Pages: 1 2 3 [4] 5
Tags: ABUSE ACTIONS ADMINSITRATORS ALERT APP BAN PLASE TRIPLEGATE WANA
  Author: Topic: Hackers alert !
offline Anton
Last Visit: 11/19/06

Level 5
Test
Joined: 03/07/02
Forum Posts: 875
 Re: Hackers alert !
 Posted on: 09/02/04 at 16:08:51

You know why this thing isnt working on my site? I am using / as a separators.



My generic signature...
Logged
     
offline On
Last Visit: 05/20/06

Level 7
Dev
Joined: 06/19/03
Forum Posts: 6737
 Re: Hackers alert !
 Posted on: 09/02/04 at 16:13:20


I didnt know that WebApp was so popular. And every one is so happy to tell every one else how to hack it.


Got 94 hits... yeah 94 articles about this issue :) Seen some in Polish and French too!

Its actually only effecting the new version because someone forgot to install the old patch.







"Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live."
(Damian Conway from the book Perl Best Practices).



[*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... external link  /perl/webapp/modapp/
[*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... external link
[*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... external link
 


[/center]
Logged
       
offline DenDen33
Last Visit: 02/05/05

Level 7
Joined: 05/26/02
Forum Posts: 2244
 Re: Hackers alert !
 Posted on: 09/02/04 at 16:26:11

ok, this totally sucks, i can read any file using this technique.  CARTER!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!



What do you mean it's NOT butter?
Logged
     
offline On
Last Visit: 05/20/06

Level 7
Dev
Joined: 06/19/03
Forum Posts: 6737
 Re: Hackers alert !
 Posted on: 09/02/04 at 16:31:04



ok, this totally sucks, i can read any file using this technique.  CARTER!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


Give me the url I want to read too! DEN DEN!!!!!!  tongue





"Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live."
(Damian Conway from the book Perl Best Practices).



[*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... external link  /perl/webapp/modapp/
[*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... external link
[*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... external link
 


[/center]
Logged
       
offline DenDen33
Last Visit: 02/05/05

Level 7
Joined: 05/26/02
Forum Posts: 2244
 Re: Hackers alert !
 Posted on: 09/02/04 at 16:35:24

LOL, stop it!  Or I'll slap you! LOL
tonguetonguetonguetonguetongue

You know, just what I need before a catagory 4 hurricane.  And my power was out all day today since we had a transformer blow! (A preview of what's to come!)

cry



What do you mean it's NOT butter?
Logged
     
offline On
Last Visit: 05/20/06

Level 7
Dev
Joined: 06/19/03
Forum Posts: 6737
 Summary of solutions...
 Posted on: 09/02/04 at 16:39:26

Just to avoid a confusion to those that are still...reading this thread:

The soultion (according to little fishy me lol ) is at this chronological order!:

1.) Download and install Carters Patch

2.) Download my hack here.

3.) Double check new mods (mods released recently) with the cmd at above article and give us feedback here if they traverese folders.

Now the good news:  I have been trying all day long to hack http://cornerstone.web-app.net ... external link with these techniques with 2/3 of the "offers" scripts (what I keep killing "excuters"), most of them were fully protected and ready! few gave errors without any significant meaning. So 100% was ok!

Thus if the runing version is like the one avalible for downloads the above procedures should be good enough!

On :)







"Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live."
(Damian Conway from the book Perl Best Practices).



[*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... external link  /perl/webapp/modapp/
[*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... external link
[*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... external link
 


[/center]
Logged
       
offline On
Last Visit: 05/20/06

Level 7
Dev
Joined: 06/19/03
Forum Posts: 6737
 Re: Hackers alert !
 Posted on: 09/02/04 at 16:46:14



catagory 4 hurricane.  And my power was out all day today since we had a transformer blow!)




Thats nothing!!! wait until you see the Indonesian hackers coming!!!!!  lol







"Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live."
(Damian Conway from the book Perl Best Practices).



[*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... external link  /perl/webapp/modapp/
[*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... external link
[*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... external link
 


[/center]
Logged
       
offline DenDen33
Last Visit: 02/05/05

Level 7
Joined: 05/26/02
Forum Posts: 2244
 Re: Hackers alert !
 Posted on: 09/02/04 at 16:48:19

Hmm, i may have to switch to another program.  this is no laughing matter.




What do you mean it's NOT butter?
Logged
     
offline DenDen33
Last Visit: 02/05/05

Level 7
Joined: 05/26/02
Forum Posts: 2244
 Re: Hackers alert !
 Posted on: 09/02/04 at 16:50:49

Anyone get a hold of carter????  I have no idea how to.



What do you mean it's NOT butter?
Logged
     
offline On
Last Visit: 05/20/06

Level 7
Dev
Joined: 06/19/03
Forum Posts: 6737
 Re: Hackers alert !
 Posted on: 09/02/04 at 17:08:14

There is a simple solution...

Here

You probably need to install the hack at several places..

If you have an older version of web-app it should be allready installed anyway.

Whats the problem? I think floyd has Carters phone number.. but me lost Floyds number because it was on a napkin.. and I had a cold! confused





"Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live."
(Damian Conway from the book Perl Best Practices).



[*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... external link  /perl/webapp/modapp/
[*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... external link
[*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... external link
 


[/center]
Logged
       
offline bantychick
Last Visit:

Guest
 Re: Hackers alert !
 Posted on: 09/02/04 at 17:29:03

Nice job on the fix, On.

DenDen, Carter just posted at the Genesis development forum a couple days ago.
Logged
     
offline bard
Last Visit: 03/27/06

Level 2
Joined: 08/02/04
Forum Posts: 34
 Re: Hackers alert !
 Posted on: 09/02/04 at 18:55:01

You can probably write everything I know about this topic on the head of a pin, so my post is more a question than a suggestion.

