7amomah Posted September 21, 2008 Share Posted September 21, 2008 me and my friends , we have a website actually it is forum ( vBulletin Version 3.5.1) for our study and these r the server scan results from whois.sc Apache/1.3.41 (Unix) PHP/5.2.5 mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.7a if someone threatened me to kack our website what is he gonna do what r the steps , the exploits , that the hacker can use to hack our website and how do they gonna do it ?? and finally im i in danger ??! i hope everybody will think just for today as if they r that person ,, and put all what in your mind here Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted September 21, 2008 Share Posted September 21, 2008 You are in grave danger young apprentice. For there is a force much greater than you that wants noting more to take down you site for lulz. The best thing to do it not talk to anyone, that way you dont piss them off. No. but seriously no one here is going to do the work for you.. Google exploits for VB and see what exploits exist for your version and how to patched them. If you are on the Internet you can get hacked... maybe not today but eventually some one will. Its cool that your young and running your own server but for serious google that shit Quote Link to comment Share on other sites More sharing options...
Sparda Posted September 21, 2008 Share Posted September 21, 2008 me and my friends , we have a website actually it is forum ( vBulletin Version 3.5.1) for our study and these r the server scan results from whois.sc Apache/1.3.41 (Unix) PHP/5.2.5 mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.7a if someone threatened me to kack our website what is he gonna do what r the steps , the exploits , that the hacker can use to hack our website and how do they gonna do it ?? and finally im i in danger ??! i hope everybody will think just for today as if they r that person ,, and put all what in your mind here Once you take vBulletin off your server, it is far harder to brake into. Quote Link to comment Share on other sites More sharing options...
digip Posted September 21, 2008 Share Posted September 21, 2008 Also, turn off all front page extensions, update your SSL and if possible, add a package like Suosin to harden your PHP. Good luck. Your SSL has had 3 updates since 2007 and is vulnerable to attacks. Quote Link to comment Share on other sites More sharing options...
Xarf Posted September 21, 2008 Share Posted September 21, 2008 Exploits are released daily that are aimed at forums. Generally speaking as long as you use a reputable forum and keep your forum version up to date you'll be ok! Quote Link to comment Share on other sites More sharing options...
digip Posted September 21, 2008 Share Posted September 21, 2008 Exploits are released daily that are aimed at forums. Generally speaking as long as you use a reputable forum and keep your forum version up to date you'll be ok! Its not always just the forum software that is an issue. Your PHP configuation, version, etc paly a roll in this. Any server addons and software, including the OS your running. Really when it comes down to it, the internet is a crap shoot of how long it will be before someone gets into your website. Quote Link to comment Share on other sites More sharing options...
7amomah Posted September 21, 2008 Author Share Posted September 21, 2008 You are in grave danger young apprentice. For there is a force much greater than you that wants noting more to take down you site for lulz. please i wanna fight .. just guide me to say something like that it mean ..... it is eaaaaaaaaaasy so easy ... but i cant get it .. Once you take vBulletin off your server, it is far harder to brake into. i like your posts .. there r always short ... mean alot ... but for me can u make it long and can u tell me why not VB ?? give me the weakness .. i will patch them Your SSL has had 3 updates since 2007 and is vulnerable to attacks. i will ,, but cant anyone hack the last version ( not proffessional ) Exploits are released daily that are aimed at forums. Generally speaking as long as you use a reputable forum and keep your forum version up to date you'll be ok! but i read that this version is one of the most stable ones ,, Vista is not nessessary more secure than XP ,, im i right ? or if u know something about this version in particular just let me know .. please Its not always just the forum software that is an issue. Your PHP configuation, version, etc paly a roll in this. Any server addons and software, including the OS your running. Really when it comes down to it, the internet is a crap shoot of how long it will be before someone gets into your website. u want to make harder .. >>>> in general im thankful to all of u but teaching me how to fish , better tha giving me the one fish Quote Link to comment Share on other sites More sharing options...
