HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 46 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Malwarearrow Need Help Regarding Forum Deleting
EH-Net
May 21, 2013, 02:44:13 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Need Help Regarding Forum Deleting  (Read 4563 times)
0 Members and 1 Guest are viewing this topic.
Wooddny
Newbie
*
Offline Offline

Posts: 4


View Profile
« on: August 08, 2007, 09:33:06 AM »
My problem is, Im playing/Moderating a text based RPG online. One of the little nubs on it has a script or something that keeps deleting all standard forum posts ... Hes entering something somewhere, Just what? Any Help  Huh
Logged
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4165


Editor-In-Chief


View Profile WWW
« Reply #1 on: August 08, 2007, 09:49:58 AM »
Welcome to EH-Net.

We probably can't help much without a lot more info, but here's a few things to go on:

Do you own/control the box on which it is hosted? You could always use the web app/CMS to ban the user and block access by IP (although this may inadvertantly block legitimate users from the same ISP). Also, you can do the same in the firewall to prevent the user from even touching the app. Even some hosting services offer this ability if you don't run the servers in house.

Are you using a proprietary system that you coded or is this some third party app? If the latter, try their forums or support system.

Of course, the nub already got in, so you can never be sure how deep he got. Do you have BUs? You could restore the files to a particular date in time and then migrate the current db. Usually in systems like this, the files are completely separate from the db.

Then again, we don't know where he got in or what he did. So check your server logs for access and file transfers.

Hope this helps,
Don
Logged
CISSP, MCSE, CSTA, Security+ SME
Wooddny
Newbie
*
Offline Offline

Posts: 4


View Profile
« Reply #2 on: August 08, 2007, 10:07:08 AM »
He may not have gotten anywhere, im not the Owner of the site, Hes busy atm.
We think he may just be entering a code or something as theres no pattern to the wipe and it only happens when hes online :S
Logged
Wooddny
Newbie
*
Offline Offline

Posts: 4


View Profile
« Reply #3 on: August 08, 2007, 10:09:34 AM »
Just been told:

IP ban wont work, he tried that.  BU is not good as its a temp script not an insertion
Logged
Wooddny
Newbie
*
Offline Offline

Posts: 4


View Profile
« Reply #4 on: August 08, 2007, 10:10:32 AM »
Been asked to ask about Non Invasive scripts and low effect deletion ?
Logged
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4165


Editor-In-Chief


View Profile WWW
« Reply #5 on: August 08, 2007, 10:21:57 AM »
Just out of curiosity, what of value is the nub trying to get, or in this case, prevent others from doing? If you figure this out, you just might be able to get away with the low-tech approach.

Or, are you competing with anyone in this space that would benefit from a DOS of your site?

Bottom line, it may be very helpful to figure out what his purpose or goal is. This helps focus your efforts.

While I'm thinking about it, is this a site where you have to register to play and post? Why is he able to delete others messages? Try preventing others from having edit capabilities of items that are not theirs. Unless he did some sort of priv escalation.

Anyway, I hope this helps get some ideas flowing.

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
Kev
Guest
« Reply #6 on: August 08, 2007, 10:38:56 AM »
Every online gamer forum I have been aware of is php based. Its very common for rival gaming "clans" to attack a forum. Sometimes its just a bored single player. Its almost always one of 2 attacks. An angry former member that had Admin rights to the forum or a SQL injection attack. You dont even need to know much about SQL because there are sites that post the latest injection for php. All the attacker has to do is copy and paste it into the search or login functions and they are in.  A dead give away is if the intruder is making changes that only an admin could make. He doesnt need a script to delete posts, because he is more than likely just doing it manually as an admin.  If thats the case you only have a couple of options.  Make sure you have the latest updated php script or use another forum template that is not as well known as php even if it costs a little.  Of course you might be lucky and grab the IP of the intruder if he is a total noob. If so, you need to document his intrusion with as much as you can put together and make a formal complaint to his ISP.  Oh and yes, IP bans dont work at all because its too easy to use something like TOR to access the site.
« Last Edit: August 08, 2007, 10:43:12 AM by Kev » Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.063 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.