Latest posts of: n4ru

Show Posts
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 [22] 23 24 »

421

Bitcoin / Project Development / Re: BTCbomb : Buy/Sell Bitcoins with users safely!

on: July 03, 2013, 07:15:38 AM

Release the source if you plan on a) Having all bugs fixed. b) Getting people to run it. c) Want input on your code.

422

Bitcoin / Project Development / OnionPay - Gauging Interest for a new easy to use BTC no-fee payment processor!

on: July 03, 2013, 07:14:03 AM

I'm starting work on a relatively simple payment processor for use on TOR. The concept is simple - you want to accept payments over the deep web for items and a ten second solution without any fees or hassles. OnionPay is meant to do that. You visit the site. With one click, you generate your public payment address and your private key/password to log in for the future. Select some options, such as redirecting to your site upon payment completion. You hand out the public payment address or integrate it into your site. When someone needs to pay, they see a unique address to send coins to. The coins then get sent your personal wallet. After they pay, they're redirected to your site where you can use the API to verify some information about the payment - or, if it's for a digital purchase, they can immediately receive the information or download the product. Generate your payment address. Hand it out. Get paid.

423

Bitcoin / Development & Technical Discussion / Generate a bitcoin address in PHP WITHOUT GMP or BCMATH

on: July 03, 2013, 05:11:41 AM

I'm trying to find a way to generate a private key and public address using only PHP without either GMP or BCMATH. Can it be done at all? The reason for this is I am limited to a hosting provider on the tor network with neither of these. What are my options?

424

Economy / Services / Re: Anonymous Webhosting/ No dmca honor at https://codingagency.com Starts at 4.95!

on: June 30, 2013, 05:21:57 AM

I'm not seeing any way to install PHPMyAdmin or a way to manage SQL databases. Actually, when I go to the applications section I'm not seeing any way to install web apps at all. Nothing comes up in search. Any way to use an external SQL management program?

425

Economy / Services / Re: Anonymous Webhosting/ No dmca honor at https://codingagency.com Starts at 4.95!

on: June 29, 2013, 09:56:06 PM

Quote from: johnnyfla123 on June 29, 2013, 09:51:23 PM Quote from: n4ru on June 29, 2013, 08:19:26 PM Looks great, I'll be ordering later today. Anyone know a good .se domain registrar for anonymity? I can register it for you to where its not in your name and pass ownership to you How much?

426

Economy / Services / Re: Anonymous Webhosting/ No dmca honor at https://codingagency.com Starts at 4.95!

on: June 29, 2013, 08:19:26 PM

Looks great, I'll be ordering later today. Anyone know a good .se domain registrar for anonymity?