Sparda Posted September 21, 2008 Share Posted September 21, 2008 but teaching me how to fish , better tha giving me the one fish http://www.sans.org/ Quote Link to comment Share on other sites More sharing options...
moonlit Posted September 22, 2008 Share Posted September 22, 2008 Perhaps teaching someone how to fish is better than giving them a single fish. Perhaps telling someone how to break a particular server using step by step instructions is akin to supplying the lonesome fish when compared to the hint that a little research on one's own will provide much more fruitful results (or fishful, maybe?). Quote Link to comment Share on other sites More sharing options...
shido Posted September 22, 2008 Share Posted September 22, 2008 maybe you should take all the services that you have running and just do a little research on how to exploit the services, that way when someone does decide to show you step by step then you will be able to understand it more clearly and that way youll know why and how to patch up your system...Well thats just a thought, use it, dont use, the choice is yours Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted September 22, 2008 Share Posted September 22, 2008 i love fish Quote Link to comment Share on other sites More sharing options...
7amomah Posted September 22, 2008 Author Share Posted September 22, 2008 by the way ,, im a medical student ,, so i dont have that much time to " research on how to exploit the services " and at the same time that server took alot form my pocket ,, i cant hire someone so to do the" penetration test " im not asking anyone to do the " homework " for me ,, im just looking for the shortest way to know how someone can attack that particular server ,, and how can i "defend " but that SANS seems great ( if it is free ,, & on spare times) Quote Link to comment Share on other sites More sharing options...
digip Posted September 22, 2008 Share Posted September 22, 2008 im just looking for the shortest way to know how someone can attack that particular server ,, and how can i "defend" Um, in my previosu post I mentiond to secure it, you should: turn off all front page extensions, update your SSL and if possible, add a package like Suosin to harden your PHP. Good luck. Your SSL has had 3 updates since 2007 and is vulnerable to attacks. So, if you want somethign to look for to exploit, search for: front page extensions, SSL and PHP. Your SSL has had 3 updates since 2007 and is vulnerable to attacks. Im not sure how much more clear people can be. You know the software on the server, search for its version and any bugs it may have. No one here is going to hack you server for you, we don't even know if it is your server you are talking about. Quote Link to comment Share on other sites More sharing options...
7amomah Posted September 25, 2008 Author Share Posted September 25, 2008 digib >>> i appreciaite what us wrote ,, & im on it .. but u seem so angry ,, anyway ... i will search for the exploits ,, then will inform u what i got Quote Link to comment Share on other sites More sharing options...
digip Posted September 25, 2008 Share Posted September 25, 2008 digib >>> i appreciaite what us wrote ,, & im on it .. but u seem so angry ,, anyway ... i will search for the exploits ,, then will inform u what i got No anger intended. :) Just trying to make sure you understand the threats are real and you need to patch it if possible. Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted September 25, 2008 Share Posted September 25, 2008 whats the website Quote Link to comment Share on other sites More sharing options...
MRGRIM Posted September 26, 2008 Share Posted September 26, 2008 Just updated all those services, and keep them up to date. Sorry, but I am very sceptical when people come here and say "Hoi Guys! So.... I got like a home server that I want to hack" Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted September 29, 2008 Share Posted September 29, 2008 Just updated all those services, and keep them up to date. Sorry, but I am very skeptical when people come here and say "Hoi Guys! So.... I got like a home server that I want to hack" The way i learned some of my penetration skills was with DVM, damn vulnerable linux, it is really a big help and a great teaching tool.. not a distro i would boot into though Quote Link to comment Share on other sites More sharing options...
7amomah Posted October 1, 2008 Author Share Posted October 1, 2008 DingleBerries , i owe u alot ,, actually to all of u i will get that DVM , but now i've found some exploits specially to that VB ,, i understand now this Exploits are released daily that are aimed at forums as soon as i get the results of my training ,, it will be posted here ,, thanx again D.B Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.