 |
| Register | Login | |||||
 |
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
|
| | ||
|
| Register | Login | |||||
|
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
|
| | ||
| 0 user currently in Acmlmboard support?. |
| Acmlm's Board - I2 Archive - Acmlmboard support? - You know honestly... I am sick and tired.. |
 |  |  |
| Pages: 1 2 | Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
| User | Post | ||
|
Sandy53215 Acmlm (10:55:31 PM): they're having fun for the first time in so long Level: 47  Posts: 287/948 EXP: 713034 For next: 53169 Since: 03-15-04 From: Milwaukee, Wisconsin (U.S.A) Since last post: 1 day Last activity: 4 hours |
| ||
| I really need to vent myself right now. There are a few cocksuckers on Acmlms/other boards that just get a boner finding out about board exploits. And for "loving" Acmlmboards they sure love to tear down communities. I just love the way these people use SQL queries to log in as other users. It just amazes me on what low life pieces of shit they are. I started on Acmlms a while back. But I am seriously thinking of leaving every fucking Acmlmboard I am on for the simple fact that this/these cocksuckers dont have anything better to do with themselves. May I suggest someone making a quick fix so this/these hackers dont get hard ons? Edit: I just dont have time to fix this shit as I DO actually have a life to live. Its just taking up to much time managing all this stupid shit. (edited by Randy53215 on 02-07-05 04:51 AM) |
|||
Dekker Avesque Goomba Level: 10  Posts: 6/32 EXP: 3754 For next: 660 Since: 08-29-04 Since last post: 190 days Last activity: 13 days |
| ||
| You_know,_there_are_a_lot_of_really_easy_ways_to_fuck_with_people_on_ACMLM_board... _It_isn't_realy_secure._Like,_for_instance,_right_now_no one_without_PMA_access_can_edit_me. NOTE:_Sorry_my_spacebar_broke. (edited by DekkerNocturnal on 02-07-05 04:55 AM) |
|||
|
Xkeeper The required libraries have not been defined. Level: NAN  Posts: -2607/-863 EXP: NAN For next: 0 Since: 03-15-04 Since last post: 2 hours Last activity: -753366 sec. |
| ||
Originally posted by Randy53215Then mabye you should take a hint from TEK and use something else? After all, Acmlmboards aren't small-time management things. They're full of holes, and unless you feel like sitting down, figuring them out and plugging them up, you're going to have to deal with it. Sorry, but that's just how it is. Learn it or use something else. |
|||
|
Sandy53215 Acmlm (10:55:31 PM): they're having fun for the first time in so long Level: 47 Posts: 288/948 EXP: 713034 For next: 53169 Since: 03-15-04 From: Milwaukee, Wisconsin (U.S.A) Since last post: 1 day Last activity: 4 hours |
| ||
Originally posted by Randy53215 Why should that happen? I will never change boards if anything. I might just not use my domain anymore.  |
|||
|
Xkeeper The required libraries have not been defined. Level: NAN Posts: -2606/-863 EXP: NAN For next: 0 Since: 03-15-04 Since last post: 2 hours Last activity: -753366 sec. |
| ||
Originally posted by Randy53215Arrogance leads to destruction.Originally posted by Randy53215 By the way, Dekker, IM me on AIM. |
|||
|
Black Lord Level: 34 Posts: 174/453 EXP: 235639 For next: 18012 Since: 03-15-04 From: Nebraska, what's a Nebraska Since last post: 8 days Last activity: 1 day |
| ||
| most of the holes can be fixed in a short amount of time... if you know what you are doing.. and I've been suggesting to people the same thing, until AcmlmBoard has public releases the holes will plague forever. |
|||
|
Dekker Avesque Goomba Level: 10 Posts: 7/32 EXP: 3754 For next: 660 Since: 08-29-04 Since last post: 190 days Last activity: 13 days |
| ||
| Your_SN_isn't_listed,_Neko. But,_i'm_DekkerAvesque_on_aim. (edited by DekkerNocturnal on 02-07-05 05:06 AM) (edited by DekkerNocturnal on 02-07-05 05:06 AM) |
|||
Laxidman Micro-Goomba Level: 7 Posts: 4/13 EXP: 985 For next: 463 Since: 08-17-04 From: San Diego, CA. USA Since last post: 240 days Last activity: 22 days |
| ||
Originally posted by Randy53215 I can't speak for others, but personally, I started looking into exploits for this board because I was curious if others had taken the same precautions I learned to take when I started web development. Acmlmboard just happened to be checked while I was in the period of "what the hell...how do these guys exist without getting hacked" phase. Even now, I occasionally check just to satisfy natural curiousity whenever I learn of something new. You see, since I do web development for others, I'm constantly learning new things to help keep the products I make for my clients stable and secure.
Welcome to the internet.
I just love the way that software with so many holes propagated so much. It amazes me that administrators dare to insult these people when while knowing their software is insecure, continue to use it expecting no one to exploit it. Again, welcome to the internet.
