Gossamer Forum
Home : Products : DBMan : Discussions :

Hacker used DBman to get at me!

Quote Reply
Hacker used DBman to get at me!
I installed DBman on my website last December. It took me a while to configure as I'm not an expert at this game. I was very pleased to see it working finally and it has been very useful to the members of my professional association who use it.

Just two days ago I went onto my site and found someone had hacked in and disabled the Bulletin Boards on the site. I was able to restore the systems after some work, and the hacker appears not to have done much other harm. I suppose I should consider myself lucky.
I checked the access/error logs on the site and could see the evidence this person left. Including his/her IP address.
I contacted my server supplier to ask for their help.

Imagine my surprise when they pointed out to me that the hacker had used the DBman perl script on my site to make his way in! I'm really angry that this software seems to be a backdoor through which people like this can enter my site. I'm thinking of deleting the script, as this is what my server customer reps recommend.

Is there a known weakness that is being exploited here? Can I do anything to stop this git before it happens again...I have to act fast obviously, I can't let him wreck this site.

Any advice would be welcome.

Quote Reply
Re: Hacker used DBman to get at me! In reply to
Which version of DBMAN are you using???

A security "patch" was added to the most recent version (v.2.05, I believe)...

If you search this forum for Security Bug, you should find a few threads where a security loophole was identified and codes were provided to fix it.

Good luck!

Regards,

Eliot Lee Wink
http://anthrotech.com/
Quote Reply
Re: Hacker used DBman to get at me! In reply to
Hi Mikey,

Can you let us know the conclusion on your original post?

I'm sure there are plenty of interested readers on this one!


Thanks

Keef

Quote Reply
Re: Hacker used DBman to get at me! In reply to
In Reply To:
Imagine my surprise when they pointed out to me that the hacker had used the DBman perl script on my site to make his way in!
Please ask them what led them to that conclusion? I'd be very interested to hear!

Cheers,

Alex

--
Gossamer Threads Inc.