Ok my forum got hacked lol

[Xtreme2damax]

Now the Dolphin forum was hacked..

__________________

| Xtemulation Forums | Dolphin SVN Builds |
| XTemulation Wiki | PCSX2 SVN Builds |

Download the free Xtemulation Toolbar
If you like Xtemulation, please Digg Us

---

Last edited by Xtreme2damax; July 7th, 2009 at 23:58..

[@ruantec]

not to start a coding fight here but it doesn´t surprise me actually as i´ve seen several php gurus and they told me about the posibility and weakness of php in many areas and therefore i never trusted that technology.

__________________

Current development tools:

Visual C++.net, Visual C#.net
Visual VB.net, Visual Webdeveloper.net
Bloodshed Dev C++, Borland C++
Visual Basic 6

[Chrono Archangel]

its not the language's fault...its the software. MyBB should be to blame here.

Afaik, the vulnarability was patched in 1.4.7
MyBB 1.4.7 Released - Security Update | MyBB Blog

__________________

When Pigs Fly: The Death of Oink, the Birth of Dissent, and a Brief History of Record Industry Suicide.

[FLaRe85]

It's a bit of both, really. Vulnerabilities are occasionally found in PHP/Perl/CF/etc... that will allow a website or even an entire server to be exploited.

__________________

.: Flaretech.Net :: Flaretech.Biz Web Hosting :: H3 Stats :: My Blog :.



.: Mac Pro :: Dual Quad-Core Intel Xeon 5400s :: 6 GB 800MHz DDR2 ECC FB-DIMMs :: NVIDIA GeForce 8800 GT 512 MB GDDR3 :.
.: Macbook Pro 17" :: 2.33 GHz Intel Core 2 Duo :: 2 GB 667 MHz DDR2 :: ATI Radeon X1600 :.

[Shablam]

Quote:

Originally Posted by Chrono Archangel

MyBB should be to blame here.

The vulnerability was patched just fine, maybe if this user hadn't waited so long to upgrade, they wouldn't have got hacked. I updated the day the release was patched, on a busy forum, never got hacked. Hmm, yes, blame MyBB. Blame MyBB for a user who can't keep up to date with releases.

Either that, or they didn't upgrade properly and take the necessary precautions as regards the vulnerability.

[Hatorijr]

if you still have the ip address.....i wont mind taking it off your hands for a little fun (been itching to try something out )

[Xtreme2damax]

Quote:

Originally Posted by Shablam

The vulnerability was patched just fine, maybe if this user hadn't waited so long to upgrade, they wouldn't have got hacked. I updated the day the release was patched, on a busy forum, never got hacked. Hmm, yes, blame MyBB. Blame MyBB for a user who can't keep up to date with releases.

Either that, or they didn't upgrade properly and take the necessary precautions as regards the vulnerability.

It's not the users fault either, but the company that manages the servers and any websites on them. Crowdgather has stripped @ruantec of any access to the subdomain such as FTP and database access and refuses to provide a backup, which is why the forum wasn't upgraded. If he had access to everything on the subdomain, the forum would of likely been upgraded soon after the exploit was discovered.

Also the exploit itself isn't that old, and a patch just issued recently. It was discovered the forum was hacked a week ago when @ruantec discovered the hack and posted this thread.

Anyways all @ruantec needs is a backup, he's found somewhere else to host the AES forum, after he receives the backup of the files he's constantly been asking for a while now, the aruantec subdomain, database and files can be deleted.

__________________

| Xtemulation Forums | Dolphin SVN Builds |
| XTemulation Wiki | PCSX2 SVN Builds |

Download the free Xtemulation Toolbar
If you like Xtemulation, please Digg Us

[Squall-Leonhart]

I would like the VBA-M Subdomain deleted and any data on it removed.

as it is, you're partially restored (broken) backup has fubarred it anyway so theres no point having it there.

__________________

VBA-M | Xtemu | NGOHQ | Post Impact Productions | TNHW | XBCD 0.2.6 | Satanic666's Emulator Compiles
Don't be a NOOB, READ THE NGEmu/EmuForums Rules of Conduct
Need Help with ePSXe? This is your first stop!.
If you don't post all the required information, you don't get help.
Everytime someone posts a romsite, God kills a beautiful woman.

