Announcement

**N35t0r** · September 9, 2013, 11:15

Originally posted by The Mad Monk View Post

It works if you right click and pick open in new tab.

Reply with quote works if you click on it twice, at least on chrome. To edit, you need to open in a new tab.

**Felch** · September 9, 2013, 12:12

Originally posted by Dinner View Post

4th hacking done to the front page.

I'm beginning to think of this as more of a feature than a bug. I'm looking at the front page more now than I have in years.

**Ben Kenobi** · September 9, 2013, 12:18

MY problem with WPC is I got banned without breaking any rules at all and even Solver admitted it. He just got upset with something I said on CG and so banned me at WPC. Some people just shouldn't be mods.

Lots of people have asked why I don't go there since the site seems much more friendlier to me. I disagreed with Solver and Locutus et al's justification for leaving poly then. Disagree with them now.

**Sava** · September 9, 2013, 12:27

Thanks Jrab. I would give you a thanks, but I used mine and it hasn't respawned.

**Dinner** · September 9, 2013, 14:43

5th time has now happened. It claims someone uploaded a trojan and that's how they're getting in.

**Sava** · September 9, 2013, 15:23

that's hardcore

**Solver** · September 9, 2013, 15:58

Well holy gargoyles!

vBulletin sites have been getting hacked left and right recently, but upgrading the forums doesn't solve anything by itself. You're getting lots of fake users created with admin rights that haven't been removed. You also almost certainly have a plugin installed that calls system() in PHP to give a backdoor, tied to the AJAX start hook. And remove the damn upgrade scripts from the server once you're done upgrading! The scripts are there right now which adds another half a dozen easy ways to hack into the forum.

**Lorizael** · September 9, 2013, 16:05

Oh right, that's my issue with WPC. They took Solver away from Apolyton.

**Sava** · September 9, 2013, 16:10

Solver

**Solver** · September 9, 2013, 16:53

Ok, to whoever runs this joint now (still CyberShy?):

I just fixed the forum front page and removed some backdoors. You had 3 backdoors running at the same time! The ones that I mentioned with system(), and also one called c99shell - you can look it and its capabilities up online.

There's also an impressive 20 backdoor admin accounts created today. I'm in the process of deleting them. Remove your darn upgrade script or else this will likely not last an hour.

EDIT: Okay, those admin accounts are gone. I found another 3 backdoors running as plugins. I'm surprised they haven't smothered one another. Why in the blazes do you not have system() and eval() disabled in php.ini?

**Sava** · September 9, 2013, 17:14

yay SOlver

**Nikolai** · September 9, 2013, 17:30

Awesome, intelligent gibberish tech talk.

Solver

I guess you Soviets are good for something.

**Buster Crabbe's Uncle** · September 9, 2013, 18:14

I find white-knighting 'poly in its hour of need a subtle and wonderful revenge, given the years of givens.

You're one mean/nice SOB, Solver. Full marks for the best troll I've ever seen anywhere.

**Solver** · September 9, 2013, 18:18

... and that's it, I am going to bed. There was another attempt to do the same thing 5 minutes ago but I deleted that in time. Unless somebody reacts quickly, the forums will have been defaced again anyway by the time I wake up.

The front page of the site itself is still borked, and I think that some other security hole might have been inserted in addition to the ones I've mentioned. Also, in the unlikely event any of those hackers had any brains, they would have downloaded the hashed passwords of the admin, so CyberShy should change his just in case.

**Kuciwalker** · September 9, 2013, 18:19

Wow. Thanks Solver!

Announcement

The Apolyton hacking pool

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment