Posted on 12/17/2004 1:02:48 PM PST by mrustow
Thanks, but your entry for "hacker" is incomplete. You only quoted positive definitions.
Hacker Devil Zing!
Hacker Devil Zing!
Hacker Devil Zing!
No, it's complete. Only ignorant people refer to crackers and scriptkiddies as "hackers."
Hacker Devil Zing!
No, it's complete. Only ignorant people refer to crackers and scriptkiddies as "hackers."
It's incomplete; only a dishonest person would refer to hackers exclusively in positive terms.
Hacker Devil Zing!
MensNewsDaily.com is virtually hosted on a multi-host system run by hostway.com.
sasumata$ nslookup www.mensnewsdaily.com Server: localhost Address: 127.0.0.1 Name: www.mensnewsdaily.com Address: 64.41.127.150 sasumata$ whois -h whois.arin.net 64.41.127.150 OrgName: Hostway Corporation OrgID: HSWY Address: 1 N. State St. City: Chicago StateProv: IL PostalCode: 60602 Country: US NetRange: 64.41.64.0 - 64.41.127.255 CIDR: 64.41.64.0/18 NetName: HOSTWAY-05 NetHandle: NET-64-41-64-0-1 Parent: NET-64-0-0-0-0 NetType: Direct Allocation NameServer: NS.SITEPROTECT.COM NameServer: NS2.SITEPROTECT.COM Comment: RegDate: 2001-02-15 Updated: 2001-05-14 TechHandle: AN94-ARIN TechName: Administrator Network TechPhone: +1-312-994-7690 TechEmail: noc@hostway.com OrgTechHandle: AN94-ARIN OrgTechName: Administrator Network OrgTechPhone: +1-312-994-7690 OrgTechEmail: noc@hostway.com
Alright, sport. Let's see your computer security credentials. Put up or shut up.
Love your handle. How did you manage to freeze the screen, and copy and post it? I've seen this before, but never asked anyone how it's done.
nothing wrong with php...
however front page server extensions are an open door to most proficient crackers.
who would dare try to corrupt the prototypical php, mysql, apache trinity by mixing in pathetic offerings from microslop?
... and think it would stand for any length of time.
my guess?
they used front page extensions to hack and overflow the memory buffer, and used the open priviledges to change the ownership, password and access parameters to RWX --- ---.
the server people cannot even READ the raw files.
and since they are on a virtual host, there is no way to do anything but kill the server AFTER they transfer all of the other sites to another one.
and that takes time especially if they are running 'enterprise' systems for businesses on the same server... the security piplelines will allhave to be rewritten, and the real danger, is that root has been sacrificed on the alter of multiple virtual hosting... and that they may not even be able to run a backup tape on the machine, before pulling the plug.
and the hackers may be using that to compromise the other sites on that server.
just my guess, and probably WRONG.
Alright, sport. Let's see your computer security credentials. Put up or shut up.
Wrongo, "sport." Since I never claimed to be a "computer security" expert, there's nothing for me to put up or shut up about. Are you a tenured professor? If not, you should be. You play projection, deflection, diversion and intimidation games like the holder of an endowed chair. You don't get to frame a discussion to your liking, and then intimidate anyone who refuses to accept your frame.
PHP version 4.3.9 is vulnerable to meta character attacks. The bug could enable an attacker to read arbitrary files from the filesystem of a webserver that hosts PHP scripts.
In addition PHP versions 4.3.6 until 4.3.9 as well as PHP versions 5.0.0 until 5.0.2 contain a bug that enables an attacker to manipulate the file name of uploaded files to perform directory traversal.
These forms of attack can be used to leverage access to the system.
however front page server extensions are an open door to most proficient crackers.
That's why I always referred to it as "Front Plague." ;o)
who would dare try to corrupt the prototypical php, mysql, apache trinity by mixing in pathetic offerings from microslop?
It's a mystery to me!
Bull. You were spouting your ignorant tripe that the definition of hacker thus far provided was incomplete. Thus you were insisting that you had more knowledge on the subject. When I pointed out that your views were based on ignorance, you claimed I was dishonest.
So, punk: put up or shut up.
To the right of F12 there's a button marked "print screen" or some similar abbreviation. You push it and the image is copied onto the clipboard, and can be opened/pasted with any image program.
I use Irfanview and XnView, a couple of freebie image programs, for most all of my dabbling, but you can do it with Windows Paint.
http://www.irfanview.com/
http://www.xnview.com/
To post it, there's several free sites. I used this one, a no frills place:
http://www.uploadyourimages.com/
If that were the case, the directory would need to be owned by user 'nobody.' Since the defaced page is still being served up, I'd wager the permissions are more like chmod octal 0711 (or -rwx--x--x) which will allow readability of specified files, but not directory listings by an unprivileged account. (The root account should be able to read the directory regardless of said permissions, though.)
the server people cannot even READ the raw files.
Are they logged in as root? Also, are they using statically-compiled ls from a read-only medium?
Addenda: if you want to copy a small window, such as a popup window, hold down "ALT" and click the print screen button. That way it captures the foreground image.
Mens News got Pizzowned by l33tzorz h4xorz!!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.