[Xtreme2damax]

Any updates on giving @ruantec a backup of the files for the aruantec subdomain, any compliance with Squalls and @ruantec's requests to have the subdomains and files deleted once a backup of the files is provided to @ruantec?

__________________

| Xtemulation Forums | Dolphin SVN Builds |
| XTemulation Wiki | PCSX2 SVN Builds |

Download the free Xtemulation Toolbar
If you like Xtemulation, please Digg Us

[Ignis]

Quote:

Originally Posted by @ruantec

not to start a coding fight here but it doesn´t surprise me actually as i´ve seen several php gurus and they told me about the posibility and weakness of php in many areas and therefore i never trusted that technology.

asp servers have been porked simply because of vulnerabilities windows itself has/had.

As far as how bad it is in php specifically I suppose I'm not sure, I work in it all the damn time, but I don't really bother messing with or reading about vulnerabilities that my host has to handle anyway.

Just making sure there's no way a user can screw your database is hard enough if you have a complex site.

[Xtreme2damax]

Ahem..

@ruantec is still waiting for the backup of his files, the AES forum on the Ngemu domain still remains hacked, the VBA-M forum on the Ngemu domain is borked.

How much longer are they expected to wait before they can expect this to get done?

Thanks if anyone from CG can give us an update on what is being done.

__________________

| Xtemulation Forums | Dolphin SVN Builds |
| XTemulation Wiki | PCSX2 SVN Builds |

Download the free Xtemulation Toolbar
If you like Xtemulation, please Digg Us

[@ruantec]

i´ve been waiting desperaly for an answer of a way they could upload the files somewhere i can get them... am starting to lose hope that i will get the files back anytime soon.

__________________

Current development tools:

Visual C++.net, Visual C#.net
Visual VB.net, Visual Webdeveloper.net
Bloodshed Dev C++, Borland C++
Visual Basic 6

[Xtreme2damax]

I'm sorry to say this, but I still hold onto some hope for you regardless..

I wouldn't expect them to comply with providing a backup, knowing how Crowdgather is and what everyone went through with them in the past. Also the subdomains will likely not be removed from Ngemu as Crowdgather is aware if they remove the subdomains along with the content, it'll affect traffic flow and cut into the profits they make off of Ngemu.

There is no reason it should be taking this long just to get a response, or even a backup of the files for that matter. I'm guessing that they have decided to ignore the requests in this thread and the thread alltogether now, it is unlikely they are willing to provide a backup and know it'll stir a problem if admit their refusal to provide a backup in this thread.

__________________

| Xtemulation Forums | Dolphin SVN Builds |
| XTemulation Wiki | PCSX2 SVN Builds |

Download the free Xtemulation Toolbar
If you like Xtemulation, please Digg Us

[Squall-Leonhart]

if they don't remove the content, i have a copyright disclaimer im ready to throw at them.

they might own ngemu, but they do not own the content of the sites hosted on ngemu, regardless of what they might believe.

__________________

VBA-M | Xtemu | NGOHQ | Post Impact Productions | TNHW | XBCD 0.2.6 | Satanic666's Emulator Compiles
Don't be a NOOB, READ THE NGEmu/EmuForums Rules of Conduct
Need Help with ePSXe? This is your first stop!.
If you don't post all the required information, you don't get help.
Everytime someone posts a romsite, God kills a beautiful woman.

[Xtreme2damax]

They seem to be mostly ignoring this forum in general now, I've noticed less of a presence from them. However a backup is still needed, and the subdomains/files to be removed since there isn't a point of keeping them up now that the VBA-M and @ruantec AES forums are hosted elsewhere.

__________________

| Xtemulation Forums | Dolphin SVN Builds |
| XTemulation Wiki | PCSX2 SVN Builds |

Download the free Xtemulation Toolbar
If you like Xtemulation, please Digg Us

[ShendoXT]

Since we are on the subject of subdomains I would like shendo.ngemu to be taken down.

__________________

C2D E8400 3.00 Ghz | EP45-DS3 | HD4850 512MB | 4GB DDR2 800 | 640 + 250 GB HDD
SyncMaster 2233BW 22" | Logitech G5 | Logitech G15 | Windows 7 x64