Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion. Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules. |
9th March 2005, 13:17 | #2 | Link |
retired developer
Join Date: Oct 2002
Location: Canada
Posts: 8,978
|
__________________
Detritus Software |
9th March 2005, 14:27 | #4 | Link |
Registered User
Join Date: Dec 2004
Posts: 165
|
Its good to see the way some people treat such a great and productive member of the Video Encoding community. This is a big shame, there was some really useful information on the forums.
Last edited by Axed; 9th March 2005 at 14:30. |
9th March 2005, 14:43 | #5 | Link |
clueless n00b
Join Date: Oct 2001
Location: somewhere over the rainbow
Posts: 10,579
|
phpBB, unfortunately, isn't the safest bulletin board around and you regularly have to upgrade it. A lot of phpBB boards have been hacked in the past few months, and to make things worse, there were worms that automatically attacked known weaknesses of phpBB boards. Those worms also tried to get in here, but not being a phpBB they didn't have any luck.
Also, it's important that you always keep up with the PHP version (also not quite the most secure language there is).
__________________
For the web's most comprehensive collection of DVD backup guides go to www.doom9.org |
9th March 2005, 15:44 | #6 | Link |
Moderator
Join Date: Oct 2001
Posts: 3,530
|
From the looks of it his admin account was broken into. All the defacement is areas that can be changed from the admin panel. ie, no php was altered, nor was MySql broken into. Someone just guessed his password.
Donald, what I did to add some security was put basic authentication on the directory containing the admin scripts. This means you have two usernames and passwords to enter before you can acces the admin panel. Make them different. |
9th March 2005, 16:44 | #8 | Link |
retired developer
Join Date: Oct 2002
Location: Canada
Posts: 8,978
|
Do you have backups?
__________________
Detritus Software |
9th March 2005, 17:52 | #11 | Link |
retired developer
Join Date: Oct 2002
Location: Canada
Posts: 8,978
|
yeah. the best is a combinaison of letter and numbers
a-z, A-Z and 0-9. Adding other caracters is hazardeous if you have keyboard problems
__________________
Detritus Software |
9th March 2005, 18:53 | #13 | Link | |
Moderator
Join Date: Oct 2001
Posts: 3,530
|
Quote:
I also run a phpBB, so it's easy to spot what was changed. I also added a log file to mine to record, among other things, bad password attempts. If you have such a log you can look for the break in. And ask your host if basic authentication can be added to the admin directory, it adds another level of security. Last edited by mpucoder; 9th March 2005 at 18:57. |
|
9th March 2005, 19:48 | #14 | Link |
retired developer
Join Date: Oct 2002
Location: Canada
Posts: 8,978
|
Can I have your tweaks?
__________________
Detritus Software |
9th March 2005, 20:46 | #15 | Link |
Registered User
Join Date: Nov 2001
Posts: 9,770
|
seems the bsplayer forum (phpbb) has also been hacked:
http://forum.bsplayer.org/viewtopic.php?t=6426 according to betaboy (corecodec) thats fake
__________________
Between the weak and the strong one it is the freedom which oppresses and the law that liberates (Jean Jacques Rousseau) I know, that I know nothing (Socrates) MPEG-4 ASP FAQ | AVC/H.264 FAQ | AAC FAQ | MP4 FAQ | MP4Menu stores DVD Menus in MP4 (guide) Ogg Theora | Ogg Vorbis use WM9 today and get Micro$oft controlling the A/V market tomorrow for free |
9th March 2005, 21:17 | #16 | Link |
retired developer
Join Date: Oct 2002
Location: Canada
Posts: 8,978
|
What's going on?
[edit] I upgraded mine to 2.0.13. I have the latest php too. I think I will set some .htaccess on /admin ...
__________________
Detritus Software Last edited by Sirber; 9th March 2005 at 21:41. |
9th March 2005, 23:58 | #17 | Link |
Blah!
Join Date: Jul 2002
Location: Brazil
Posts: 337
|
phpBB is a terrible, buggy and unsafe forum platform. I know of at least 6 forums that have been hacked (counting neuron2's and BSplayer's). I'm advising all people I know that are using phpBB to move to something else. vBulletin or Invision 2.0x if they are willing to pay, or Invision 1.3.1 if they aren't.
No wonder they are changing their forum name to "Olympus" in an attempt to get rid of the huge bad karma they have... Last edited by rjamorim; 10th March 2005 at 00:02. |
10th March 2005, 05:49 | #18 | Link | |
Registered User
Join Date: Mar 2002
Location: Kansas City, Missouri
Posts: 1,812
|
Quote:
The only real gripe I have ever seen as reasonable are the lack of some features etc. But as far as that is concerned it's not that big a deal. I mean after all you get what you pay for. And in this case more. This is just yet another case of people not keeping up with patches or their web hosts not keeping up in Donald's case. But Don appears to be a good admin with backups handy and his host should have their patches up to date now.
__________________
Opensource will not take over the world. But it will sure improve the lives of most of it! _______________________________________________ Inkscape - Scallable Vector Graphics for everyone. The GIMP - Free raster graphics and photo editing software. Planeshift - Free 3D MMORPG. Cause everyone needs some fun. |
|
10th March 2005, 14:07 | #20 | Link |
retired developer
Join Date: Oct 2002
Location: Canada
Posts: 8,978
|
Why did he do that?
__________________
Detritus Software |
Thread Tools | Search this Thread |
Display Modes | |
|
|