My Dream - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: My Dream

GreyWyvern wrote:

Quoted text here. Click to load it

Just thinking the same myself!

Charles Sweeney

Re: My Dream

Quoted text here. Click to load it

I've been hiding out on alt.html.  Lower signal-to-noise ratio than you
crazy kids on AWW

-Karl Core
Please Support "Project Boneyard":

Re: My Dream

Quoted text here. Click to load it

Changing the password: this will most likely have no effect, since usually
the password is just checked for once, when a person logs in... and not
repeatedly checked while they are logged in.

As far as how to handle it: this will depend on alot of specifics to the
person in question... what software they have available to handle a hacker,
are they physically near the server, how the person is hacking the site,

Overall I wouldn't worry too much about it...
- Unless your site is really big/popular/well known then its not a high risk
target for hackers (that doesn't mean it would never be hacked, but just
that there probably isn't some kid in taiwan at this moment trying to break
through your security so he can put "Hi Mom" on your site).
- If somebody hacked your site its likely that they aren't going to go in
there and change a bunch of text on different pages... they would just
upload a new page or an image to your site and then move on.
- If your site was hacked as above (the home page changed or something) then
its easier to just restore it from a backup, take a look at what security
you have in place and how you might improve it, and then just move on.
- If you don't have a backup of your site, or make periodic archives of your
site/data then you should... because, if your site is hacked and you don't
have a backup then the one that is really at fault here is you.

Re: My Dream

On Tue, 07 Dec 2004 10:28:48 -0500, Neal wrote:

Quoted text here. Click to load it

I had a dream that I was stuck in some sort of weird prison and it was
winter and cold and icy and I had been there a long time, like a
count-of-monte-cristo-long time, and I was trying to break out but there
was this ocean and waves and other people hindering me and this long
bridge or catwalk thing I had to crawl over and at that point the cat and
the pirate tried to knock me off the bridge thing but they got swept away
by the tidal wave and somehow there was this crazy blender thing that was
pureeing people if you fell into it and some other stuff that, believe it
or not, was actually kinda strange.

but i'm not too sure you really have anything to worry about as far as
hacking is concerned. It was only a dream, after all.

could you sue your ISP if their negligence created a problem? I dunno...

Could you sue the hacker, presuming they are caught?

This is still a big fat gray area as far as law is concerned.  Best bet,
of course, is to keep local back ups of everything you do on a remotely
hosted server of any kind.  You *do* back everything up yourself, don't

Jeffrey D. Silverman |
             Website |

Drop "PANTS" to reply by email

Re: My Dream

[F'ups trimmed because I don't read a.w.w. and my newsreader will
 puke on it...]

Quoted text here. Click to load it

I've actually seen a similar thing.

A client of mine bought a server for co-lo, so we moved their sites to
it from a web hosting provider who was once popular with the esteeemed
folks of this very newsgroup but who shall remain nameless. The former
web host started out by port scanning the new box, but didn't find
anything too exciting or exploitable, and went away. I had hoped that
the port scan would be the end of it.

Some weeks or months later one of my applications on the new server
emailed me several times in a short time, which I took to indicate that
the client was having trouble with something he was doing, so I logged
in on the server and initiated a 'talk' session with him to see if he
needed some help. He was pretty sure that he had it under control, knew
what was wrong with the data he was trying to feed to the app, so I
just hung around for a bit. He came up with a "what if I wanted to do
this?" kind of question, to which I replied he'd have to have root
access to accomplish it. Next thing we know, on both of our terminals,
is the question:

What is the root password?

I KNEW that there was no way this particular guy was going to ask for
it. He's rightfully afraid of being root, because he doesn't have a
clue about administering a Linux machine. So, while I typed out, "You
know I'm not going to give that to you" I picked up the phone and
dialed the guy's home number. His first words were, "I didn't type

So, while we continued chatting via talk, I did all of the appropriate
checks on the server while I talked him through the installation of
Zone Alarm on the laptop he was using. We quickly discovered that his
laptop had been compromised, and the unauthorized remote host belonged
to that former web hosting provider.

I have no use at all for that former web hosting provider, but I
believe they're smart enough to prevent their own machines from being
cracked. At that time, all of their machines were located on their
premises, so physical access was restricted. I drew the simplest
conclusion... it could be the wrong conclusion, but there have been
other incidents involving other of my clients and different servers
that tend to support it.

Quoted text here. Click to load it

Hopefully, just the time at which you observed evidence of a
compromise. Most compromises are initiated by script kiddies who don't
know quite enough about their targets to effectively cover their
tracks, so there will be evidence of their activity left behind.

A truly skillful cracker will leave no evidence whatsoever, and will
have bounced through so many remote hosts that rooting him out would be
nearly impossible. In a case like that, the system administrator has to
just pull the ethernet cable and start doing forensics to discover the
hole that let the cracker in.

In the end, tracking them down is almost always a pointless exercise,

Quoted text here. Click to load it

It depends upon how the cracker got in, and if he's logged in at the
time. Just changing your password doesn't generally terminate any
active sessions, so if he's logged in at the time when you change your
password, he'll remain logged in. If your system administrator is
involved, he can kill all of the processes running under your user name
to boot the cracker, but that doesn't mean he won't be back.

If your web hosting provider offers you FTP, POP3, a web-based control
panel via HTTP (rather than SSL), or any other service that
authenticates in the clear, then anyone who can sniff the interface can
get into that service. If all of them happen to authenticate against
the same database, or your authentication credentials are the same for
all of them via some other mechanism, anyone who can sniff the
interface can get into all of them. So changing your password will just
make them wait until you use one of those services.

And, finally, if it's your machine that's compromised, nothing your
hosting provider can do will help you. Personally, when I see evidence
that a user's machine is compromised, I firewall it out until it's
fixed, and keep an eye on it for a while after letting it back in.

Art Sackett,
Patron Saint of Drunken Fornication

Re: My Dream

Quoted text here. Click to load it

No, it would not stop an active hacker. Changing a password won't 'take'
until Mrs hacker logs in again.

Matter of fact, a hacker might have changed the password right away to
prevent you from doing just that.

If you've got physical access, you're in luck, just pull the network

If I had shell access (Hosted machine) I'd change the password and then
quickly kill the attackers login process ID.
A lot of folks don't realize this, but plain FTP sends the password
plain-text, as does POP. Kill off those services if you're using
them and replace them with something based on SSL.

-- Custom web programming
User Management Solutions                   Perl / PHP / Java / UNIX

Site Timeline