmcfadden]

Quote:

Originally Posted by Justin

What exactly is the matter with your brain?

give him some comfort man... jeez

i just lost my google revenue and decided that anyone that fucks with me will get a serious ass beating....

i still don't have my google ranking but i do feel better ;)

[st0ned]

It is usually something simple, like leaving your .htaccess open. However there are vulnerabilities in certain scripts which would allow them access. Without more info it is really hard for us to offer input on the situation. Javascript injections?

[theking]

Quote:

Originally Posted by marketsmart

keep them out of your server to begin with...

meaning that if you dont know what you are doing then make sure your host does..

That seems to be an impossibility as large companies get hacked, the government gets hacked.

[d-null]

I've heard of situations where one customer on a shared server runs a vulnerable script can put all of the customers on that server at risk

[marketsmart]

Quote:

Originally Posted by theking

That seems to be an impossibility as large companies get hacked, the government gets hacked.

thats like saying "people rob houses, so why bother locking the door"..

you can keep out the majority of the script kiddies and low level hackers with some basic security..

most hosts are complacent when it comes to security, but some actually work hard to keep their networks and customers servers secure..

i am willing to bet that your server was hacked because it was not maintained on a consistent basis..

[Platinumpimp]

Quote:

Originally Posted by d-null

I've lost ALOT of google trust on some domains in the past due to hackers, it is an extreme piss off

But at the end of the day they are still nerds behind their computers, with only an online life.

[sortie]

Quote:

Originally Posted by theking

...got to me...on every site I had...and affected me in a bad way with google. My host told me that I would have to download everything from my host and go through it all to find the problem/problems. I am in the process of doing this but it is a real time consuming process and will probably take me a month or more and in the meantime all of my sites are dead. In addition they told me to change my password on my account.

A question are sites written in PHP more vunerable than sites written in HTML? I assume that there is not anyway to stop hackers but what is the state of the art way to make it more difficult for them?

Where are you hosted?

[ProG]

what did the hackers do? I've seen them modify templates and such with iframes/embeds, just curious what they did to you

[seeandsee]

Quote:

Originally Posted by theking

...got to me...on every site I had...and affected me in a bad way with google. My host told me that I would have to download everything from my host and go through it all to find the problem/problems. I am in the process of doing this but it is a real time consuming process and will probably take me a month or more and in the meantime all of my sites are dead. In addition they told me to change my password on my account.

A question are sites written in PHP more vunerable than sites written in HTML? I assume that there is not anyway to stop hackers but what is the state of the art way to make it more difficult for them?

html is hackers problem :D

[niche25]

Your host sounds special... "your fucked, good luck and change your password!"

Good luck. I'm not sure what it could be if your sites are completely down and you have to download your sites to find out what's wrong... doesn't make much sense.

Most hackers drop iframe or javascript on sites but hackers usually want the site up and running - not down.

[directfiesta]

Quote:

Originally Posted by niche25

Most hackers drop iframe or javascript on sites but hackers usually want the site up and running - not down.

Those are thieves....

Real hackers are using your site(s) like a wall to paint graffitis.

I could put a link here of advanced advertized defacing from a group with the word " zone " in it 's name ... but I wont.

They list 100's of sites defaced, erased evey single day. They even have some vids of it on utube and were interviewed ( masked ) by major TV network.

It is a sport to them

[raymor]

Quote:

Originally Posted by theking

A question are sites written in PHP more vunerable than sites written in HTML? I assume that there is not anyway to stop hackers but what is the state of the art way to make it more difficult for them?

As of the latest report, something like 85% of all server hacks came through PHP.
So yes, PHP is by FAR the most likely way for your server to get hacked. Zend recognizes
this huge problem, but fixing some of the problems would make certain old code stop working,
so they can;t just fix everything immediately. The most recent version of PHP closes some
of the most obvious gigantic security holes in PHP itself, but it's still horrible. The upcoming
PHP 6 is slightly better, but still pretty bad. As an example, currently ANY PHP script
will allow hackers to upload any file they want onto your server. That's a HUGE security
hole built right into the language and there's not much that the person writing the script
can do about it. If your host runs Apache "SuExec", which several large hosts do, that's
even worse because that means all visitors to your site have the same rights to your files
that you do when you FTP. The combination is SuExec and PHP version 4.0 or less takes
down sites every day.

