Banner
donkdown

Who Is Chatting

Chatroom is empty

Chat Now

Account Login

MANDATORY: Former NeverWinPoker users, please click HERE to reset your password



Banner
Banner
Banner

Micon's Hot Tweets

BryanMicon: gl to @TheGrinder44 in @BellagioLV $25k MTT / just love to see him win for some reason / I know @EricMizrachi won't miss da @wptliveupdates
BryanMicon: RT @DonkDown: I have spawned another radio show: http://t.co/wyndDiSj @saramar13 @BryanMicon @Pokerati
BryanMicon: http://t.co/aAa9Kyx5 @DonkDown LISTEN NOW! @saramar13
BryanMicon: RT @stealthmunk: Made sickest call of my life in a crazy .6-1.2 btc hand on @SealsWithClubs poker. Games are crazy! Come play! Better than any US site by far
BryanMicon: RT @50cent RT @Lloydbanks cuz go head switch yo style up and if they hate then let 'em hate and watch the money pile up

It is currently Thu May 24, 2012 6:19 am


Board index » Big Boy Forums » Anti-Hacker Information Warfare Forum

Time zone: America/Los_Angeles [ DST ]

Search This Topic:
Jump to:  


Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 
'splain this to us 
Author Message
DirtyB
DD Mushroom Stamping Mod
User avatar

Profile
Degen Index: 37
Joined: 23 Feb 2005
Posts: 13623
What the hell kind of attack was NWP hit with?

Mr. Admin says it was someone with "CMS access". I have admin access (create/delete forums/users) but he seems to be talking about front page content management, which I don't have.

Here's he post for reference-
admin wrote:
Some indications seem to be this was an act of internal sabotage by someone with cms access and knowledge of the goings on within said cms, judging by the pages the script was put on. Either from not blocking old admins or to devalue the site by current admins. The community needs to know as trojans and whatnot can screw up your computers. We will continue to check and fix this problem if it continues.


Do you think that attack could be done through a CMS front end, or would it require access to the OS/DB (either granted or obtained through a security hole)?

Your Boris post mentioned NWP needing an IPS. What is that? NWP apparently has one, because an IPS Driver Error made NWP unavailable for a short time on Sunday.

And lol at "from not blocking old admins". Nice security policies there. The only old admin with a motive is vwls, who as you mentioned has no technical ability to do so (but does theoretically know people who do).

Best comic ever about sanitizing data inputs-
[url=index.php?act=findpost&pid=1185532]http://xkcd.com/327/[/url]


Last edited by DirtyB on Thu Oct 08, 2009 12:04 am, edited 1 time in total.
Wed Oct 07, 2009 11:59 pm
DanDruff
DD Bracelet Winner
DD Bracelet Winner


Profile
Degen Index: 84
Joined: 18 Jun 2004
Posts: 20934
Location: One of many secret locations
Lithuanians are out to lunch, as usual.

If it was an inside job, it was one of them.

It seems that it was likely just an outside hacker from eastern Europe, just as it appeared.

I highly doubt it had to do with boris.
Sun Oct 11, 2009 3:34 am
sonatine
DD InfoSec Oyabun
User avatar

Profile
Degen Index: 55
Joined: 04 Feb 2007
Posts: 8622
Re: what happened...

A website/webforum often has footers and headers of html code stored in the database for example that get appended to all html pages.

For example, every page at neverwinpoker.com has this at the bottom:
Quote:
Contact Us | Advertise | Privacy Policy | Disclaimer | Site Map | NWP Logos | Link To Us
Copyright @ 2009 Neverwinpoker LLC All rights reserved


Usually thats generated from a database.

So what attackers do, is they change like
CODE
<a href="/link-to-us" title="Link To Us" rel="nofollow">Link To Us</a>[/code]
to something like
CODE
<a href="/link-to-us" title="Link To Us" rel="nofollow">Link To Us</a>
<javascript>
super_scary_exploit_code_that_tells_your_webbrowser_to_download_and_install_a_tr
jan_backdoor
</javascript>[/code]


But yeah, Ive been holding off on commenting on this because I was hoping overlords.lu would provide more info.. right now the most interesting thing about this to me is that they found logs of access from Czech ip space. The fact that the attackers didnt or couldnt sanitize the logs is somehow reassuring.

What I was commenting on at Boris re: IPS was the need to look beyond "oh we need to patch this" and address preventing issues that might come up in the future by crippling the entire attack vector (exploiting the relationship between the face-forward application and the database). An IPS is a good first step there; it examines all the transactions between the DB and the Forum (or what have you) and anything that looks potentially hostile gets censored.

But yeah without some logs and shit, who knows what went down.

_________________
Wiz' Fruity Pebbles Poetry Contest Runner-Up, probably.
<Ripptyde64> anyway I just wanted to give you some props for your posts....you really have a unique way with words and as a fellow writer I am humbled
<Ripptyde64> lol I just like your style. there are so many useless and moronic poster on these forums and you are vastly superior in quality, form and content.
<BB92> lol i have tits
╭∩╮(︶︿︶)╭∩╮

Last edited by sonatine on Mon Oct 12, 2009 1:11 am, edited 1 time in total.
Mon Oct 12, 2009 1:11 am
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 

Board index » Big Boy Forums » Anti-Hacker Information Warfare Forum

Time zone: America/Los_Angeles [ DST ]

Users browsing this topic: No registered users and 1 guest

Search for:
Jump to:  

Poker Blog | Poker Forum | Contact Us | Advertise | Sitemap
Copyright © 2009-2011 Donkdown.com LLC