427

Economy / Services / Re: Hack my site, receive bitcoins

on: June 21, 2013, 03:48:10 AM

Quote from: buyer on June 21, 2013, 03:37:51 AM lol, oh ok... so the 49 vulnerabilities including 25 serious ones mean nothing. why are you asking for help if you obviously know it all and can't learn a thing? my assessment of your high school coding is worth thousands. jackass here's the report I sent the idiot op: Quote from: buyer on June 21, 2013, 02:41:01 AM I hit your server 25,000 times. You have serious vulnerabilities as listed in this image: http://postimg.org/image/rnegf0m6n/ 06.20 20:04.24, Started scanning http://http:80//198.12.67.18/test:80/ ... 06.20 20:04.24, Start URL : http://http:80//198.12.67.18/test:80/ 06.20 20:04.24, Scanning Mode : Heuristic 06.20 20:04.24, Server banner: Unknown 06.20 20:04.25, Crawling started, URL: http://http//198.12.67.18/test:80/ 06.20 20:04.26, Unable to detect custom 404 pattern automatically. 06.20 20:04.26, Some crawling options will be automatically disabled. 06.20 20:04.26, Processing file /198.12.67.18/test:80 06.20 20:04.27, Analyzing client side JavaScripts 06.20 20:04.27, Analyzing file: http://http/198.12.67.18/test:80/ 06.20 20:04.27, Script analysis done 06.20 20:04.27, Processing file /198.12.67.18/test:80 (variation 1) 06.20 20:04.27, Processing file /198.12.67.18/test:80 (variation 2) 06.20 20:04.27, Searching for possible site errors. 06.20 20:04.27, Searching for aspect alerts. 06.20 20:04.27, Crawling done. 06.20 20:04.27, Scanning started. 06.20 20:05.20, Finished scanning. 06.20 20:05.20, Flush file buffers. 06.20 20:05.41, Started scanning http://198.12.67.18:80/test:80/ ... 06.20 20:05.41, Start URL : http://198.12.67.18:80/test:80/ 06.20 20:05.41, Scanning Mode : Heuristic 06.20 20:05.41, Server banner: Apache 2.x 06.20 20:05.41, Crawling started, URL: http://198.12.67.18/test:80/ 06.20 20:05.42, Apache mod_negotiation filename bruteforcing 06.20 20:05.42, Error page Web Server version disclosure 06.20 20:05.43, Searching for possible site errors. 06.20 20:05.43, Searching for aspect alerts. 06.20 20:05.43, Crawling done. 06.20 20:05.43, Scanning started. 06.20 20:05.45, Apache httpd Remote Denial of Service 06.20 20:06.00, CSRF testing finished. 06.20 20:06.00, Finished scanning. 06.20 20:06.00, Flush file buffers. 06.20 20:06.47, Started scanning http://198.12.67.18:80/ ... 06.20 20:06.47, Start URL : http://198.12.67.18:80/ 06.20 20:06.47, Scanning Mode : Heuristic 06.20 20:06.47, Server banner: Apache 2.x 06.20 20:06.47, Crawling started, URL: http://198.12.67.18/ 06.20 20:06.49, Processing file / 06.20 20:06.49, Apache mod_negotiation filename bruteforcing 06.20 20:06.49, Error page Web Server version disclosure 06.20 20:06.51, Analyzing client side JavaScripts 06.20 20:06.51, Analyzing file: http://198.12.67.18/ 06.20 20:06.51, Script analysis done 06.20 20:06.51, Processing file / (variation 1) 06.20 20:06.51, Processing file / (variation 2) 06.20 20:06.51, Searching for possible site errors. 06.20 20:06.51, Searching for aspect alerts. 06.20 20:06.51, Crawling done. 06.20 20:06.51, Scanning started. 06.20 20:06.51, Apache httpd Remote Denial of Service 06.20 20:07.08, Possible sensitive files 06.20 20:07.12, Possible sensitive directories 06.20 20:07.15, Possible sensitive directories 06.20 20:07.53, Restart crawling 06.20 20:07.53, Processing file /test.php 06.20 20:07.53, Processing file /phpmyadmin 06.20 20:07.53, Processing file /test 06.20 20:07.53, Processing file /index.php 06.20 20:07.54, Processing file /test 06.20 20:07.54, Processing file /phpmyadmin 06.20 20:07.54, Password type input with auto-complete enabled 06.20 20:07.54, User credentials are sent in clear text 06.20 20:07.54, Processing file /test/basic.css 06.20 20:07.54, Processing file /test/login.php 06.20 20:07.54, Password type input with auto-complete enabled 06.20 20:07.54, User credentials are sent in clear text 06.20 20:07.54, Processing file /phpmyadmin/index.php 06.20 20:07.54, Password type input with auto-complete enabled 06.20 20:07.54, User credentials are sent in clear text 06.20 20:07.54, Processing file /phpmyadmin/index.php (variation 1) 06.20 20:07.54, Processing file /phpmyadmin/themes 06.20 20:07.54, Processing file /phpmyadmin/index.php (variation 2) 06.20 20:07.54, Password type input with auto-complete enabled 06.20 20:07.54, User credentials are sent in clear text 06.20 20:07.54, Processing file /phpmyadmin/index.php (variation 4) 06.20 20:07.54, Processing file /phpmyadmin/themes/original 06.20 20:07.54, Processing file /phpmyadmin/themes/original/img 06.20 20:07.54, Processing file /phpmyadmin/phpmyadmin.css.php 06.20 20:07.54, Processing file /phpmyadmin/Documentation.html 06.20 20:07.55, Processing file /phpmyadmin/Documentation.html (variation 1) 06.20 20:07.56, Processing file /phpmyadmin/print.css 06.20 20:07.56, Processing file /phpmyadmin/phpmyadmin.css.php (variation 1) 06.20 20:07.56, Session token in URL 06.20 20:07.56, Processing file /phpmyadmin/index.php (variation 3) 06.20 20:07.56, Password type input with auto-complete enabled 06.20 20:07.56, User credentials are sent in clear text 06.20 20:07.56, Processing file /test/style/fg_membersite.css 06.20 20:07.56, Broken links 06.20 20:07.56, Processing file /test/scripts/gen_validatorv31.js 06.20 20:07.56, Processing file /test/style 06.20 20:07.56, Processing file /test/login.php (variation 1) 06.20 20:07.56, Password type input with auto-complete enabled 06.20 20:07.56, Processing file /test/UPC.ttf 06.20 20:07.56, Processing file /phpmyadmin/themes 06.20 20:07.56, Processing file /phpmyadmin/themes/original 06.20 20:07.56, Processing file /phpmyadmin/phpmyadmin.css.php (variation 2) 06.20 20:07.56, Session token in URL 06.20 20:07.56, Processing file /phpmyadmin/themes/original/img 06.20 20:07.56, Processing file /phpmyadmin/index.php (variation 7) 06.20 20:07.56, Password type input with auto-complete enabled 06.20 20:07.56, User credentials are sent in clear text 06.20 20:07.56, Broken links 06.20 20:07.56, Processing file /phpmyadmin/index.php (variation 5) 06.20 20:07.56, Password type input with auto-complete enabled 06.20 20:07.56, Processing file /phpmyadmin/index.php (variation 9) 06.20 20:07.56, Password type input with auto-complete enabled 06.20 20:07.56, Session token in URL 06.20 20:07.56, Processing file /phpmyadmin/changelog.php 06.20 20:07.57, Processing file /phpmyadmin/docs.css 06.20 20:07.57, Processing file /phpmyadmin/index.php (variation 6) 06.20 20:07.57, Processing file /phpmyadmin/index.php (variation 06.20 20:07.57, Processing file /phpmyadmin/translators.html 06.20 20:07.57, Broken links 06.20 20:07.57, Processing file /phpmyadmin/license.php 06.20 20:07.57, Processing file /test/scripts 06.20 20:08.06, Processing file /test/style 06.20 20:08.06, Processing file /test/scripts 06.20 20:08.08, Processing file /phpmyadmin/setup 06.20 20:08.08, Analyzing client side JavaScripts 06.20 20:08.08, Analyzing file: http://198.12.67.18/phpmyadmin/ 06.20 20:08.08, Analyzing file: http://198.12.67.18/test/login.php 06.20 20:08.08, Script analysis done 06.20 20:08.08, Processing file /phpmyadmin/index.php (variation 11) 06.20 20:08.08, Password type input with auto-complete enabled 06.20 20:08.08, Processing file /phpmyadmin/index.php (variation 10) 06.20 20:08.08, Password type input with auto-complete enabled 06.20 20:08.08, Processing file /phpmyadmin/index.php (variation 12) 06.20 20:08.08, Password type input with auto-complete enabled 06.20 20:08.08, Searching for possible site errors. 06.20 20:08.08, Searching for aspect alerts. 06.20 20:08.08, Session Cookie without HttpOnly flag set 06.20 20:08.08, Session Cookie without Secure flag set 06.20 20:08.08, Crawling done. 06.20 20:08.08, Scanning started. 06.20 20:08.18, Cross Site Scripting (verified) 06.20 20:35.33, Cross Site Scripting (verified) 06.20 20:35.33, Possible username or password disclosure 06.20 20:35.37, Possible server path disclosure (Unix) 06.20 20:35.37, Possible username or password disclosure 06.20 20:35.38, Error message on page 06.20 20:35.39, Email address found 06.20 20:35.40, Email address found 06.20 20:35.40, Possible server path disclosure (Unix) 06.20 20:36.09, Possible sensitive directories Running an app you downloaded is so serious bro. Especially when it finds the one "serious" vuln that I already knew about. Skid' on out of here.