Add to that the one thing that everyone who likes PHP says about it - "PHP is so easy.
Anyone can write PHP, with no programming training required." Exactly. Any idiot can write
a PHP script and thousands of idiots do. If these people who have never taken a single
programming class or read a single computer science book were writing software for your
desktop, that would just mean there would be a bunch of crappy software available. But
take all this crap written by clueless people, in a braindead language, and put it on a public
web server and you have the worst computer security nightmare in history.

You've read about some of the more well known hacks, like NATS. We hear about smaller
programs being hacked a couple of week - almost always through stupid PHP scripts.

Your web host or admin can set several security related settings for PHP in the PHP
configuration file, php.ini. Setting some of these as restrictive as possible may reveal
security holes in some of your scripts, when HP refuses to execute certain parts of them.
Those scripts can be fixed. It's almost always just one or a few lines that need to be fixed
to make the script more secure, so it'll work in a more secure environment. Unless, of
course, the scriptor was dumb enough to use dozens of autoglobals spread all throughout
the code, with no central validation routine that can be used to populate them properly.
Similarly, if you're not using PHP 5 you can update first and some of the worst holes
from PHP 4 will be patched. Some scripts written for PHP 4 may have used deprecated
functions that were available, but not supposed to be used. They may have some small
problems under PHP 5, which is improved and has removed or changed some of the
worst things people could do under PHP 4.

We're also just starting to test a new service where we heck several thousand possible
security issues on your server. We make sure that it complies with the standards that
the department of defense uses for military computers. It's a pretty thorough scan which
will find a couple of dozen problems on a typical web server. However, it's brand new to
us, something we're testing. It's good enough for the military, so it's probably quite good,
but I can't make any guarantees of the quality just yet.

[sortie]

Quote:

Originally Posted by raymor

As of the latest report, something like 85% of all server hacks came through PHP.
So yes, PHP is by FAR the most likely way for your server to get hacked. Zend recognizes
this huge problem, but fixing some of the problems would make certain old code stop working,
so they can;t just fix everything immediately. The most recent version of PHP closes some
of the most obvious gigantic security holes in PHP itself, but it's still horrible. The upcoming
PHP 6 is slightly better, but still pretty bad. As an example, currently ANY PHP script
will allow hackers to upload any file they want onto your server. That's a HUGE security
hole built right into the language and there's not much that the person writing the script
can do about it. If your host runs Apache "SuExec", which several large hosts do, that's
even worse because that means all visitors to your site have the same rights to your files
that you do when you FTP. The combination is SuExec and PHP version 4.0 or less takes
down sites every day.

Add to that the one thing that everyone who likes PHP says about it - "PHP is so easy.
Anyone can write PHP, with no programming training required." Exactly. Any idiot can write
a PHP script and thousands of idiots do. If these people who have never taken a single
programming class or read a single computer science book were writing software for your
desktop, that would just mean there would be a bunch of crappy software available. But
take all this crap written by clueless people, in a braindead language, and put it on a public
web server and you have the worst computer security nightmare in history.

You've read about some of the more well known hacks, like NATS. We hear about smaller
programs being hacked a couple of week - almost always through stupid PHP scripts.

Your web host or admin can set several security related settings for PHP in the PHP
configuration file, php.ini. Setting some of these as restrictive as possible may reveal
security holes in some of your scripts, when HP refuses to execute certain parts of them.
Those scripts can be fixed. It's almost always just one or a few lines that need to be fixed
to make the script more secure, so it'll work in a more secure environment. Unless, of
course, the scriptor was dumb enough to use dozens of autoglobals spread all throughout
the code, with no central validation routine that can be used to populate them properly.
Similarly, if you're not using PHP 5 you can update first and some of the worst holes
from PHP 4 will be patched. Some scripts written for PHP 4 may have used deprecated
functions that were available, but not supposed to be used. They may have some small
problems under PHP 5, which is improved and has removed or changed some of the
worst things people could do under PHP 4.

