JP Stones — Wed, 15 Sep 1999 21:34:00 +0000

Thanks Patick!
JP

----------
[red]The Next Step in Website Development [/red] - http://www.what-next.com
The Webmaster Promotion and Resource Center

Mon, 13 Sep 1999 23:14:00 +0000

JP, to answer your question about hacking with a CGI:
there are some scripts around that let you pass information about where a file to print on the web-page (e.g., the hit-counter) resides, so if you pass a different path, like:
http://www.blah.com/cgi-bin/hit.cgi?path=/etc/passwd
you'll find the whole unix-password file printed on your browser-window )
and before you even try, i think every half-educated server-admin should know about this and use shadow-passwords that can't be accessed by everybody.
later
patrick

fairhousing — Mon, 13 Sep 1999 00:00:00 +0000

all of my files were deleted. the only file left was the crackers taunting index.html file. however, they still had access whenever the passwords were changed. anyways, i can't really go into much more detail about it at this point.

----------
My Site Got Hacked, Check It Out!
http://www.birminghamnet.com

JP Stones — Sun, 12 Sep 1999 22:03:00 +0000

This is very interesting indeed, anyone have any more info?
JP

----------
[red]The Next Step in Website Development [/red] - http://www.what-next.com
The Webmaster Promotion and Resource Center

fairhousing — Fri, 10 Sep 1999 20:09:00 +0000

i'll be posting more info in the "general discussion" topic area under "getting hacked" when i get some time.

more forum member input is appreciated

thanks in advance

----------
My Site Got Hacked, Check It Out!
http://www.birminghamnet.com

Kilroy — Fri, 10 Sep 1999 18:07:00 +0000

Just a quick note,
I had an acquaintance that had his site severly defaced and hacked. His upline, after a few days of investigation, said they somehow got access via his "Hitbox Counter" program... Not sure if this is possible... but may be something to look into.. alot of the external program, (ie counters, bbs, cgi scripts) apparently may allow it somehow, depending upon your server's setup???.... has anyone else experienced a hacking????

Zee — Fri, 10 Sep 1999 03:43:00 +0000

Hmm.. just a couple of questions... who are you hosting with? NT or Unix based? How many FTP/Telnet accounts were you using? Did you give any of your passwords out to anyone? What kind of any, CGI scripts were you running? I'm no hacker or security expert, but I'm just wondering how they got in... did you get back control of yer site yet?