Re: Source of attack: Russian nuclear facility?

[Ian Eure <ieure () SICKFUCK ORG>]

On Sun, 6 Aug 2000, Bryan Willett wrote:

> I created a php based gaming site: www.merchantempires.net.
>
> An unknown person with IP addresses used by iate.obninsk.com,
> is currently hacking the site.  He/she is using some method
> to cheat in the game through altering the database.  I haven't
> figured out if its a simple php bug or other vulnerability.
>
> As to why someone who works for a nuclear facility would
> spend their time hacking my site, I can't say.  It seems
> a little alarming.
>
> I ftped over to the origin IP and discovered that their
> is a large warez collection.
>
> Who do you contact in situations of foreign based intrusion
> such as this?

most likely it's a case of not validating user input before you send it
off to your db backend. it's quite important to do; you might want to run
it through addslashes(), which escapes characters such as '"\ etc.

if you are using a php sql-abstraction layer (a Good Thing(tm)) you might
want to add some validation, or abstract away the more intricate details
of the sql; e.g. create a validateUser($username, $pass) instead of
performing the query directly. you can also create a log of sql queries
( e.g: $fp = fopen("/tmp/sql.log", "w+"); fwrite($fp,
"blah"); fclose($fp);) so you can determine if it really is a case of
unvalidated input, or if they have gotten into your db backend some other
way.

--
 ______________________________________________
| "the whole scale of cosmic dimensions are falling from my mouth
| in the description of a kiss of the interimlovers"
|   - einsturzende neubaten, "interim"