We're also just starting to test a new service where we heck several thousand possible
security issues on your server. We make sure that it complies with the standards that
the department of defense uses for military computers. It's a pretty thorough scan which
will find a couple of dozen problems on a typical web server. However, it's brand new to
us, something we're testing. It's good enough for the military, so it's probably quite good,
but I can't make any guarantees of the quality just yet.

I have heard similar things but never could determine the accuracy of the sources.

[theking]

Quote:

Originally Posted by raymor

As of the latest report, something like 85% of all server hacks came through PHP.
So yes, PHP is by FAR the most likely way for your server to get hacked. Zend recognizes
this huge problem, but fixing some of the problems would make certain old code stop working,
so they can;t just fix everything immediately. The most recent version of PHP closes some
of the most obvious gigantic security holes in PHP itself, but it's still horrible. The upcoming
PHP 6 is slightly better, but still pretty bad. As an example, currently ANY PHP script
will allow hackers to upload any file they want onto your server. That's a HUGE security
hole built right into the language and there's not much that the person writing the script
can do about it. If your host runs Apache "SuExec", which several large hosts do, that's
even worse because that means all visitors to your site have the same rights to your files
that you do when you FTP. The combination is SuExec and PHP version 4.0 or less takes
down sites every day.

Add to that the one thing that everyone who likes PHP says about it - "PHP is so easy.
Anyone can write PHP, with no programming training required." Exactly. Any idiot can write
a PHP script and thousands of idiots do. If these people who have never taken a single
programming class or read a single computer science book were writing software for your
desktop, that would just mean there would be a bunch of crappy software available. But
take all this crap written by clueless people, in a braindead language, and put it on a public
web server and you have the worst computer security nightmare in history.

You've read about some of the more well known hacks, like NATS. We hear about smaller
programs being hacked a couple of week - almost always through stupid PHP scripts.

Your web host or admin can set several security related settings for PHP in the PHP
configuration file, php.ini. Setting some of these as restrictive as possible may reveal
security holes in some of your scripts, when HP refuses to execute certain parts of them.
Those scripts can be fixed. It's almost always just one or a few lines that need to be fixed
to make the script more secure, so it'll work in a more secure environment. Unless, of
course, the scriptor was dumb enough to use dozens of autoglobals spread all throughout
the code, with no central validation routine that can be used to populate them properly.
Similarly, if you're not using PHP 5 you can update first and some of the worst holes
from PHP 4 will be patched. Some scripts written for PHP 4 may have used deprecated
functions that were available, but not supposed to be used. They may have some small
problems under PHP 5, which is improved and has removed or changed some of the
worst things people could do under PHP 4.

We're also just starting to test a new service where we heck several thousand possible
security issues on your server. We make sure that it complies with the standards that
the department of defense uses for military computers. It's a pretty thorough scan which
will find a couple of dozen problems on a typical web server. However, it's brand new to
us, something we're testing. It's good enough for the military, so it's probably quite good,
but I can't make any guarantees of the quality just yet.

Makes sense to me.

[HandballJim]

I usually work on my web stuff on my desktop...then uplaod the files to the host. I also make a copy of my web folders once a week incase I need to upload them again. I am tempted to work live online so I can use other computers...but I am worried about something like this that happened to you. Maybe your host might have a copy of your website files from an earlier date.

I do have a mainstream website that I work live online with...and if it gets hacked it will just push me to re-design it from scratch.

[Billionaire]

Quote Details: Sun-tzu: Keep your friends close,

[theking]

Quote:

Originally Posted by Billionaire

Quote Details: Sun-tzu: Keep your friends close,

Even though I have never identified any of my sites to anyone on this board...and it is the only board that I am a member of...I suspect that one of the...dozen or so trolls that do not like my posts and...apparently me...may have some how discovered who I host with and is probably responsible...but then again there are thousands of vandals on the internet...so I just do not know who is responsible.

[bbm]

fucking hackers, yes

[Libertine]

Quote:

Originally Posted by raymor

As an example, currently ANY PHP script
will allow hackers to upload any file they want onto your server.