Do what everyone else running acmlmboard does and not attract attention. This board has been running with these holes for a hell of a long time before someone came along and started exploiting them. Your personal board quite likely never got hacked (well, until it did :/) because the community was good. Basically, you shouldn't have to worry about being on acmlmboards unless you feel you have a reason to be affected by someone exploiting the system.
I believe people have tried and either due to time or lack of ability failed. Aside from the current dev team, most of the people with ability either also have lives to deal with or simply doesn't care to work on a project that provides them minimal benefit. The point is, either you will make time to "fix this shit" or you take the only remaining option which is to wait for the dev team to fix the holes and make a public release. ====== Now if I can throw in some comments, I will say it annoys me whenever I read posts like this. Get it straight- you're using insecure software. Everyone knows this software is insecure. You're a TEK regular, you've heard this same spiel over and over again. Don't whine and bitch whenever someone rapes a board because someone executed an exploit that half the userbase probably already knew about. I can understand your frustration, but understand that this is what the administrators signed up for when they decided to use this software. Also, take a look at this. The first thing that it says is "Several exploits fixed." Think for a second and say to yourself "if these exploits are fixed in this version, am I vulunerable?". If you downloaded the public release, then quite likely, you are vulunerable (along with other fixed exploits since the public release). Of course, as an administrator, you're sorta in a predicament as you have an established board that can be raped at any time. Simply put, that's your problem. Now, it's not like other software is perfect. phpBB had a security hole a while back that lets you overwrite files or something I'm not too sure. The company did the right thing and released a patch as soon as possible and those who didn't patch got their sites raped. Those who got exploited before the patch or didn't know were just victims who had no chance, those who were exploited after the patch were just idiots who didn't bother to close the door. Of course, not everyone spends their time on a computer 24/7 and is able to keep up to date, but people are assholes, welcome to the internet. I guess what I'm trying to say in the end is take some responsibility for the mistakes you make. Also, as a side note, posts like yours have a tendancy to exaggerate the problem. While you're just venting your feelings, remember that people are reading this. (edited by Laxidman on 02-07-05 09:58 AM) (edited by Laxidman on 02-07-05 10:00 AM) |
|||
|
Narf Hi Tuvai! (reregistering while banned) Level: 16  Posts: 35/100 EXP: 17634 For next: 2622 Since: 12-26-04 Since last post: 22 hours Last activity: 14 hours |
| ||
| Well, I have to say, from what I've seen, the underlying source of AcmlmBoards are just a peace of shit, really. Majority of the forms are vulnerable to script attacks, and a lot of forms, such as the login form, aren't secured enough against wrong kinds of data input, let's say a SQL query. Though I'm not saying Acmlm and the others that worked on making the Acmlm board are shitty coders. Programming something as big as a whole forum system is quite complicated, and big. It's normal that the programmers make a mistake when working on something of that caliber. Though, what's low is that there are indeed morons that spend hours on trying to screw up someone else's work, or a website for that matter. I agree that these people should be lined up and shot. I often find exploits and security holes on websites and I have found several on AcmlmBoards in the past, though it's low to abbuse that and fuck up the board. As a webmaster, you should be prepared for that kind of stuff though. It's been said many times to every webmaster, and it needs to be said even more. But keep your fucking backups up to date. BACKUPS! There's so many things that can happen to a website, especially one with an underlying database, a database backup is vital. Though, I'd track this bastard down. Find out who did it, and get prood that he did it (a modern server registers every move your visitors make). Once you have that, send an email to abuse@ISP_OF_THE_MORON. They can 'punish' the 'hacker' more than you can. EDIT: Oh yeah, and I'll put an emphasis on something Laxidman said: People are assholes, welcome to the Internet. I am one of the people that got their websites/forums fucked over numerious times in the past, when I was inexperienced and I didn't even know how to make backups. Sometimes it was someone whom I wasn't really walking hand in hand with at that moment, but it also happened to be total strangers sometimes. People are morons, and the best you can do is protect yourself against these morons. (edited by Narf on 02-07-05 11:19 AM) |
|||
|
Laxidman Micro-Goomba Level: 7 Posts: 5/13 EXP: 985 For next: 463 Since: 08-17-04 From: San Diego, CA. USA Since last post: 240 days Last activity: 22 days |
| ||
Originally posted by Narf Very true. Unfortunately, with the amount of holes that exist and their severity, this software shouldn't have seen such widespread distribution.
I can't speak for everybody, but sometimes, it ends up well-deserved from the perspective of the attacker. Usually I refrain from abusing holes until I feel it's well-deserved which only happened once and that was on Xkeeper's board. After that, I alerted the dev team of my findings for them to fix and make life happy for everyone. [Edit: Curse my selective memories. I also did the same for TEKhacks twice, but those were minor and only done to prove a point in 2 discussions about Acmlmboard security.]
