Hacking the SMF PHP Scripts?

Started by -Garion-, September 30, 2004, 12:52:47 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

-Garion-

September 30, 2004, 12:52:47 PM
I belong in a crew who runs a game server and it's been under attack recently by a certain fellow (myg0t) who has been exploiting the game's bug to constantly crash our server.  He is intent on creating as much havoc as he can.  And I've been keeping an eye on their forum to see what he's been saying and found this:

QuoteReading their forums tonight, they somehow banned my username, and now only allow admin initiated registration so i cant sign up for another account, however, thanks to my extensive linux database encrytion knowledge i was able to crack their php scripts and access their website sql database.
only thing that was a pain in the ass was reading encrypted source code, but i was able to decode them, they are now talking about me, how full of Sh*t i am.
they got their prides up.
I will be traveling to mexico next week, so i cant create havoc, however. Jurisdiction is sweet, i will do my best to take over their website, and change their index page to THIS SITE WAS OWNED!.
keep an eye out for it, www.bashyou.com

since its mexico, many things are legal.

They keep talking about tracing my ip, reporting me to my ISP, but they dont realize the reality of IP spoofing. I spoof right under a data center, which of nearly 5 million IP's pass through daily. LMAO.


here's one of their guys quote:

"""Wait, lets back up here a second... He used a brute force dictionary cracker... and it worked in ONE NIGHT?!? LMAO

This guy is full of sh*t... That only works for average people, unless he has an extensive (and by extensive I mean VERY long) list.

Edit: Most of the ISP's won't shut them down unless they are causing $_____ (I forgot how much) damage, or cracking into certain accounts (email, etc.)

You can always trace their IP... for a few things...

I just noticed about "[his] own dos exe that he created".... this smells of a 14M3|2... What's next? Threatening to use Sub7 ?! LOL... man... good one...""""

and whoever wrote that, if you are reading this, One day of account and password cracking is way too long for me, i set my goal standards for 4 minutes.
crack it or quit rule. 0 trace

At first I wasn't too concerned because I thought he was full of hot air.  But to be safe I shot off a PM to a friend much more knowledgable than me, and he said this:

Quoteit's hard to say if this f'er is full of ****** or he can really do this crap...

...if he's really being serious about what he can do then yes we got probs.

crack their php scripts = wow i'm so proud of u!  f'er.  We need to hit SMF forum peeps about this.  Go to smf and post in forums.  Quote this dude again in their forums.  Plead for help.  U especially want [UNKNOWN] to help u.  He started smf.  We can encrypt ur php files.  Unless u haven't already done that?  He acts like you have.  It's easy to do lots of utilities.  Make back up copy of all ur smf forum php files.  Then we'll encrypt em'.

Let me know if u understand all this.  Yes if this f'er is serious we need to get all this done before he gets to mexico.  We could even encrpt your html pages too.

So I wanted to know if it were possible that there's an element of truth to what the hacker is saying.  If so, I wanted to know how I should proceed to protect myself.. encrypt the SMF pages?  This bastard has been targeting us for the past week, and so I'm convinced he's in for the long haul to bring us down.  He belongs to a 50+ strong informal clan who's sole purpose is to cause trouble for other people.  http://www.myg0t.com and their forums at http://www.myg0t.net.  Crazy.

Ben_S

#1
September 30, 2004, 01:09:42 PM Last Edit: September 30, 2004, 01:19:33 PM by Ben_S
Talking rubbish by the sounds of it.

"extensive linux database encrytion knowledge"  ???

"only thing that was a pain in the ass was reading encrypted source code"

I wonder what encrypted source code that is?
Liverpool FC Forum with 14 million+ posts.

roboter88

#2
September 30, 2004, 01:15:17 PM
I always wonder about people CHEATING games...lol i hate cheaters :-9
This site is all bout hacking cs....well anyqay who playing this dumb game?

Quake is the Force :-).

-Garion-

#3
September 30, 2004, 01:19:39 PM
Well, I do hope that he's just pissing garbage in the wind.  And actually we're a MOHAA crew.  I hate CS too.   ;)

A.M.A

#4
September 30, 2004, 01:20:11 PM
He is talking about reaching your SQL data base .. if he is right and did reach that .. what is stopping him from causing havoc already!
Really sorry .. real life is demanding my full attention .. will be back soon hopefully :)

[Unknown]

#5
September 30, 2004, 01:23:10 PM
Passwords in SMF are already encrypted.  Since SMF is free to download, I'm afraid encrypting the PHP code would do no good - although I really don't see what good it would do him either.

