Comments on: A tale of searching for a hacker and his supporter, the idiot programmer http://robert.penz.name/44/a-tale-of-searching-for-a-hacker-and-his-supporter-the-idiot-programmer/ About Linux, IT security, tips and tricks and other stuff that comes into my mind Thu, 09 Sep 2010 05:57:47 +0000 hourly 1 http://wordpress.org/?v=abc By: clemens http://robert.penz.name/44/a-tale-of-searching-for-a-hacker-and-his-supporter-the-idiot-programmer/comment-page-1/#comment-279 clemens Sat, 24 May 2008 20:00:03 +0000 http://robert.penz.name/44/a-tale-of-searching-for-a-hacker-and-his-supporter-the-idiot-programmer/#comment-279 The is the "easiest-to-exploit" mistake a programmer can ever make! It should be replaced with a switch- or an if-statement! For example: if($_GET[content]=="login") { include("login.php"); } .. Would increase the security very much.. The is the “easiest-to-exploit” mistake a programmer can ever make!
It should be replaced with a switch- or an if-statement!

For example:

if($_GET[content]==”login”) {
include(“login.php”);
}
..

Would increase the security very much..

]]> By: Robert Penz Blog » Interview with a professional hacker http://robert.penz.name/44/a-tale-of-searching-for-a-hacker-and-his-supporter-the-idiot-programmer/comment-page-1/#comment-135 Robert Penz Blog » Interview with a professional hacker Sat, 26 Apr 2008 20:59:46 +0000 http://robert.penz.name/44/a-tale-of-searching-for-a-hacker-and-his-supporter-the-idiot-programmer/#comment-135 [...] the DDOS attack against my blog this week , I decided to go to the channel I wrote in my initial hacker post about, as I believed that the most likely attacker is hacker I wrote about. After I joined the [...] [...] the DDOS attack against my blog this week , I decided to go to the channel I wrote in my initial hacker post about, as I believed that the most likely attacker is hacker I wrote about. After I joined the [...]

]]> By: Robert Penz Blog » UDP Flood DDOS attack against my blog http://robert.penz.name/44/a-tale-of-searching-for-a-hacker-and-his-supporter-the-idiot-programmer/comment-page-1/#comment-132 Robert Penz Blog » UDP Flood DDOS attack against my blog Thu, 24 Apr 2008 20:21:06 +0000 http://robert.penz.name/44/a-tale-of-searching-for-a-hacker-and-his-supporter-the-idiot-programmer/#comment-132 [...] the last 14 days. The only idea I’ve is that the hacker I found at the server of a friend and wrote about it wanted to get even. What counts for this theory is that it is carried out by hacked servers from [...] [...] the last 14 days. The only idea I’ve is that the hacker I found at the server of a friend and wrote about it wanted to get even. What counts for this theory is that it is carried out by hacked servers from [...]

]]> By: Boyan Alexiev http://robert.penz.name/44/a-tale-of-searching-for-a-hacker-and-his-supporter-the-idiot-programmer/comment-page-1/#comment-130 Boyan Alexiev Wed, 23 Apr 2008 01:14:06 +0000 http://robert.penz.name/44/a-tale-of-searching-for-a-hacker-and-his-supporter-the-idiot-programmer/#comment-130 Robert, great article! Thank you for the detailed description which helped me find the tool used to hack my server. Although I first found and closed the whole (public_html dirs), because I have seen it before, it was hard to find the script until I used the find and walked through the long list - that was easy. Then I found the wget download and easily confirmed the source of the attack (using the timestamp with grep from the logs it gave me the exact line :). Then I only had to remove the crontab entry and the script itself from /var/tmp/.b folder. The hack tool can still be downloaded at http://members.lycos.co.uk/foryouforyou/for.tgz - I have already filed an abuse report. If you are unable to find it and anyone is interested - I can give it away. I also keep a copy of the running script with all settings. Kind regards, Bobby Robert, great article! Thank you for the detailed description which helped me find the tool used to hack my server. Although I first found and closed the whole (public_html dirs), because I have seen it before, it was hard to find the script until I used the find and walked through the long list – that was easy. Then I found the wget download and easily confirmed the source of the attack (using the timestamp with grep from the logs it gave me the exact line :) . Then I only had to remove the crontab entry and the script itself from /var/tmp/.b folder.
The hack tool can still be downloaded at http://members.lycos.co.uk/foryouforyou/for.tgz – I have already filed an abuse report. If you are unable to find it and anyone is interested – I can give it away. I also keep a copy of the running script with all settings.

Kind regards,
Bobby

]]> By: admin http://robert.penz.name/44/a-tale-of-searching-for-a-hacker-and-his-supporter-the-idiot-programmer/comment-page-1/#comment-95 admin Wed, 19 Mar 2008 21:36:05 +0000 http://robert.penz.name/44/a-tale-of-searching-for-a-hacker-and-his-supporter-the-idiot-programmer/#comment-95 In my case the problem was the php script which used that function. I deactivated the hompeage and told the programmer to fix his code before it goes online again. In my case the problem was the php script which used that function. I deactivated the hompeage and told the programmer to fix his code before it goes online again.

]]> By: Joar http://robert.penz.name/44/a-tale-of-searching-for-a-hacker-and-his-supporter-the-idiot-programmer/comment-page-1/#comment-94 Joar Wed, 19 Mar 2008 21:23:37 +0000 http://robert.penz.name/44/a-tale-of-searching-for-a-hacker-and-his-supporter-the-idiot-programmer/#comment-94 I dont understand the code. How do I stop it from happening again? I dont understand the code. How do I stop it from happening again?

]]> By: admin http://robert.penz.name/44/a-tale-of-searching-for-a-hacker-and-his-supporter-the-idiot-programmer/comment-page-1/#comment-93 admin Wed, 19 Mar 2008 20:11:59 +0000 http://robert.penz.name/44/a-tale-of-searching-for-a-hacker-and-his-supporter-the-idiot-programmer/#comment-93 with a security hole the programmer put into his code, look at the end of the post. with a security hole the programmer put into his code, look at the end of the post.

]]> By: Joar http://robert.penz.name/44/a-tale-of-searching-for-a-hacker-and-his-supporter-the-idiot-programmer/comment-page-1/#comment-92 Joar Wed, 19 Mar 2008 20:07:35 +0000 http://robert.penz.name/44/a-tale-of-searching-for-a-hacker-and-his-supporter-the-idiot-programmer/#comment-92 I have exactly the same problem on my server. How did this guy get access? I have exactly the same problem on my server. How did this guy get access?

]]> By: Evilo http://robert.penz.name/44/a-tale-of-searching-for-a-hacker-and-his-supporter-the-idiot-programmer/comment-page-1/#comment-91 Evilo Wed, 19 Mar 2008 15:51:23 +0000 http://robert.penz.name/44/a-tale-of-searching-for-a-hacker-and-his-supporter-the-idiot-programmer/#comment-91 Awesome article, made me chuckle at the end. Well, I guess it's more of a ran/story than an article, but nonetheless a good job. : p Awesome article, made me chuckle at the end.
Well, I guess it’s more of a ran/story than an article, but nonetheless a good job. : p

]]>