[OT]OpenRPN.org hacked, AGAIN



#8

Please see Here. It now says "::.HACKED BY iSKORPiTX (TURKISH HACKER).::"

This is ridiculous. Don't they know how to configure a server?


#9

It is not about configuring a server, it's about choosing the right, secure CMS.

#10

Cok guzel!

Vaporware like OpenRPN is almost deserving of something like this...

#11

The problem is postnuke and has only been a problem for the past few months. I agree that it is out of hand but it will take a bit of time for us to set up a more secure alternative.


#12

Try DRUPAL. I hear it's a great CMS.

#13

Maybe I'm just ignorant, but isn't the server supposed to be read-only to the outside world, with the exception of forum posts?

How can it be possible to "hack" a server like this?


#14

I'm not a specialist in this but I've read something about hacking of database applications on the web.

One possible problem is dynamic SQL: Normally, your posts are enclosed in some SQL statements to put them in to a database:

insert into mytable( poster, text ) values( '<poster>', '<text>' )
The values in angle brackets come directly from the input form. Now consider a poster named "badguy" enters something like this in the text field:
' );
update sometable( colum1, column2 ) values( 'bad value1', 'bad value2
Now lets combine the two:
insert into mytable( poster, text ) values( 'badguy', '' );
update sometable( colum1, column2 ) values( 'bad value1', 'bad value2
' )

One can imagine that evil things can be done if the exact database structure is known (as is the case for many such systems.)

Marcus


Possibly Related Threads…
Thread Author Replies Views Last Post
  [HELP] AdictosHP.org CompSystems 0 1,016 11-12-2013, 08:39 PM
Last Post: CompSystems
  HP Prime section on hpcalc.org to come? Han 0 885 09-27-2013, 11:02 PM
Last Post: Han
  OpenRPN Matt Agajanian 3 1,542 09-09-2013, 12:42 AM
Last Post: Paul Dale
  Updates to Clonix41.org & USB-41 archives. Diego Diaz 0 964 05-08-2012, 06:01 PM
Last Post: Diego Diaz
  OpenRPN Prototyping In Progress Hugh Evans 19 5,087 10-20-2011, 09:16 AM
Last Post: Oliver Unter Ecker
  OpenRPN and the 41CL snaggs 11 3,226 09-29-2011, 08:55 PM
Last Post: Egan Ford
  OpenRPN: How about a desktop HP-42S? Dan W 2 1,172 09-20-2011, 01:38 AM
Last Post: Walter B
  OpenRPN Reboot Interest? Hugh Evans 40 9,089 09-19-2011, 09:14 PM
Last Post: Hugh Evans
  Trying to get hold of Eric at HPcalc.org Geir Isene 0 876 09-06-2011, 12:09 PM
Last Post: Geir Isene
  offtopic: is HPCALC.ORG dead? x34 2 1,354 03-15-2011, 06:44 PM
Last Post: DeboT

Forum Jump: