Security Incidents mailing list archives
Re: Source of attack: Russian nuclear facility?
From: Ian Eure <ieure () SICKFUCK ORG>
Date: Mon, 7 Aug 2000 13:27:08 -0700
On Sun, 6 Aug 2000, Bryan Willett wrote:
I created a php based gaming site: www.merchantempires.net. An unknown person with IP addresses used by iate.obninsk.com, is currently hacking the site. He/she is using some method to cheat in the game through altering the database. I haven't figured out if its a simple php bug or other vulnerability. As to why someone who works for a nuclear facility would spend their time hacking my site, I can't say. It seems a little alarming. I ftped over to the origin IP and discovered that their is a large warez collection. Who do you contact in situations of foreign based intrusion such as this?
most likely it's a case of not validating user input before you send it off to your db backend. it's quite important to do; you might want to run it through addslashes(), which escapes characters such as '"\ etc. if you are using a php sql-abstraction layer (a Good Thing(tm)) you might want to add some validation, or abstract away the more intricate details of the sql; e.g. create a validateUser($username, $pass) instead of performing the query directly. you can also create a log of sql queries ( e.g: $fp = fopen("/tmp/sql.log", "w+"); fwrite($fp, "blah"); fclose($fp);) so you can determine if it really is a case of unvalidated input, or if they have gotten into your db backend some other way. -- ______________________________________________ | "the whole scale of cosmic dimensions are falling from my mouth | in the description of a kiss of the interimlovers" | - einsturzende neubaten, "interim"
Current thread:
- Source of attack: Russian nuclear facility? Bryan Willett (Aug 07)
- Re: Source of attack: Russian nuclear facility? Vitaly Osipov (Aug 08)
- Re: Source of attack: Russian nuclear facility? Ian Eure (Aug 08)
- Re: Source of attack: Russian nuclear facility? //Stany (Aug 08)
- Re: Source of attack: Russian nuclear facility? Pavel Lozhkin (Aug 09)
- <Possible follow-ups>
- Re: Source of attack: Russian nuclear facility? JLNelson (Aug 08)
- Re: Source of attack: Russian nuclear facility? Al Huger - Mail Account (Aug 09)
- Re: Source of attack: Russian nuclear facility? Richard Johnson (Aug 10)
- Re: Source of attack: Russian nuclear facility? T. H. Haymore (Aug 09)
- Re: Source of attack: Russian nuclear facility? Al Huger - Mail Account (Aug 09)
- Re: Source of attack: Russian nuclear facility? J. Oquendo (Aug 08)
- Re: Source of attack: Russian nuclear facility? Doug Winter (Aug 10)
- Re: Source of attack: Russian nuclear facility? David Pick (Aug 13)
- Re: Source of attack: Russian nuclear facility? WebFusion System Administrator (Aug 13)
(Thread continues...)