Shoemoney hacked

well he's not a queen for sure

 

For those who didn't read Shoe's blog on being hacked, the hacker "got in" through a phpbb2 exploit, not through WordPress. So sleep well tonite, bloggers.

Shoe...were you running the latest version of phpbb?

 

Anybody noticed the red flag ?

 

Wow phpbb was hacked? Thats odd!

 

don't trust open source.
go vB go

 

lmao!

 

It wasn't his board that was using the phpBB, Nintendo. It belonged to a friend that he was hosting it for.


"While restoring I went through the old logs and figured out the person got in from a phpbb2 exploit. Basically they were able to exectute code on the server as the webserver user and this also means they were able to delete files and replace files owned by the webserver user…

Now why would I run phpbb2 ? well… I was hosting for a friend =(."

 

I also been hacked by them couple of times.

When is hacking gonna go away?

 

Shoe's posted on his blog about what he did to fix it and how he's stopped it from happening again, I guess it's the best way to learn is to experience it

 

The day Google decide they don't want to take over the world....

 

maybe shoemoney not the king but sure he is prince as the photo of his check
was the second most greatest check i ever sow .

it was about 132,000 doller which makes him one of my heros

 

That check is more then a year old... I have not used adsense for that company since ypn came out. (the photoed check)

Hah hardly a king cmon =P more like court jester

 

That's like saying you shouldn't advertise because the more people who know about it, the higher the odds that one of them is a hacker.

 

Hmm phpbb has seriosly security issues damm and this makes one a hacker omg

 

Seems like that hacker really doesn't like the French...

 

Haha, thanks for sharing this joke.

 

I am not saying its because PHP is open source at all. I am saying its because of:

1) The quality of PHP programmers. PHP having the highest proportion of newbs in the programming world.

2) The design of PHP itself, being a hacked together version of perl. Fact: not until a couple of years ago did they start to pay attention to restricting global variables in the default installation of the PHP cgi platform. Why? Because almost all code upto that point had been written with global variables being turned on.

3) The immense amount of "how to" literature that has insecure programming practices with hardly any mention of how to secure code against compromise.


But all these together and statistically speaking it does back up my claim.

I am not a programmer but even so just the basic familiarity I have with coding and scripting makes me think PHP is very insecure by default. Or at the very least was so with projects started a few years ago and continuously maintained(bandaided) through higher and higher versions.