Comments on: Hack attack in progress http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/ Philippines, Technology News & Reviews Sat, 22 Nov 2008 20:33:03 +0000 http://wordpress.org/?v=2.6.3 By: Teenburg http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-218253 Teenburg Mon, 21 Apr 2008 14:09:46 +0000 http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-218253 i'm use WP Security Scan 2.2.56.49 plugin i’m use WP Security Scan 2.2.56.49 plugin

]]> By: henryc http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-209939 henryc Tue, 25 Dec 2007 09:02:02 +0000 http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-209939 I think auction.ph hae problem right now specially the One Peso auction fever of auction.ph since December 24,2007 4:00 pm event... right now the 3 auction.ph One Peso auction.ph no one can bid.. December 25,2007 10:00 Am MAGIC SING 2:00 pm LCD MONITOR 4:00 PM OLYMPUS FE-270 DIGITAL CAMERA I think auction.ph hae problem right now specially the One Peso auction fever of auction.ph since December 24,2007 4:00 pm event… right now the 3 auction.ph One Peso auction.ph no one can bid..

December 25,2007 10:00 Am MAGIC SING
2:00 pm LCD MONITOR
4:00 PM OLYMPUS FE-270 DIGITAL CAMERA

]]> By: Bob Maguire http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149386 Bob Maguire Wed, 01 Aug 2007 04:49:56 +0000 http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149386 Just wanted to add a bit more. It wasn't Wordpress or my blog that was hacked, but a different 3rd-party PHP app on a different server, just in case that wasn't totally clear. For my particular hack, permissions wouldn't have helped much as it essentially gave them as much rights as the web server process itself (which was not root, but enough to create zombies or other web-based daemons). What actually saved me was the server runs on a PPC and not X86 platform, so most of their executables they tried to upload didn't work. And whether it's PHP, ASP, JSP, or whatever, the message is still the same. Anytime to use stuff from a third-party, you're opening yourself to potential vulnerabilities. Mine's been closed for a while now, but it sure hasn't stopped them from still trying. :) Just wanted to add a bit more. It wasn’t Wordpress or my blog that was hacked, but a different 3rd-party PHP app on a different server, just in case that wasn’t totally clear.

For my particular hack, permissions wouldn’t have helped much as it essentially gave them as much rights as the web server process itself (which was not root, but enough to create zombies or other web-based daemons). What actually saved me was the server runs on a PPC and not X86 platform, so most of their executables they tried to upload didn’t work.

And whether it’s PHP, ASP, JSP, or whatever, the message is still the same. Anytime to use stuff from a third-party, you’re opening yourself to potential vulnerabilities.

Mine’s been closed for a while now, but it sure hasn’t stopped them from still trying. :)

]]> By: wites http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149333 wites Tue, 31 Jul 2007 03:17:58 +0000 http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149333 since wordpress is built under php, there's more to it than just upgrading to the latest version. one way of securing your blog or any websites that run php should check their php config (php.ini) for "disable_functions" here are some of the commonly abused php functions that should be disabled show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen but be warned that some client web scripts may break with some of these functions disabled. since wordpress is built under php, there’s more to it than just upgrading to the latest version. one way of securing your blog or any websites that run php should check their php config (php.ini) for “disable_functions”

here are some of the commonly abused php functions that should be disabled

show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen

but be warned that some client web scripts may break with some of these functions disabled.

]]> By: Michael Russell http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149317 Michael Russell Mon, 30 Jul 2007 18:37:33 +0000 http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149317 Thanks for the link! Fortunately, I wasn't hacked. A PHP hack doesn't do much if your site is running ASP.NET. ;) Thanks for the link!

Fortunately, I wasn’t hacked. A PHP hack doesn’t do much if your site is running ASP.NET. ;)

]]> By: eric http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149310 eric Mon, 30 Jul 2007 16:09:29 +0000 http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149310 hay nakakatakot naman... boss abe, pwede makapa upgrade ng WP ko. pag di ka na busy. thanks! hay nakakatakot naman…

boss abe, pwede makapa upgrade ng WP ko. pag di ka na busy.

thanks!

]]> By: Jaypee http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149307 Jaypee Mon, 30 Jul 2007 14:58:11 +0000 http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149307 A lot of blogs have been defaced recently. One notable site that was recently hacked was CSS Remix. That's why it's always advisable to have a backup of your DB offline in case of emergency. Good luck with the hack attacks! :D A lot of blogs have been defaced recently. One notable site that was recently hacked was CSS Remix.

That’s why it’s always advisable to have a backup of your DB offline in case of emergency.

Good luck with the hack attacks! :D

]]> By: jhay http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149302 jhay Mon, 30 Jul 2007 12:51:40 +0000 http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149302 I think I was hacked before when the Ploghost server that hosted the .com.ph blogs went hay-wired just before the MOA Blogger meetup. My blog's DB was wiped clean! Good thing I had backups on standby, otherwise, I'd gone insane! ;) I think I was hacked before when the Ploghost server that hosted the .com.ph blogs went hay-wired just before the MOA Blogger meetup.

My blog’s DB was wiped clean! Good thing I had backups on standby, otherwise, I’d gone insane! ;)

]]> By: Manuel Viloria http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149296 Manuel Viloria Mon, 30 Jul 2007 10:55:27 +0000 http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149296 I've seen that attempted on sites with the Amember membership script. It's as if someone is trying to get hold of usernames and passwords so that they can log into the members-only folder. I’ve seen that attempted on sites with the Amember membership script. It’s as if someone is trying to get hold of usernames and passwords so that they can log into the members-only folder.

]]> By: sparks http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149290 sparks Mon, 30 Jul 2007 08:48:29 +0000 http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149290 Nakakatakot naman itong post na ito. :( Nakakatakot naman itong post na ito. :(

]]> By: jozzua http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149258 jozzua Mon, 30 Jul 2007 07:43:18 +0000 http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149258 Annoying.. hack attacks. Good luck with it Abe. Annoying.. hack attacks. Good luck with it Abe.

]]> By: yuga http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149242 yuga Mon, 30 Jul 2007 04:28:23 +0000 http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149242 skiper, yup dude, read about it last Saturday. Wasn't able to comment kase closed ata. but thanks for the info. :) skiper, yup dude, read about it last Saturday. Wasn’t able to comment kase closed ata. but thanks for the info. :)

]]> By: skiper http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149241 skiper Mon, 30 Jul 2007 04:25:16 +0000 http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149241 Yuga, I encountered error on your site last friday and I blogged about it.. Check this out. This might help. http://skiper.pinoyanswers.com/yugatechs-blog-encountered-internal-server-error/ Yuga, I encountered error on your site last friday and I blogged about it..

Check this out. This might help.
http://skiper.pinoyanswers.com/yugatechs-blog-encountered-internal-server-error/

]]> By: yuga http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149239 yuga Mon, 30 Jul 2007 03:38:37 +0000 http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149239 @ Bob - lessons learned. ;) @ Dorene - I suggest 644, unless otherwise specified by the app. @ journeyist - yup, less is more secure. If you're on BlgoSpot, LiveJournal or other hosted sites, less worry for you since it's the provider that takes care of it. Plugins pose more threat because they come from varying sources. @ Bob - lessons learned. ;)

@ Dorene - I suggest 644, unless otherwise specified by the app.

@ journeyist - yup, less is more secure. If you’re on BlgoSpot, LiveJournal or other hosted sites, less worry for you since it’s the provider that takes care of it. Plugins pose more threat because they come from varying sources.

]]> By: journeyist http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149238 journeyist Mon, 30 Jul 2007 03:34:36 +0000 http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149238 Does this mean a blog is LESS vulnerable if it has no plugins? ...and just curious, is this vulnerability issue via plugins also present when using other blogging platforms, like blogspot for instance? Does this mean a blog is LESS vulnerable if it has no plugins?

…and just curious, is this vulnerability issue via plugins also present when using other blogging platforms, like blogspot for instance?

]]> By: Dorene http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149229 Dorene Mon, 30 Jul 2007 02:29:59 +0000 http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149229 What should be the permission code if not 777? What should be the permission code if not 777?

]]> By: Bob Maguire http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149219 Bob Maguire Mon, 30 Jul 2007 01:11:34 +0000 http://www.yugatech.com/blog/the-internet/hack-attack-in-progress/#comment-149219 Yes, a very important warning indeed. If I could just add emphasis on the "upgrade to the latest stable version" part, that's how I got bitten. Actually, the provider of the software that had the vulnerability in it, discovered the problem and quickly provided a fix on the mailing list, of which I was a member. However, I put it on my "to do" list where I promptly forgot about it and never applied the fix, only to get hacked a month or so later. So yes, keep your software and plug-ins up to date! bob Yes, a very important warning indeed. If I could just add emphasis on the “upgrade to the latest stable version” part, that’s how I got bitten. Actually, the provider of the software that had the vulnerability in it, discovered the problem and quickly provided a fix on the mailing list, of which I was a member. However, I put it on my “to do” list where I promptly forgot about it and never applied the fix, only to get hacked a month or so later.

So yes, keep your software and plug-ins up to date!

bob

]]>