428

Economy / Services / Re: Hack my site, receive bitcoins

on: June 21, 2013, 03:07:51 AM

Quote from: buyer on June 21, 2013, 02:06:55 AM dear OP. turn off your website. it's bad. back in a couple. short version: You have more than 30 vulnerabilities including a severe one that you need to address immediately. I've only completed 5% of my scan. I think I found your problem. sending report via PM Actually, you didn't find anything but the already existing XSS that I knew about... using Web Vulnerability Scanner.

429

Economy / Services / Re: Hack my site, receive bitcoins

on: June 20, 2013, 05:11:27 AM

Quote from: Inedible on June 19, 2013, 11:00:49 PM I think the point everyone is missing is that the PHP file was altered. Not something that's easy to do from the database. This. Quote from: TradeFortress on June 19, 2013, 11:02:11 PM Do you use eval() anywhere? No. Quote from: td204 on June 19, 2013, 11:08:42 PM Just as a sanity check; the screenshot you provided, is this what you actually saw yourself? Or is this what the 'hacker' provided you with? I did some checks on your website, but there is nothing really compromised as far as I can see. I did manage to register on your website and inject some code into scan.php e.g.: http://198.12.67.18/test/scan.php?code=%22%22%3ETroolol%3Ca By some source-code reviewing I saw you had used a login-script you downloaded somewhere ("Registration/Login Form by html-form-guide.com"). By downloading the package I found out which php-files exist in your directory (or existed) and managed to register myself as user "test". Didn't spend a lot of time, but maybe the code is vulnerable somewhere. The package I downloaded seems okay.. did you get an older version? That is what I saw and everyone else visiting my site. Quote from: vit1988 on June 19, 2013, 11:10:44 PM Well... the form is vulnerable to XSS (and screenshot looks like, too) as single quotes in inputs are not escaped... but that alone would not gain him database credentials. did he really modify some files or only made it look like they were modified? Can you provide the php source code? A code rewiew would be easier than blind guessing. Proof for XSS: enter Code: ' onfocus='alert(1337) as user (or pass) and click on the input field afterwards. Could also be used in a similar way to inject images/html code into the website or steal cookies. He blind hacked it in minutes without source access, so I am offering the bounty for the same thing. td204 is right in that I am using that 3rd party form for logins, so you can look for it and see the source.

430

Economy / Services / Re: Hack my site, receive bitcoins

on: June 19, 2013, 09:00:38 PM

Quote from: johnnyfla123 on June 19, 2013, 06:51:32 PM Quote from: n4ru on June 19, 2013, 06:40:09 PM I'll take a look into this, but it wouldn't explain why the hacker didn't cleanly deface the main page and left some odd escaped tags - this is what leads me to believe it was done ONLY using the form. if he was using the form then he used sql injection which i provided the fix above for. no new data in the database asking with permanently modifying the page says otherwise. Is apache the only other potential beach?

431

Economy / Services / Re: Hack my site, receive bitcoins

on: June 19, 2013, 06:40:09 PM

Quote from: johnnyfla123 on June 19, 2013, 06:31:35 PM Quote from: n4ru on June 19, 2013, 06:28:26 PM Quote from: johnnyfla123 on June 19, 2013, 06:20:28 PM Quote from: n4ru on June 19, 2013, 06:14:47 PM Quote from: grue on June 19, 2013, 06:02:58 PM Quote from: n4ru on June 19, 2013, 05:39:11 PM Quote from: td204 on June 19, 2013, 05:20:27 PM I will give it a try later today.. Sure it was done through the form and not through FTP? Nearly positive. I was told by the hacker it was done through the login form. First he modified the login page, then probably grabbed my SQL login through a similar manner. Or... that's just a red herring. I highly doubt a SQL exploit can modify web pages. I never said it was an SQLi. I just know it used the login form that uses an SQL database, and he just managed to grab my SQL info for other purposes after breaking my form. Quote from: johnnyfla123 on June 19, 2013, 06:05:22 PM do you have brute force protection as well? because someone can just run bruteforce until it pops a correct user and pass. That isn't the issue here. derp sorry. to me it sounds like sql injection just put this at the header of every page and that will reject those requests and log their ip and the string they tried to use. Also are you running this website from home using apache? Code: <?php $ip = $_SERVER['REMOTE_ADDR']; $time = date("l dS of F Y h:i:s A"); $script = $_SERVER[PATH_TRANSLATED]; $fp = fopen ("[WEB]SQL_Injection.txt", "a+"); $sql_inject_1 = array(";","'","%",'"'); #Whoth need replace $sql_inject_2 = array("", "","","""); #To wont replace $GET_KEY = array_keys($_GET); #array keys from $_GET $POST_KEY = array_keys($_POST); #array keys from $_POST $COOKIE_KEY = array_keys($_COOKIE); #array keys from $_COOKIE /begin clear $_GET / for($i=0;$i<count($GET_KEY);$i++) { $real_get[$i] = $_GET[$GET_KEY[$i]]; $_GET[$GET_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_GET[$GET_KEY[$i]])); if($real_get[$i] != $_GET[$GET_KEY[$i]]) { fwrite ($fp, "IP: $ip\r\n"); fwrite ($fp, "Method: GET\r\n"); fwrite ($fp, "Value: $real_get[$i]\r\n"); fwrite ($fp, "Script: $script\r\n"); fwrite ($fp, "Time: $time\r\n"); fwrite ($fp, "==================================\r\n"); } } /end clear $_GET / /begin clear $_POST / for($i=0;$i<count($POST_KEY);$i++) { $real_post[$i] = $_POST[$POST_KEY[$i]]; $_POST[$POST_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_POST[$POST_KEY[$i]])); if($real_post[$i] != $_POST[$POST_KEY[$i]]) { fwrite ($fp, "IP: $ip\r\n"); fwrite ($fp, "Method: POST\r\n"); fwrite ($fp, "Value: $real_post[$i]\r\n"); fwrite ($fp, "Script: $script\r\n"); fwrite ($fp, "Time: $time\r\n"); fwrite ($fp, "==================================\r\n"); } } /end clear $_POST / /begin clear $_COOKIE / for($i=0;$i<count($COOKIE_KEY);$i++) { $real_cookie[$i] = $_COOKIE[$COOKIE_KEY[$i]]; $_COOKIE[$COOKIE_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_COOKIE[$COOKIE_KEY[$i]])); if($real_cookie[$i] != $_COOKIE[$COOKIE_KEY[$i]]) { fwrite ($fp, "IP: $ip\r\n"); fwrite ($fp, "Method: COOKIE\r\n"); fwrite ($fp, "Value: $real_cookie[$i]\r\n"); fwrite ($fp, "Script: $script\r\n"); fwrite ($fp, "Time: $time\r\n"); fwrite ($fp, "==================================\r\n"); } } /end clear $_COOKIE / fclose ($fp); ?> The server is a professional setup that my friend owns (he hosts many sites). I'd normally have logs of what strings were used but not in this case. I'll add this for the future, thanks. Still searching for the actual exploit. The hacker claimed it was relatively simple to execute but I can't imagine how he manage to modify the page permanently unless he had a way to escape and execute his own PHP. their may be a exploit in the apache server that hosts the site. in regular apache that isn't modified it would take someone a few seconds to gain access and deface a site or have access to all the files. You might be able ot find how he did it be googling something to do with apache and defacing sites/ gaining access to db's I'll take a look into this, but it wouldn't explain why the hacker didn't cleanly deface the main page and left some odd escaped tags - this is what leads me to believe it was done ONLY using the form.

432

Economy / Services / Re: Hack my site, receive bitcoins

on: June 19, 2013, 06:28:26 PM

Quote from: johnnyfla123 on June 19, 2013, 06:20:28 PM

Quote from: n4ru on June 19, 2013, 06:14:47 PM

Quote from: grue on June 19, 2013, 06:02:58 PM

Quote from: n4ru on June 19, 2013, 05:39:11 PM

Quote from: td204 on June 19, 2013, 05:20:27 PM

I will give it a try later today.. Sure it was done through the form and not through FTP?

Nearly positive. I was told by the hacker it was done through the login form. First he modified the login page, then probably grabbed my SQL login through a similar manner.

Or... that's just a red herring. I highly doubt a SQL exploit can modify web pages.

I never said it was an SQLi. I just know it used the login form that uses an SQL database, and he just managed to grab my SQL info for other purposes after breaking my form.

Quote from: johnnyfla123 on June 19, 2013, 06:05:22 PM

do you have brute force protection as well? because someone can just run bruteforce until it pops a correct user and pass.

That isn't the issue here.

derp sorry. to me it sounds like sql injection just put this at the header of every page and that will reject those requests and log their ip and the string they tried to use. Also are you running this website from home using apache?

Code:

<?php
$ip = $_SERVER['REMOTE_ADDR'];
$time = date("l dS of F Y h:i:s A");
$script = $_SERVER[PATH_TRANSLATED];
$fp = fopen ("[WEB]SQL_Injection.txt", "a+");
$sql_inject_1 = array(";","'","%",'"'); #Whoth need replace
$sql_inject_2 = array("", "","","&quot;"); #To wont replace
$GET_KEY = array_keys($_GET); #array keys from $_GET
$POST_KEY = array_keys($_POST); #array keys from $_POST
$COOKIE_KEY = array_keys($_COOKIE); #array keys from $_COOKIE
/*begin clear $_GET */
for($i=0;$i<count($GET_KEY);$i++)
{
$real_get[$i] = $_GET[$GET_KEY[$i]];
$_GET[$GET_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_GET[$GET_KEY[$i]]));
if($real_get[$i] != $_GET[$GET_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: GET\r\n");
fwrite ($fp, "Value: $real_get[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_GET */
/*begin clear $_POST */
for($i=0;$i<count($POST_KEY);$i++)
{
$real_post[$i] = $_POST[$POST_KEY[$i]];
$_POST[$POST_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_POST[$POST_KEY[$i]]));
if($real_post[$i] != $_POST[$POST_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: POST\r\n");
fwrite ($fp, "Value: $real_post[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_POST */
/*begin clear $_COOKIE */
for($i=0;$i<count($COOKIE_KEY);$i++)
{
$real_cookie[$i] = $_COOKIE[$COOKIE_KEY[$i]];
$_COOKIE[$COOKIE_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_COOKIE[$COOKIE_KEY[$i]]));
if($real_cookie[$i] != $_COOKIE[$COOKIE_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: COOKIE\r\n");
fwrite ($fp, "Value: $real_cookie[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}

/*end clear $_COOKIE */
fclose ($fp);
?>

The server is a professional setup that my friend owns (he hosts many sites). I'd normally have logs of what strings were used but not in this case. I'll add this for the future, thanks.

Still searching for the actual exploit. The hacker claimed it was relatively simple to execute but I can't imagine how he manage to modify the page permanently unless he had a way to escape and execute his own PHP.

433

Economy / Services / Re: Hack my site, receive bitcoins

on: June 19, 2013, 06:14:47 PM

Quote from: grue on June 19, 2013, 06:02:58 PM Quote from: n4ru on June 19, 2013, 05:39:11 PM Quote from: td204 on June 19, 2013, 05:20:27 PM I will give it a try later today.. Sure it was done through the form and not through FTP? Nearly positive. I was told by the hacker it was done through the login form. First he modified the login page, then probably grabbed my SQL login through a similar manner. Or... that's just a red herring. I highly doubt a SQL exploit can modify web pages. I never said it was an SQLi. I just know it used the login form that uses an SQL database, and he just managed to grab my SQL info for other purposes after breaking my form. Quote from: johnnyfla123 on June 19, 2013, 06:05:22 PM do you have brute force protection as well? because someone can just run bruteforce until it pops a correct user and pass. That isn't the issue here.

434

Economy / Services / Re: Hack my site, receive bitcoins

on: June 19, 2013, 05:39:11 PM

Quote from: td204 on June 19, 2013, 05:20:27 PM I will give it a try later today.. Sure it was done through the form and not through FTP? Nearly positive. I was told by the hacker it was done through the login form. First he modified the login page, then probably grabbed my SQL login through a similar manner.

435

Economy / Services / Re: Hack my site, receive bitcoins

on: June 19, 2013, 05:16:01 PM

Quote from: ReCat on June 19, 2013, 05:12:25 PM Perhaps it's something else. http://httpd.apache.org/security/vulnerabilities_22.html Here there seems to be some documented vulnerabilities for the version of the webserver you are running. Perhaps that's why and perhaps you should update to the latest version? I'm fairly certain the exploit uses my login form and not an apache exploit.

436

Economy / Services / Re: Hack my site, receive bitcoins

on: June 19, 2013, 04:38:31 PM

Quote from: ReCat on June 19, 2013, 04:34:11 PM Were the credentials for the database the same as credentials for ssh or any other file server running? No.

437

Economy / Services / Re: Hack my site, receive bitcoins

on: June 19, 2013, 04:29:50 PM

Quote from: ReCat on June 19, 2013, 04:27:04 PM Have you got input sanitation in place? I think the method they used was simply SQL Injection. I can't test, though, since the database is either offline or the form php file isn't configured correctly. But you just have to prevent SQL injection by sanitizing the input. Php.net has a huge article all about it. http://php.net/manual/en/security.database.sql-injection.php Shows common attacks, and the solution. "Never connect to the database as a superuser or as the database owner. Use always customized users with very limited privileges." Sanitize anything coming from the client that you're going to insert into a database using mysqli_real_escape_string. PHP.Net documentation for that here http://www.php.net/manual/en/mysqli.real-escape-string.php The was the first thing I took a look at. No changes in the database, and even if they were, I don't see how it would cause the page itself to be modified on load pre-login.

438

Economy / Services / Hack my site, receive bitcoins

on: June 19, 2013, 04:03:19 PM

http://198.12.67.18/test A few days ago someone got into my server, got my SQL credentials (located @ config.php), and modified some files and other shenanigans using the login form above. I'm unsure how it was done and I'd like to know if someone could hack it again. I'm not offering much - 0.05BTC - but the coins are yours for repeating what he did and letting me know how it was done. It only took them a couple minutes, and the form there should be enough. The exploit uses login.php.

439

Economy / Service Discussion / Re: MtGox Alerter?

on: May 29, 2013, 09:48:32 AM

Quote from: lollipierre on May 26, 2013, 08:11:17 AM Quote from: n4ru on May 23, 2013, 09:42:39 PM Quote from: lollipierre on May 22, 2013, 03:59:37 PM You can use BitcoinMonk for this. >Paying over $1 for each alert Err... No It's BTC 0.002 per alert with BitcoinMonk... Not at the time of your post it wasn't.

440

Economy / Service Discussion / Re: MtGox Alerter?

on: May 23, 2013, 09:42:39 PM

Quote from: lollipierre on May 22, 2013, 03:59:37 PM You can use BitcoinMonk for this. >Paying over $1 for each alert

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 [22] 23 24 »