Settings.php does include your database password.  It's possible he got a hold of this.  I suggest the following:

1. Make sure ALL administrators have NO secret question and secret answer.  This is often easier to get into than the password.
2. Change all your passwords - MySQL, FTP, and email.  Make sure every administrator's email is using a secure password with a secure question/answer or none.
3. Tell your webhost about this threat.  They may be able to assist you (and at the least give you the access log for the time in question.)

Hmm... vBulletin.  I bet he's not paying for it, eh?

The guy sounds like an average script kiddie.  Likely somewhere about 13 or 14... he probably guessed a password or answered a secret question and wants to seem all hot.

If you can get the access log for the time in question, you can see exactly how he got in, if it was at all web-based.  But, again, it's also possible he got some password, and it won't even be on the access log.

-[Unknown]

-Garion-

#6
September 30, 2004, 01:33:57 PM
Great, that's a clear set of things I can go about doing to make sure we're as protected as can be.  I'll go ahead and do all of those things anyways even if he's BSing, and didn't get access to our sql database.  I've already told the our webhost and I'm waiting for a reply. 

natedog550

#7
September 30, 2004, 01:54:47 PM
What about using ioncube to encrypt just Settings.php?

Will smf still be able to read the file you think?

roboter88

#8
September 30, 2004, 02:10:33 PM Last Edit: September 30, 2004, 02:17:16 PM by roboter88
Or just use https server site 40-128 bit encryption.
Secure Sockets Layer SSL

https://www.ccc.de/https/

Ben_S

#9
September 30, 2004, 02:20:19 PM
Using HTTPS won't help protect settings.php since it's never passed over the web.
Liverpool FC Forum with 14 million+ posts.

roboter88

#10
September 30, 2004, 02:27:45 PM Last Edit: September 30, 2004, 02:32:22 PM by roboter88
But would prevent or make it harder for attacks.
A hacker just could trace ip s on domain and then hacking user and get their acc. If he is lucky he get admin with this.

Ok i just researched and ip is still public :P

natedog550

#11
September 30, 2004, 03:10:34 PM
omg i can't believe i didn't think of this till just now....

this may be documented in smf stuff never checked.

Just make a call to settings.php in a non web published folder

I've used other php progs that did that.  Like ../../../settings.php or something to that nature and move the real settings.php there and the header of the one in the smf base directory call to that.

wouldn't that do it? :)

ADoomedMarine

#12
September 30, 2004, 03:14:40 PM
Also send an email off to someone at vbulletin.com and tell them that you might think this person is running a illegal version of their software, make sure you link to myg0t's forum as well.

They can check if it's valid and if it isn't they might be able to do something :)  Revenge is sweet.

natedog550

#13
September 30, 2004, 03:45:02 PM
lol!

that's tight.......that would be hilarious

roboter88

#14
September 30, 2004, 03:48:13 PM
Just tell em to use SMF instaed (later u say they stole ur indeas)  :-) and all are happy end!

Burpee

#15
September 30, 2004, 03:49:35 PM Last Edit: September 30, 2004, 03:54:47 PM by Burpee
vBulletin has a page for reporting pirated sites:
http://www.vbulletin.com/piracy.php

And while you're at it, tell extremepixels as well...
http://www.extremepixels.com/vb/tren_z/tren_z_purchase_details.php

If you're really pissed off, you could also try to look at
http://domainsbyproxy.com/LegalAgreement.aspx?prog_id= (Their registrar)
and get their real identity as well as their hosting cut off...

ryanbsoftware

#16
September 30, 2004, 04:07:38 PM
off topic here, that flash chat is awsome, where did u get it?

-Garion-

#17
September 30, 2004, 05:01:18 PM
I bought the FlashChat script for $5 bucks here:
http://www.tufat.com/script.php?script=chat   ;)

ryanbsoftware

#18
October 01, 2004, 12:45:42 AM
Quote from: -Garion- on September 30, 2004, 05:01:18 PM
I bought the FlashChat script for $5 bucks here:
http://www.tufat.com/script.php?script=chat   ;)

oh you have to buy it, i am cheap, besides i don't have a credit card. ;)

marcnyc

#19
October 09, 2004, 07:26:03 AM
You cna use PayPal or a bank transfer.
I am cheap too and I hate software manufactures who charge too much money, but $5 is REALLY a fair price and now that we have somebody that understood what is a fair price we should be fair and show that piracy is only morally acceptable with giants like Microsoft... You HAVE to support some of these people or else nobody will write software...

In case somebody is interested in a beautiful PHP/Flash chat that integrates with SMF beautifully (read: same user database, same page design/layout/theme), I have taken the liberty to write a small tutorial to integrate FlashChat in SMF 1.0 as if it was PART of a page instead of a new page in a new window: http://www.simplemachines.org/community/index.php?topic=17856.0

Print
Go Up Pages1
User actions
Advertisement: