Hi Guys,
Early mornin' to all!
I cannot believe this... an up-and-coming CMS php-fusion users such as it's beta site ( http://www.beta.phpfusion-mods.com/ ), another mod site ( http://www.ausimods.com ), and other "popular" sites running php fusion got hacked.
Recently, the author released a "patch" for his quite popular CMS for protection against XSS type attacks.
I am no genius per-say, but his CMS looks a LOT buggy!!!! (This is the 2nd attack/security-hole that I know of)
Dont the hackers/crackers/script kiddies (or whatever the hell you wanna call them) have better things to do???
it's people like these that should be behind bars!
-Matt
Holy mother of pearls! an up and coming CMS has serious hole
Moderator: General Moderators
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Malicious hackers are being clamped down on hard now... it's being seen as a serious offence.
This kid (only 16 yo) lost his job to a company, so decided to bomb send billions of emails to users at the company in a DoS attack. The emails included text informing employess that they were going to die soon and wot-not. The kid is now in jail. That's the first case of it's kind to actually result in imprisonment but I believe we'll start to see a lot more of this... hopefully. That's off-topic though.
I'm not aware of this CMS but given that's still only in beta, isn't that why they make beta versions.... I'd be concerned if this was considered a stable release.
EDIT | OK i recalled that news story wrong. He's not in jail but he was sentenced. He has been electronically tagged and put under a curfew.
This kid (only 16 yo) lost his job to a company, so decided to bomb send billions of emails to users at the company in a DoS attack. The emails included text informing employess that they were going to die soon and wot-not. The kid is now in jail. That's the first case of it's kind to actually result in imprisonment but I believe we'll start to see a lot more of this... hopefully. That's off-topic though.
I'm not aware of this CMS but given that's still only in beta, isn't that why they make beta versions.... I'd be concerned if this was considered a stable release.
EDIT | OK i recalled that news story wrong. He's not in jail but he was sentenced. He has been electronically tagged and put under a curfew.
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
no, no, no... sorry probably my mistake:
Php fusion is considered a stable release (v6.014 right now). The beta site if for people who make "mods" for this cms... they submit and other users try it out etc etc etc.
but no, phpfusion is not in beta version. it is available as stable version.
Good to know that people such as these are getting punished! Otherwise, if no punishment is given, then such people would think that they will never get caught and start doing it more often... and this is where it would get ugly.
-Matt
Php fusion is considered a stable release (v6.014 right now). The beta site if for people who make "mods" for this cms... they submit and other users try it out etc etc etc.
but no, phpfusion is not in beta version. it is available as stable version.
Good to know that people such as these are getting punished! Otherwise, if no punishment is given, then such people would think that they will never get caught and start doing it more often... and this is where it would get ugly.
-Matt
Huh, I guess this is the part where the Author/Admin says... "BUT THE GOOD NEWS IS:" bleh.As many of you are aware a number of PHP-Fusion Support Sites have been hacked in the last 12 hours. This incident occured because one admin on Open Beta had his password leaked. The hacker used this password to login and steal all registered users passwords including members of many support sites. The hacker has used this information to cause wide-spread damage to PHP-Fusion Support Sites generally by destroying the user database tables. I am extremely angered by this attack, and I can only apologise for this incident.
My advice to everyone is to change your password, and never use the same password for more than one site. As far as I know there is no security hole involved in this attack so try not to panic. Thanks.
just makes me sick!!! wanna punch (and keep punching) that mofo like a punching bag----> talking about the hacker
-Matt
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
- daedalus__
- DevNet Resident
- Posts: 1925
- Joined: Thu Feb 09, 2006 4:52 pm