I also have a question about Doorman for On (I get a 404 when I go to the modapp forum, so would someone please clarify where I should post questions and suggestions about Mods--I also  need help figuring out how to make Menu Manager a little more versitile).

I posted a suggestion for stopping bandwidth thieves in securty 101, and wonder what effect it would have on a hacker?

The idea was to put a sub that restricts access to a script to having to access it from a link on my doamin. I put a friendly version of it on the site index.cgi (for members & visitors who bookmark the site after it opens), and an unfriendly version of it on the other .cgi and .pl scripts (which only someone who is not welcome may try to access). The unfriendly version of it follows:

@okaydomains=("http://sitename.domain",
 "http://www.sitename.domain");
$DOMAIN_OK=0;
$RF=$ENV{'HTTP_REFERER'};
$RF=~tr/A-Z/a-z/;
foreach $ts (@okaydomains)
{
  if ($RF =~ /$ts/) { $DOMAIN_OK=1; }
}
if ( $DOMAIN_OK == 0)
 { print "Content-type: text/html\n\n A curse of the pox on you! May everything you treasure rot and fall off, and the stench of 1000 camels follow you everywhere!";
  exit;
 }

Now, the question for On: The README for Doorman contains the following:

2.) . . .

Scroll further down at the *same* sub and look for:  
   print_main();
   
   Its hould appear at two spots, add under each one of them this:
   
#############  Doorman Hack Protection  ##############
   deletehacklog();
########################################################

The problem is that "print_main();" appears only once in the user.pl in my WebAPP .9.9.1, and is located in the following:

##############
sub redirect {
##############

     my $username = @_;
     if ($username) { welcome($username); }
     else { print_main(); }
}

Whadoidonow? confused



bard
Logged
       
offline bard
Last Visit: 03/27/06

Level 2
Joined: 08/02/04
Forum Posts: 34
 Re: Hackers alert !
 Posted on: 09/02/04 at 18:57:31

You can probably write everything I know about this topic on the head of a pin, so my post is more a question than a suggestion.

I also have a question about Doorman for On (I get a 404 when I go to the modapp forum, so would someone please clarify where I should post questions and suggestions about Mods--I also  need help figuring out how to make Menu Manager a little more versitile).

I posted a suggestion for stopping bandwidth thieves in securty 101, and wonder what effect it would have on a hacker?

The idea was to put a sub that restricts access to a script to having to access it from a link on my doamin. I put a friendly version of it on the site index.cgi (for members & visitors who bookmark the site after it opens), and an unfriendly version of it on the other .cgi and .pl scripts (which only someone who is not welcome may try to access). The unfriendly version of it follows:

@okaydomains=("http://sitename.domain",
 "http://www.sitename.domain");
$DOMAIN_OK=0;
$RF=$ENV{'HTTP_REFERER'};
$RF=~tr/A-Z/a-z/;
foreach $ts (@okaydomains)
{
  if ($RF =~ /$ts/) { $DOMAIN_OK=1; }
}
if ( $DOMAIN_OK == 0)
 { print "Content-type: text/html\n\n A curse of the pox on you! May everything you treasure rot and fall off, and the stench of 1000 camels follow you everywhere!";
  exit;
 }

Now, the question for On: The README for Doorman contains the following:

2.) . . .

Scroll further down at the *same* sub and look for:  
   print_main();
   
   Its hould appear at two spots, add under each one of them this:
   
#############  Doorman Hack Protection  ##############
   deletehacklog();
########################################################

The problem is that "print_main();" appears only once in the user.pl in my WebAPP .9.9.1, and is located in the following:

##############
sub redirect {
##############

     my $username = @_;
     if ($username) { welcome($username); }
     else { print_main(); }
}

Whadoidonow? confused



bard
Logged
       
offline On
Last Visit: 05/20/06

Level 7
Dev
Joined: 06/19/03
Forum Posts: 6737
 Re: Hackers alert !
 Posted on: 09/02/04 at 19:01:47



Whadoidonow?


Wait with doorman, will release a new version soon. It wasnt written for 9.9.1





"Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live."
(Damian Conway from the book Perl Best Practices).



[*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... external link  /perl/webapp/modapp/
[*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... external link
[*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... external link
 


[/center]
Logged
       
offline gregmondro
Last Visit: 10/20/04

Level 1
Joined: 07/14/03
Forum Posts: 8
 Re: Hackers alert !
 Posted on: 09/03/04 at 13:11:33

stupid question, but if the hacks are coming from 1 source more or less

why not use an ip-ban or part of their domain to ban them using a .htaccess




My generic signature...
Logged
     
offline On
Last Visit: 05/20/06

Level 7
Dev
Joined: 06/19/03
Forum Posts: 6737
 Re: Hackers alert !
 Posted on: 09/03/04 at 13:28:38



stupid question, but if the hacks are coming from 1 source more or less

why not use an ip-ban or part of their domain to ban them using a .htaccess



BINGO!

This is exactly what we thought at the first place, and this is why I made this patch for the sub ban that lets users simply add domain bans eg hackers.com

But now we knoe that there are more than "one hacker" due to the fact that there were over 94 articles about this security issue (which is allready fixed with atleast 3 different solutions allready!).

I found it easier to ise our mods to add bans rather than uploading .htaccss such that one can easily monitor the bans and remove or adjsut them when needed.





"Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live."
(Damian Conway from the book Perl Best Practices).



[*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... external link  /perl/webapp/modapp/
[*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... external link
[*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... external link
 


[/center]
Logged
       

  Hackers alert !
  Security
  Forums
  
Pages: 1 2 3 [4] 5
Hop to: