Please Watch this, How is this possible?

KraHen · 01/03/2009, 15:19

I think I know it as well. Why are you so surprised? Someone hacked you. Improve your security!!!

_Emme_ · 01/03/2009, 15:24

Someone that wants to prove your server isnt as good as you say it are , lmao:P

And newduude, the code tanel coded ( his personal number ) just drops the table coproj, so that cant be it.

plasma-hand · 01/03/2009, 16:17

Quote:

Originally Posted by EmmeTheCoder

Someone that wants to prove your server isnt as good as you say it are , lmao:P
And newduude, the code tanel coded ( his personal number ) just drops the table coproj, so that cant be it.

It should not be hard to figure out now

sherwin9 · 01/03/2009, 16:33

plasma....

koio · 01/03/2009, 16:34

and close the mysql port in u router

plasma-hand · 01/03/2009, 16:54

Sherwin, If you think its me you are the dumbest person i have ever seen

~~tao4229~~ · 01/03/2009, 18:27

Tbh, that website CMS isn't the most secure website....

Not like I could make one my self though.

sherwin9 · 01/03/2009, 19:01

Hmmm nvm, I think it's H4x0r if you know who it is, my friend just caught up a pm from him which included the message that he was selling GM and PM accounts at my server :P And that he hacked it.... So... Guess.. it's him...

KraHen · 01/03/2009, 19:06

I knew it since the beginning, he changed his name to H4x0r not too long ago...

plasma-hand · 01/03/2009, 19:08

you said the person that did it knows php well and is a good coder...

Whoever did it just typed in ur mysql pass which was prob either conquer,sherwin,admin,adminadmin,conquer4life

~~!DeX!~~ · 01/03/2009, 19:15

idiot Delete This File

KraHen · 01/03/2009, 19:15

Or RAT-ed the host PC?

~~!DeX!~~ · 01/03/2009, 19:19

lolmaster ... Did that [CoNorth]

Kiyono · 01/03/2009, 19:20

lolmaster did it

Tw3ak · 01/03/2009, 19:22

lol i can tell you probably how he /did it.

for one cms = horrible to use and it also helps if you remove the install files lol.

and for 2 if you read the thread tao4229 made describing lotf exploitations you will see unknown talk about injecting sql commands into lotf servers.

Most likely the person simply injected whatever he wanted into your database tables by exploiting it not being secured.

i'll give you a few tips on this so it won't happen again because i'm in a generous mood today lol.

1) do NOT ue the default lotf db names and passwords.

You would be surprised how many idiots use the standard "coproj" as db name such as you did in this case lol

2) Don't use root access to run your server as underlined to do in setup in every guide to a private server i have seen.

your probably using "root" "yourpass" for your db conection which is NOT ever a good idea to use root as your main db connection it is designed to be used for administration purposes not to have server use it.

3) most importantly set up new user/pass that is not root and set your sql permissions to specific host/dns and deny all from anyone else.

If your server is communicating to sql only your server is allowed to do so anyone else trying to run remote injection commands to the sql from outside ip will just get denied access as it isn't set in permissions.

This will prevent most of the script kiddies that call themselves a "hacker" from screwin with your server i hope it helps you in the future good luck.