Good job mr turkish hacker. :rofl:

My question to you.Is it really that easy to hack this site ??? like coud a child do it ???

Before kinda ya. See the cnd forum for the reason why. I don't feel like attempting to explain something I don't even understand again. I thought something changed...but who knows.

why the bt.ca forum?
whats the big deal about it.
its a biking forum with people planning rides selling and talkin about misc biking stuff.

why attack that?
i just dont get it.
it must be some fat ass with nothing better to do.
remember that video of the kid playing that game and losing his cool and smashing his keyboard.
mabe its him.
haha

what a cunt face, he probably has a massive e-cock though!

heh, he can't have much of an epenis if he's hacking sites like BT.ca. he's likely some script-kiddie that doesn't have a clue - there's virtually nothing on him on google except about 3 sites he's hit, none of them are what you'd call big game. if you're going to be a loser fagtron hacker, you've got to at least hit a reputable site.

OMG IF HE R33DS THIS HE MITE HAXx0r MY INTERWEBBS!! 3Y3 HOAP H3 DOESNT S33! :noes:

ha, peasant.

what a fucker somone has too much time on their hands. You know they could be out getting a social life or somthing but no.. lets hack some random bike site.

what a fucker somone has too much time on their hands. You know they could be out getting a social life or somthing but no.. lets hack some random bike site.

Social life .............. bahahahahahahhaha:rofl:

Thats probably what his social life consists of. He probably sits at his computer on Friday nights with a bottle of lotion and wanks off while hacking a mountain bike site. Thats probably the only action he gets. :joshers:

The fucking guy can't even write properly "This site hacked" and whats with the fucking music. This guy is fucking retarded.

I bet the guy is on here laughing his ass off. rofl.

i just battled a "hacker" that used the same method to hack a client of mine.

i can tell you this much: bt.ca was veeeeeeeeeeery easy to hack just like my client's page, i could show you how in 5 minutes.

i don't want to bore the forum with web greek but if anyone needs to know how to protect themselves from this type of "attack" drop me a line. i'll post any helpful dialog if i'm contacted.
the rules are pretty easy but just as easy to neglect.

oh and bt.ca is still unsecure. otn took too long to test and i did not wan't to cause any bandwidth problems.

Im always interested in peoples discoveries about web security.

Obviously you know what youre talking about, im sure people would be happy to hear it! :)

Yeah, I would like to hear about it.

Matt.

The turkish hacker hit both of my sites last week...

@Moment Designs: is your site php based?




here are some basic tips.

common sense:

1. backup your database regularly!!!! if you are attacked, FACT is that your database is also in danger.

2. backup php files and regularly backup upload folders.

3. if you use a php based application chances are that you used a browser based configuration assistant which creates a file on the server containing your settings: FIND IT AND BACK IT UP!

i mirror all my online applications on a free host server.
don't get paranoid about backups, just relax and do it over night or when it fits you best but do be diligent. weekly backups should be enough, just don't forget the database most webmasters don't do this and i can't stress this point enough.

i hope you get the point BACKUP and learn how to restore you complete web site.
you can practice this an a free host server.


not so common sense:

if you don't understand the following GET SOMEONE WHO DOES! and make sure you can reach him/her at any time. it's alwayse good to have someone you can trust and that knows more than you just in case you are attacked.

4. never keep junk files on your server as this complicates the backup process.

5. make sure file permissions are correct and avoid world read/writable permissions if not absolutely necessary. this is the easiest way to invite an attack similar to the one on bt.ca but be careful with this and get help if don't know what you are doing.
help on this: http://safire.net/support/permissions.html

6. use .htaccess and .htpasswd to protect sensitive files and folders (apache only - if you use a microsoft server you can't be helped anyway (just joking))
help on this here
http://www.clockwatchers.com/htaccess_tool.html
http://www.web-bureau.com/modules/bsecure.php


there is no hacker proof web site just safe(r) ones. if a hacker wants to get in, he will. real hackers have a goal, a plan and a purpose while script kiddies and wannabe hackers use tutorials and attack at random just to see if they can.
example here http://www.northfell.com/infosec/hack1/

thats about it, no magic just plain common sense.

the most common attacks:
SQL Injection (http://en.wikipedia.org/wiki/SQL_Injection)
cross site scripting (http://en.wikipedia.org/wiki/Cross_site_scripting)
path traversal (http://en.wikipedia.org/wiki/Directory_traversal)
denial of service (http://en.wikipedia.org/wiki/Denial_of_service)

FURTHER READING
http://www.tele-pro.co.uk/pages/websec_info.htm
http://www.northfell.com/infosec/hack1/
http://www.thesitewizard.com/archive/protectimages.shtml
http://www.clockwatchers.com/htaccess_tool.html
http://www.web-bureau.com/modules/bsecure.php
http://safire.net/support/permissions.html

I don't even know what PHP is.

My database isn't on a computer that is connected to the internet, I'm not really worried about thing being stolen.

I don't even know what PHP is.
maybe that is why your site got hacked.
my advice, find somebody who knows what php is

if your site consists of simple html files it is most likely that your hoster lacks proper security. i'll run some tests after i get some sleep if you don't mind. your site will be slow for a few minutes.

I just like to say I don't know what things are so people will explain things.

i dont even know what love is....