Bullshit.

[baX]

What kind of sites do you have/got hacked? TGPs, blogs ...?

[StuartD]

Quote:

Originally Posted by theking

A question are sites written in PHP more vunerable than sites written in HTML?

Just when you think that a 'webmaster' couldn't possibly say anything any more foolish....

Quote:

Originally Posted by raymor

As an example, currently ANY PHP script
will allow hackers to upload any file they want onto your server.

[directfiesta]

Quote:

Originally Posted by theking

I suspect that one of the...dozen or so trolls that do not like my posts and...apparently me...may have some how discovered who I host with and is probably responsible...

First: it is more then a " dozen " ...

Secondly: You give yourself too much importance

Last: Nobody cares about your so-called sites and nobody believes they exist ( just like the WMD ) ...

END.

[tonyparra]

Quote:

Originally Posted by st0ned

It is usually something simple, like leaving your .htaccess open. However there are vulnerabilities in certain scripts which would allow them access. Without more info it is really hard for us to offer input on the situation. Javascript injections?

i got fukin hacked too and it was javascript injections. some help with this please. its a bitch to go through and remove that shit.

[tonyparra]

Quote:

Originally Posted by raymor

As of the latest report, something like 85% of all server hacks came through PHP.
So yes, PHP is by FAR the most likely way for your server to get hacked. Zend recognizes
this huge problem, but fixing some of the problems would make certain old code stop working,
so they can;t just fix everything immediately. The most recent version of PHP closes some
of the most obvious gigantic security holes in PHP itself, but it's still horrible. The upcoming
PHP 6 is slightly better, but still pretty bad. As an example, currently ANY PHP script
will allow hackers to upload any file they want onto your server. That's a HUGE security
hole built right into the language and there's not much that the person writing the script
can do about it. If your host runs Apache "SuExec", which several large hosts do, that's
even worse because that means all visitors to your site have the same rights to your files
that you do when you FTP. The combination is SuExec and PHP version 4.0 or less takes
down sites every day.

Add to that the one thing that everyone who likes PHP says about it - "PHP is so easy.
Anyone can write PHP, with no programming training required." Exactly. Any idiot can write
a PHP script and thousands of idiots do. If these people who have never taken a single
programming class or read a single computer science book were writing software for your
desktop, that would just mean there would be a bunch of crappy software available. But
take all this crap written by clueless people, in a braindead language, and put it on a public
web server and you have the worst computer security nightmare in history.

You've read about some of the more well known hacks, like NATS. We hear about smaller
programs being hacked a couple of week - almost always through stupid PHP scripts.

Your web host or admin can set several security related settings for PHP in the PHP
configuration file, php.ini. Setting some of these as restrictive as possible may reveal
security holes in some of your scripts, when HP refuses to execute certain parts of them.
Those scripts can be fixed. It's almost always just one or a few lines that need to be fixed
to make the script more secure, so it'll work in a more secure environment. Unless, of
course, the scriptor was dumb enough to use dozens of autoglobals spread all throughout
the code, with no central validation routine that can be used to populate them properly.
Similarly, if you're not using PHP 5 you can update first and some of the worst holes
from PHP 4 will be patched. Some scripts written for PHP 4 may have used deprecated
functions that were available, but not supposed to be used. They may have some small
problems under PHP 5, which is improved and has removed or changed some of the
worst things people could do under PHP 4.

We're also just starting to test a new service where we heck several thousand possible
security issues on your server. We make sure that it complies with the standards that
the department of defense uses for military computers. It's a pretty thorough scan which
will find a couple of dozen problems on a typical web server. However, it's brand new to
us, something we're testing. It's good enough for the military, so it's probably quite good,
but I can't make any guarantees of the quality just yet.

great, now where do i swipe my cc

[sortie]

Quote:

Originally Posted by tonyparra

i got fukin hacked too and it was javascript injections. some help with this please. its a bitch to go through and remove that shit.

I've been told that those type of hacks usually come through unsecured servers.

[tonyparra]

Quote:

Originally Posted by sortie

I've been told that those type of hacks usually come through unsecured servers.

dont tell me that