1
pdajunkee
Aston Themes Hacked ?
  • 2005/7/11 5:23

  • pdajunkee

  • Just popping in

  • Posts: 53

  • Since: 2004/9/3 2


Just went to aston themes (http://astonthemes.com/) and found their front page says large graphic "secure your #### or lose it" with the login usually seen when the site is shut down for maintenance.

Anyone know how to contact the admin there?

2
zeroram
Re: Aston Themes Hacked ?
  • 2005/7/11 7:16

  • zeroram

  • Friend of XOOPS

  • Posts: 326

  • Since: 2004/6/30


Damn!!!

kind of scary, i hope it was not a XOOPS security problem..

because i run many XOOPS productions sites...

3
Frano
Re: Aston Themes Hacked ?
  • 2005/7/11 7:24

  • Frano

  • Just popping in

  • Posts: 13

  • Since: 2004/12/16


Quote:
Anyone know how to contact the admin there?


Pdajunkee, check your Inbox.

4
sikey
Re: Aston Themes Hacked ?
  • 2005/7/11 9:02

  • sikey

  • Not too shy to talk

  • Posts: 151

  • Since: 2003/4/29


Something is definatly wrong with xoops... this isn't a single incident... -> Another incident

5
Gambero[removed]
Re: Aston Themes Hacked ?

What version of XOOPS was he running on Aston themes ?

6
JimLunsford
Re: Aston Themes Hacked ?

I know it wasn't the latest version because he has been mia for awhile. However I don't think it was to old of a version.

7
phppp
Re: Aston Themes Hacked ?
  • 2005/7/11 12:01

  • phppp

  • XOOPS Contributor

  • Posts: 2857

  • Since: 2004/1/25


Quote:

zeroram wrote:
Damn!!!

kind of scary, i hope it was not a XOOPS security problem..

because i run many XOOPS productions sites...



You could close your site with a message of "I am hacked, damn XOOPS!"
(don't know where to set? go to system preferences=>"Reason for turning off the site")

8
Drexel
Re: Aston Themes Hacked ?
  • 2005/7/11 15:52

  • Drexel

  • Just popping in

  • Posts: 13

  • Since: 2005/3/8 0


The last post on that page was to many users of Aston Themes NOT to remove his signature from the theme...

That post was written by someone else then Aston himself, my guess is that it has something to do with that.

I think they hope we will get scared so we don't use Aston themes anymore....

But if it is real...... pfoei? I'am watching my domains closely.

One of the XFCX Hacking crew is located in Denmark..

http://www.google.nl/search?q=XFCX+Hacking+crew&ie=UTF-8&oe=UTF-8


Greets,

Fred (http://www.fred-dresken.nl)

BTW. What is wrong with the layout of the XOOPS forum? it is wider than the screen.

9
Mithrandir
Re: Aston Themes Hacked ?

We have an increasing number of reports of XOOPS sites hacked, when they use a XOOPS version below 2.0.13 and some sorts of autologin.

The reason for this is that the hole we found in the XML-RPC interface allows for an SQL injection attack where one can find the hashed password for a known username in the database.
With this hash, it is possible to manufacture a cookie that resembles the autologin cookie and grants access as administrator (if the known user is administrator, naturally)

We meant it, when we said that everyone should upgrade to 2.0.13
"When you can flatten entire cities at a whim, a tendency towards quiet reflection and seeing-things-from-the-other-fellow's-point-of-view is seldom necessary."

Cusix Software

10
JimLunsford
Re: Aston Themes Hacked ?

"That post was written by someone else then Aston himself, my guess is that it has something to do with that."

That post was from either phppp or davidl2 so it has nothing to do with it.

Login

Who's Online

447 user(s) are online (313 user(s) are browsing Support Forums)


Members: 0


Guests: 447


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits