Gossamer Forum
Home : Products : DBMan : Discussions :

We've had a hacker

Quote Reply
We've had a hacker
Hi, someone's hacked into our database and deleted a couple of hundred records. They enter the database with the username "hacker" and "hacker1".

Has anyone else had this problem, did they get easy access somehow? How can we stop this?

Scall

Quote Reply
Re: We've had a hacker In reply to
My first guess would be that permissions were not properly set-up on your database. Can you save your default.cfg file as a text file and upload it to your server where the file can be reviewed? Post the url after you've uploaded the file.

Quote Reply
Re: We've had a hacker In reply to
Karen,

We've found out what they've done. Guessed the password, made their own user and deleted hundreds of records at a time...

I never thought the site was popular enough to be broken into...well, it happened to Microsoft and Netscape didn't it?

Scall

Quote Reply
Re: We've had a hacker In reply to
Do you have your .pass and .db files in a password protected directory??? If not, you should. If the files are publicly accessible meaning that they are not in a password protected directory, then hackers can use robot spider hacker programs to find the files and then open them. I would also recommend changing the name of the .pass and .db files.

Regards,

Eliot Lee
Quote Reply
Re: We've had a hacker In reply to
hi all of you

does anyone know what happened to loisC?

mail thru send private stayed unanswered as did emails, when the're not returned

her last post was on oct 23rd!!!

we were suppose to receive Help

this is most disturbing as to why no one mentioned her absence! is Alex aware of this situation?

we still hope she's well and will be back soon

cheers
macagy

http://www.loudwind.com









Quote Reply
Re: We've had a hacker In reply to
hi eliot,
how do you pwd those 2 files?
when you change the names of thoses files how many places to your knowledge in the script are effected

a last question for tonight, if you can answer that; how come when keying bd.cgi on the address bar you're directed to the login page ?

thanks for your time

cheersSmile
macagy



Quote Reply
Re: We've had a hacker In reply to
In Reply To:
how do you pwd those 2 files?
1) Put the files (default.pass, default.db) in another directory called something like data.
2) Use .htaccess/.htpasswd to password protect the new directory (data).
3) Then change the values in the default.cfg. You will have to use the complete absolute path for the database file and password variable configurations, since the files are no longer located in $db_script_path.

In Reply To:
when you change the names of thoses files how many places to your knowledge in the script are effected
Well, if you have not hacked the files too much, you simply change the values of the variables at the top of the default.cfg as I mentioned above.

In Reply To:
a last question for tonight, if you can answer that; how come when keying bd.cgi on the address bar you're directed to the login page ?
Uh...that is how DBMAN works! If you want people to go to the Main Menu or page created by the sub html_home routine, then (as discussed quite a few times in the DBMAN forums), you add the following parameters in the query string:

Code:

&db=default&uid=default


Like the following:

Code:

<a href="http://www.yourdomain.com/cgi-bin/dbman/db.cgi?db=default&uid=default">Enter DBMAN</a>



Regards,

Eliot Lee
Quote Reply
Re: We've had a hacker In reply to
hi eliot,
thank you for your reply. i do appreciate your immediate attention. COOL!!!
you the veteran in this forum can you tell me if this following is of nature to scare off any user of .htaccess/.htpasswd it might be of interest to all
===============================
.....There are several problems with relying on .htaccess files too heavily. One is that with access control files scattered all over the document hierarchy, there is no central place where the access policy for the site is clearly set out. Another problem is that it is easy for these files to get modified or overwritten inadvertently, opening up a section of the document tree to the public. Finally, there is a bug in many servers (including the NCSA server) that allows the access control files to be fetched just like any other file using a URL such as:
http://your.site.com/protected/directory/.htaccess
This is clearly an undesirable feature since it gives out important information about your system, including the location of the server password file.
Another problem with the the per-directory access files is that if you ever need to change the server software, it's a lot easier to update a single central access control file than to search and fix a hundred small files.

any comments on that?

i'm working on the rest of your reply! i'll keep you posted

thanks a bunch

cheersSmile
macagy