thx for the info.
Thanks for the heads up I'll look out for him
I fap because I must!
Some sites are more secure than others, but come on, if a hacker can get into the FBI or NSA then im sure a torrent tracker will be a pretty easy target, doesnt matter how many scripts we have on there.
Nothing, and i mean Nothing is secure on the net, you might believe it is, but its not.
All we can do is plug all the obvious holes, and some not so obvious, some trackers obviously had a hole, others didnt, im pleased to say we didnt this time around.
This happened to one of my sysops last year.
Someone sent me and him a link, saying it was a replica site of ours, and someone was getting accounts/passwords getting members to sign into it.
Of course, he clicked the link (so did i will be honest but we went first) and it had a cookie grabber on. within 2 minutes he was locked out of his account, (even though we didnt know this till 30 minutes later) and we had a bit in the control panel, where you could execute MYSQL queries. (Which came with the source we were using btw, we didnt put it there).
so he just ran a truncate the database query, in a split second everything was gone, into thin air, and we didnt have any backups (we had just started a couple of months earlier, on the host we were on and with the source we were using).
The good part about this is, hopefully trackers that have been affected, and even those that have not, will look even more closely at their code, and fix any holes they see.
But nothing is unhackable if your good enough.
This sounds intersting, how do you take over a sysop acc anyway.
Last edited by rogerse; 02-26-2008 at 10:54 PM.
Thanks for the information provided.
Bookmarks