Page 3 of 5
Posted: Tue Nov 04, 2003 3:52 am
by Cryptic Moon
ahhaha we got pwned fatty style
Posted: Tue Nov 04, 2003 10:21 am
by Pain-Killer
Hehe good and proper. Well hats off to 'em.Perfect.BR are a group of Brazilian site defacement hackers who find backdoors in Apache using sites (which ours is) and then redirects every single URL to one of their templates. Such as the one we had or "You were owned by Perfect.BR" etc.From what I've managed to find out about them, in a recent hacking competition where the goal was to hack as many sites as possible during a certain weekend they won with 192 points (over 2.5 times that of 2nd place). So they do know what they're doing.Here's a couple of sites with info on them:
http://www.dominasecurity.com/hackerz/p ... try9366And I know the majority of you don't use pHp but to those who do, or intend to at some point I think I've found where they got in and for users of phpnuke 6.x you will need to open up your '/modules/News/index.php' file and find:[code:1:f6e3c36aa0]function rate_article($sid, $score) { global $prefix, $dbi, $ratecookie, $sitename, $r_options; if ($score) {if (isset($ratecookie)) { $rcookie = base64_decode($ratecookie); $r_cookie = explode(":", $rcookie);}for ($i=0; $i < sizeof($r_cookie); $i++) { if ($r_cookie[$i] == $sid) {$a = 1; }}if ($a == 1) { Header("Location:modules.php?name=News&op=rate_complete&sid=$sid&rated=1");} else { $result = sql_query("update ".$prefix."_stories set score=score+$score,ratings=ratings+1 where sid='$sid'", $dbi); $info = base64_encode("$rcookie$sid:"); setcookie("ratecookie","$info",time()+3600); Header("Location:modules.php?name=News&op=rate_complete&sid=$sid$r_options");} } else {include("header.php");title("$sitename: "._ARTICLERATING."");OpenTable();echo "<center>"._DIDNTRATE."<br><br>" .""._GOBACK."</center>";CloseTable();include("footer.php"); }}[/code:1:f6e3c36aa0]Then replace with:[code:1:f6e3c36aa0]function rate_article($sid, $score) { global $prefix, $dbi, $ratecookie, $sitename, $r_options; $score = intval($score); if ($score) { if ($score > 5) { $score = 5; } if ($score < 1) { $score = 1; } if ($score != 1 AND $score != 2 AND $score != 3 AND $score != 4 AND$score != 5) { Header("Location: index.php"); die(); } if (isset($ratecookie)) { $rcookie = base64_decode($ratecookie); $r_cookie = explode(":", $rcookie); } for ($i=0; $i < sizeof($r_cookie); $i++) { if ($r_cookie[$i] == $sid) { $a = 1; } } if ($a == 1) { Header("Location:modules.php?name=News&op=rate_complete&sid=$sid&rated=1"); } else { $result = sql_query("update ".$prefix."_stories setscore=score+$score, ratings=ratings+1 where sid='$sid'", $dbi); $info = base64_encode("$rcookie$sid:"); setcookie("ratecookie","$info",time()+3600); Header("Location:modules.php?name=News&op=rate_complete&sid=$sid$r_options"); } } else { include("header.php"); title("$sitename: "._ARTICLERATING.""); OpenTable(); echo "<center>"._DIDNTRATE."<br><br>" .""._GOBACK."</center>"; CloseTable(); include("footer.php"); }}[/code:1:f6e3c36aa0]Everything should be all back up and running now (finally!) but please be on the lookout for any bugs or errors that you find and let me know so I can fix them. Thanks.errm yes.... lol
jees why do they hack sites.. thats stupid
Posted: Tue Nov 04, 2003 12:16 pm
by Andal
what did they done ?
Posted: Tue Nov 04, 2003 12:26 pm
by Andal
ok read it ...just for competition !so we get owned by the best hackers !!cu
Posted: Tue Nov 04, 2003 12:45 pm
by FailedMunchkin
Oh yeah, BTW guys. Either the site was hacked again last night or the hosts were down?
Posted: Tue Nov 04, 2003 1:20 pm
by Snape
Nah that was wickedservers fault, they host our domain and they were down for a couple of hours.Everything should be funky again, and I've fixed the rank stars too.
Posted: Tue Nov 04, 2003 1:52 pm
by Pain-Killer
duh snape i know just a bit about html so what exactly did they do (god believe me i dont want to hack the site just want to know it)
Posted: Tue Nov 04, 2003 3:18 pm
by Ang=eL
ok now u guys make them look like idiots ????and nice avatar gemz like christan!!!!
Posted: Tue Nov 04, 2003 3:22 pm
by ZeroEnna
They didnt hack html based code, they hacked PHP based cose and PHP based code is nothing like HTML, trust me PHP is to hard for your lil brain Pain.
Posted: Tue Nov 04, 2003 3:25 pm
by Ang=eL
lol dam