Freebasic.net got hacked
Freebasic.net got hacked
Hey,
I just came to freebasic.net, and I saw the text "hacked by tcpip" :-D
What's going on?
I just came to freebasic.net, and I saw the text "hacked by tcpip" :-D
What's going on?
-
- Posts: 2338
- Joined: May 31, 2005 9:59
- Location: Croatia
- Contact:
-
- Posts: 360
- Joined: Jun 07, 2005 20:59
- Location: england, somewhere around the middle
- Contact:
In case anyone wants to download FreeBASIC, you can go straight to the sourceforge downloads page: http://sourceforge.net/project/showfile ... _id=122342
-
- Posts: 124
- Joined: Aug 24, 2005 1:55
- Contact:
-
- Posts: 453
- Joined: Dec 24, 2005 2:32
- Location: WA - USA
- Contact:
-
- Posts: 360
- Joined: Jun 07, 2005 20:59
- Location: england, somewhere around the middle
- Contact:
-
- Posts: 2428
- Joined: Jul 19, 2006 19:17
- Location: Sunnyvale, CA
- Contact:
At least the new homepage doesn't use a fixed-width format. =P
EDIT: It just came back up.
EDIT: It just came back up.
Last edited by KristopherWindsor on Feb 22, 2009 21:16, edited 1 time in total.
-
- Posts: 453
- Joined: Dec 24, 2005 2:32
- Location: WA - USA
- Contact:
PHP is famous for SQL injections and fake image files with embedded code. It's just the nature of the scripting language. (embedded HTML parser)
For any client work I do, I use ScriptBasic for my CGI web applications.
On the other hand there is tons of PHP based open source applications that have become a industry standard. It's hard to ignore the maturity in these offerings. It's a constant battle to patch the holes. I hope Python starts picking up 'market share' as it's a much better scripting language then PHP.
John
For any client work I do, I use ScriptBasic for my CGI web applications.
On the other hand there is tons of PHP based open source applications that have become a industry standard. It's hard to ignore the maturity in these offerings. It's a constant battle to patch the holes. I hope Python starts picking up 'market share' as it's a much better scripting language then PHP.
John
Please? It's not like that any other language than PHP is more or less vulnerable for SQL injections, because SQL is not PHP! It's right that you _can_ inject php variables into scripts because of the whole bad "register_globals" stuff, but that has not anything to do with SQL injections. SQL injections are based on bad user input sanitizing, which could happen even in a freebasic-driven webserver as well. Also "fake images with embedded code, what"? That's also nothing specific for PHP, and even Internet Exploder can obviously execute HTML code inside image files, which does not have anything to do with PHP at all. :P
-
- Posts: 453
- Joined: Dec 24, 2005 2:32
- Location: WA - USA
- Contact:
SQL injections happen because PHP allows the code to be processed on the URL command line. All scripting languages that parse embedded HTML (php, HTML/OS, ...) are plagued with the same issues. A secure scripting language processes the code intended, not what the user passes on the URL.
Passing session info on the URL command line is also asking for trouble as site trackers can grab the referral and allow it to access the site logged in as you. (if a cookie or IP check isn't done)
Keep in mind that most PHP application are based on code/templates stored in a SQL database. If you can change that data, you change the code running on the site.
As far as the fake image issue goes, PHP will ignore code it doesn't understand (image header stuff) till it sees PHP code which was embedded in the image file) This is a PHP issue only.
Hosting websites is a chess game with hackers. If you don't do regular backups to be able to concede and reset the 'board', sooner rather then later it will be 'checkmate'.
HTML parsing scripting languages are a security nightmare but that's not going to change the industry anytime soon.
Passing session info on the URL command line is also asking for trouble as site trackers can grab the referral and allow it to access the site logged in as you. (if a cookie or IP check isn't done)
Keep in mind that most PHP application are based on code/templates stored in a SQL database. If you can change that data, you change the code running on the site.
As far as the fake image issue goes, PHP will ignore code it doesn't understand (image header stuff) till it sees PHP code which was embedded in the image file) This is a PHP issue only.
Hosting websites is a chess game with hackers. If you don't do regular backups to be able to concede and reset the 'board', sooner rather then later it will be 'checkmate'.
HTML parsing scripting languages are a security nightmare but that's not going to change the industry anytime soon.
Well, there is a whole giant industry around handling this issue, and a variety of security levels than can be built into a site to make sure that a low level security vulnerability doesn't affect absolutely everything.John Spikowski wrote:SQL injections happen because PHP allows the code to be processed on the URL command line. All scripting languages that parse embedded HTML (php, HTML/OS, ...) are plagued with the same issues. A secure scripting language processes the code intended, not what the user passes on the URL.
Passing session info on the URL command line is also asking for trouble as site trackers can grab the referral and allow it to access the site logged in as you. (if a cookie or IP check isn't done)
Keep in mind that most PHP application are based on code/templates stored in a SQL database. If you can change that data, you change the code running on the site.
As far as the fake image issue goes, PHP will ignore code it doesn't understand (image header stuff) till it sees PHP code which was embedded in the image file) This is a PHP issue only.
Hosting websites is a chess game with hackers. If you don't do regular backups to be able to concede and reset the 'board', sooner rather then later it will be 'checkmate'.
HTML parsing scripting languages are a security nightmare but that's not going to change the industry anytime soon.
-
- Posts: 453
- Joined: Dec 24, 2005 2:32
- Location: WA - USA
- Contact:
Using open source PHP applications have one advantage and that is because more eyes are looking at the code and can quickly catch holes in the software. That's why keeping your site updated with the latest versions is critical.
SMF & phpBB are always issuing security updates. Some folks get carried away with plug-ins and mods which just makes it more difficult to stay current.
So, the next time you have a chance, thank the person hosting your site as it's not all fun and games providing the service.
SMF & phpBB are always issuing security updates. Some folks get carried away with plug-ins and mods which just makes it more difficult to stay current.
So, the next time you have a chance, thank the person hosting your site as it's not all fun and games providing the service.