The answer to IP bans and logs- Proxies. (edited by Laxidman on 02-07-05 11:38 AM) (edited by Laxidman on 02-07-05 11:47 AM) |
|||
knuck Hinox Banned until 19-58-5815: trolling, flaming, spamming, being a general fucktard... Level: 62 Posts: 1135/1818 EXP: 1894574 For next: 90112 Since: 03-15-04 Since last post: 14 hours Last activity: 9 hours |
| ||
Originally posted by Narf"Hello i wanna report X person because i have a forum system that's full of security holes and also i have no guidelines about exploiting." Clever. Acmlmboards need a term of agreement.~ (edited by knuck on 02-07-05 12:02 PM) |
|||
|
Narf Hi Tuvai! (reregistering while banned) Level: 16 Posts: 39/100 EXP: 17634 For next: 2622 Since: 12-26-04 Since last post: 22 hours Last activity: 14 hours |
| ||
| I agree it's also a matter of responcibility, but fucking up someone else's site just because you can is not right, and I believe giving yourself unauthorised access is even illegal, too. | |||
|
knuck Hinox Banned until 19-58-5815: trolling, flaming, spamming, being a general fucktard... Level: 62 Posts: 1136/1818 EXP: 1894574 For next: 90112 Since: 03-15-04 Since last post: 14 hours Last activity: 9 hours |
| ||
Originally posted by NarfUnauthorised access to stuff like FTP or PMA is. But to something that is in the site, and if the site got no guidlines, it's not. |
|||
|
DarkSlaya POOOOOOOOOOOORN! Level: 88 Posts: 3428/4249 EXP: 6409254 For next: 241410 Since: 05-16-04 From: Montreal, Quebec, Canada Since last post: 8 hours Last activity: 5 hours |
| ||
Originally posted by Randy53215 But if your problems are SQL queries, then it doesn't take that much time to do (I actually did yesterday and didn't take that much time. (edited by DarkSlaya on 02-07-05 08:55 PM) |
|||
Kitten Yiffer Purple wand Furry moderator Vivent l'exp����¯�¿�½������©rience de signalisation d'amusement, ou bien ! Level: 135 Posts: 7692/11162 EXP: 28824106 For next: 510899 Since: 03-15-04 From: Sweden Since last post: 3 hours Last activity: 4 min. |
| ||
| Actually I heard of someone losing their internet, becuse he did crack onto a site twice. After a getting a warning from his ISP first. XDDD Belive me, ISP's are taking "harassments" usually seriously and most of them pull out the plug if they hear if one of their "clients" is abusing it. Thought the same people who hack the hell out don't care if it's legal or not, and maybe even hide themself in certain ways so they won't lose their connection...  |
|||
|
Sandy53215 Acmlm (10:55:31 PM): they're having fun for the first time in so long Level: 47 Posts: 294/948 EXP: 713034 For next: 53169 Since: 03-15-04 From: Milwaukee, Wisconsin (U.S.A) Since last post: 1 day Last activity: 4 hours |
| ||
| Meh, you mean like proxies? I already have the IP Address of who did it. I just dont wanna have to take these steps. Simple fix for now is a script that updates the staff everytime layout.php is loaded. Which is everytime the board is accessed. |
|||
dan Snap Dragon Level: 43  Posts: 407/782 EXP: 534516 For next: 30530 Since: 03-15-04 Since last post: 20 hours Last activity: 14 hours |
| ||
Originally posted by Randy53215 Er, great "fix" there. |
|||
|
Narf Hi Tuvai! (reregistering while banned) Level: 16 Posts: 44/100 EXP: 17634 For next: 2622 Since: 12-26-04 Since last post: 22 hours Last activity: 14 hours |
| ||
| Yeah, what a wonderful sollution, running a couple of additional (and unnecesary) MySQL queries in a file that is require()`d every pageview. And why the sudden 'I don't want to take these steps"? In the beginning of this thread you're in a rage, and now you're going pretty soft. You don't have the IP adres of the 'hacker', do you? | |||
|
Sandy53215 Acmlm (10:55:31 PM): they're having fun for the first time in so long Level: 47 Posts: 295/948 EXP: 713034 For next: 53169 Since: 03-15-04 From: Milwaukee, Wisconsin (U.S.A) Since last post: 1 day Last activity: 4 hours |
| ||
Jesus Christ you people, I never said it was the full solution. Should I sit at my computer for 12 hours daily fixing shit. No, I will fix it when I get to it. But for now there are no problems so who cares. I know how to go about fixing these though. |
|||
Chaos Force Panser Level: 29 Posts: 285/332 EXP: 147860 For next: 25 Since: 03-15-04 Since last post: 21 days Last activity: 4 hours |
| ||
  Told ya so. |
| Pages: 1 2 | Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
| Acmlm's Board - I2 Archive - Acmlmboard support? - You know honestly... I am sick and tired.. |
| | |
