vunerabilities

Started by rickandmary, April 08, 2013, 06:00:23 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Mindless

#2
Right -= into access.log - get the time these attacks happened, check all the get requests, there will be trace, no cunt can do it without leaving a sig, apache error log, mysql error log, do you use bitbucket.php ?
Basically get the code audited, every post and get or request sanitized, get all mysql querys sanitized, ensure all user submitted data is safe, you need to trawl that code and find the hole, i may be able to identify if i see your source. More and likely a cookie theft via Xss if its your ip shown

You can only pawn code through certain doors, sql injection is easy, so is Xss, if he's managing to do it from your account i know for a fact whats going on. That's some bullshit script kiddie,m because if that was me or some pro hacking you then it would be your whole server pawned, code the lot, that fucker is using stupid methods, like your account, so its xss

rickandmary

I am running tbdev 09, someone seems to have got in and started manually deleting torrents, unbanning users, deleting forums etc and log is showing it as my nick. I am not sure how they are doing this and i changed my password 5 times and it's made no difference, a few other sites running the same version as me have suffered the same fate. If anyone could help would be much appreciated