TFSCMS Beta 2 vulnerable? I got hacked.

[Znote]

I got this in my frontpage:

Perhaps im lucky and got hacked by a nice team. But im not sure about their damage yet.

Perhaps the TFSCMS is vulnerable? Im not sure.

I got owned.

 

[Mark]

TFSCMS is NOT vulnerable. I would be really surprised if you found a single security leak that could be triggered with unmodified TFSCMS code and an unmodified database structure.

You should keep things like Apache, PHP, MySQL and TFS (.. and other services you are running) up to date to prevent this.

If you're using GNU/Linux: run the update, upgrade and dist-upgrade process daily from your package manager (Debian-based: apt, RHEL-based: yum, Gentoo: emerge) to make sure you have everything up to date. Shouldn't take more than 10 seconds to check. If you're using PECL/PEAR packages you might also want to run: pecl update-channels && pear update-channels && pecl upgrade-all && pear upgrade-all

 

[Znote]

Oki, I guess it might be my signature thing that is vulnerable then or something else thats connected to the database.


(Remember i fixed signatures, and like the next day i got hacked) <.<

Also modified the players online table a bit to make it work properly. (Cato did).

 

[Mark]

Oki, I guess it might be my signature thing that is vulnerable then or something else thats connected to the database.


(Remember i fixed signatures, and like the next day i got hacked) <.<

Also modified the players online table a bit to make it work properly. (Cato did).

If you can post your signature script and the changes you made in players online table, I could check them for possible vulnerabilities.

 

[ntmr]

This team write noob exploits, you can find it on some exploit sites.

Probably you have register_globals, remote file inclusion or other bad things enabled on your php config..

hardening apache php - Google Search

In addition: don't use xampp, please

 

[JayBeee]

I got this in my frontpage:

Perhaps im lucky and got hacked by a nice team. But im not sure about their damage yet.

Perhaps the TFSCMS is vulnerable? Im not sure.

I got owned.

There's apparently more people that this has happened to. Just talking to a guy on MSN. The guy is apparently 14 years old and has probably found some security leak in the current apache version or something.

Hans MSN address är tydligen [email protected]

 

[Rabbe]

Pwned

Didnt ruin anything, just showed off my skillz. and no i didnt download some program from the internet that i used, i aint a scriptkiddie no matter what u think

 

[Fjällturken]

We all know this 14 year old is not 14, he's 16 and we are 2 peoples, and Talaturen u don't know shit as always.. AND YES YOU GOT OWNED

 

[THaxix]

Dude same thing just happend to me they hackers msn is: [email protected]
he added my msn and tryed to sell back my rl tibia acc for rl cash

AND exaclty the same thing website i got

 

[Rabbe]

Haha guess your "Kenny", it was my friend who was like "omgomg u guys haxxed kenny omgomgmog! sell me his accs"

rofl



btw:

http://sst.web44.net/index.php

 

[Mark]

We all know this 14 year old is not 14, he's 16 and we are 2 peoples, and Talaturen u don't know shit as always.. AND YES YOU GOT OWNED

I know more than you scriptkiddies. You think you can hack? http://softcores.otland.net/, good luck & have fun.

@THAxix/Znote:
Here's some information about one of them (IIRC it's Svenskpopis) if you want to take legal actions against him:
Lars Jonatan Mikael Olsson
1992-04-01
Vasagatan 4
Härnösand
IP: 78.82.205.54

 

[kornholi]

gogo rabbe and svenskpopis think they are roxxor

 

[Fjällturken]

I know more than you scriptkiddies. You think you can hack? http://softcores.otland.net/, good luck & have fun.

omg ur still a fucking retard, there are people that can defend, and there is a way around, but im not guys like you that spending all day long, managing a webpage based on not even a legit game..
So.. don't tell me what to do..

 

[Rabbe]

I didnt say we knew more then you, i said we're not fuckin scriptkiddies

 

[JayBeee]

You just said that Tala didn't know anything, I think that's pretty much saying that you know more than him, don't you think?

 

[THaxix]

Thx talaturen i will Repport to the police the frist thing in moring i bot boths ip and ur info thx alot

@THAxix/Znote:
Here's some information about one of them (IIRC it's Svenskpopis) if you want to take legal actions against him:
Lars Jonatan Mikael Olsson
1992-04-01
Vasagatan 4
Härnösand
IP: 78.82.205.54

 

[Mark]

I didnt say we knew more then you, i said we're not fuckin scriptkiddies

Really? I found this on your httpd: Simple XSS vulnerability by Xylitol

 

[Fjällturken]

Thx talaturen i will Repport to the police the frist thing in moring i bot boths ip and ur info thx alot

@THAxix/Znote:
Here's some information about one of them (IIRC it's Svenskpopis) if you want to take legal actions against him:
Lars Jonatan Mikael Olsson
1992-04-01
Vasagatan 4
Härnösand
IP: 78.82.205.54

so it's for the greater good ^^ nj0y

 

[Rabbe]

ahuahuahauhauhaeuaheuaeh

 

[Jester]

They are just scriptkiddies, getting some sources from google and they think they are cool.