1
amudee
xoops-end-user.com Hacked by Anonymous
  • 2007/8/20 10:00

  • amudee

  • Just popping in

  • Posts: 42

  • Since: 2007/8/8 1


Ok now a serious thread regarding small small mistakes we do while setting up big XOOPS websites. I recently edited/hacked http://www.xoops.net.br/index.php

and the reason for this editing/hacking is nothing but to let the owner know how venerable his site may be. If any anonymous is allowed to edit your sites content why would he be so honest ?

The main thing is why do we have Anonymous listed under the groups ? and why do we have such venerable options in XOOPS that gives rights to anonymous group members ? this is a serious venerability. Any beginner can make such mistakes, giving all the rights to anonymous users, i think this functionality needs to be improved a little.


Thanks & Regards,
codergeek82

2
Peekay
Re: xoops-end-user.com Hacked by Anonymous
  • 2007/8/20 11:47

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


I don't quite understand this amudee.

The xoops-end-user.com site is using MediaWIKI. Like any WIKI, if you register you will be able to add, change or remove content. That's what WIKIs are all about.

You could trash stuff on Wikipedia.org if you wanted to (sadly, people often do) but restoring the previous page generally takes less time than damaging the original. Page revisions are automatically archived, so content is never actually lost.

If all you did was remove content and add a comment, that's 'wiki vandalism' and just an accepted downside of running a WIKI.

If you found a way to hack the index page itself, that would be a matter of concern.
A thread is for life. Not just for Christmas.

3
wtravel
Re: xoops-end-user.com Hacked by Anonymous

The way I interpreted this post is that the site was configured in such a way that even unregistered users can edit the content. When a visitor is not logged in, he/she is a automatically assigned to the Anonymous group. This group is only there for the purpose of handling module rights (view, admin and system).

4
sailjapan
Re: xoops-end-user.com Hacked by Anonymous

further, BlueStocking (Darcy, the lady who runs XEU) has said umpteen times here in the forums, that all privileges have been left open so that anyone can mess around with the various modules that she puts up there for people to experiment with... XEU is an experimental site for the community... security has never been an issue there. Seems strange to purposefully vandalize a site that invites anyone in to fiddle away to their hearts content... hardly 'hacking'
Never let a man who does not believe something can be done, talk to a man that is doing it.

5
suico
Re: xoops-end-user.com Hacked by Anonymous
  • 2007/8/20 12:33

  • suico

  • Friend of XOOPS

  • Posts: 374

  • Since: 2003/7/24


I do agree there is no "proud" in vandalizing a wiki site , but it would be a good thing to do to block the first page for editions, so we don t get to other situations like this.

My two cents.

Between good job BlueStocking.
Yogurt Social Network Service
Visit: http://www.marcellobrandao.eti.br/

6
pAraN0iD
Re: xoops-end-user.com Hacked by Anonymous
  • 2007/8/20 14:37

  • pAraN0iD

  • Just popping in

  • Posts: 24

  • Since: 2007/4/16


Quote:
and the reason for this hacking is nothing but to let the owner know how venerable his site is and the way he configured it. If any anonymous is allowed to edit your sites content why would he be so honest ?


You really are an idiot. If you seriously wanted to let the admin know about a security problem why didn't you just TELL them instead of wasting people's time screwing up their site.

Pathetic. Get out of here.

7
BlueStocking
Re: xoops-end-user.com Hacked by Anonymous

Thank you amudee -- That was a very enjoyable experience,
I came in and didn't even know the site had been hacked until I saw all the recent activity report. (yours)

The site wasn't hacked... That takes someone with a bit of knowledge about how to really mess up a site. Just in case I keep a backup of everything important to me and if you are a user here it would be a good idea for you to do the same.

You know, after that trick, I didn't even block your IP.
I gave it some thought but decided naaa, why bother. Everyone has the ability to undo what anyone else has done as fast or even faster than the time it takes the 'so called hacker' to do his thing.
_____________
MOVING ON....

BTW: I added a Portuguese friends category today... and several new users...

http://www.xoops.net.br/index.php?title=Category:Portuguese

Thanks to whoever 'returned last edit' and added the additional users. ... nice job!!!

ALSO:
____________
@Amudee, thanks for the backup consdideration, but I have that covered so no need for you to worry. ... BlueStocking.

...darcy
BlueStocking
End User rep

Another Addon Edit: I visited amudee's site and the videos he has done are nice... I enjoyed them. He will make a nice addition to Xoops.
hhttps://xoops.org/modules/repository .. It is time to get involved - XOOPS.ORG

8
Anonymous
Re: xoops-end-user.com Hacked by Anonymous
  • 2007/8/20 18:12

  • Anonymous

  • Posts: 0

  • Since:


How to win friends and influence people

Some people are truely pathetic.

9
amudee
Re: xoops-end-user.com Hacked by Anonymous
  • 2007/8/21 4:01

  • amudee

  • Just popping in

  • Posts: 42

  • Since: 2007/8/8 1


Oh as i said i am a beginner in some areas so wasnt't aware of wiki thing, thats something i learned from you all.

@Bluestocking: i took a backup of your content before messing up with yours, cause i was not aware that automatic backups are already impleted on your site.

So my intention was not destructive but i was little curious why an anonymous user is able to edit (sorry i used the word hacking ;) which took the thread little off topic) but my intention was to discuss about role of an anonymous user on xoops.


off topic:
@pAraN0iD: Hi i did not wanted to hack or do some idiot stuff, i didn't even hide my identity, and raised this thread to discuss about roles of anonymous users. But i was under the impression that the admin of the site accidently gave rights to anonymous. So it was worth a discuusable topic, nothing personal.


@BlueStocking: Thanks for not banning my IP :) i guess it was also a good exercise for you. and i don't have a static IP


But the question in general remain: why do we have option to give admin rights to anonymous users in groups?

Can somebody correct me here if am wrong ?


Thanks & Regards,
amudee

10
amudee
Re: xoops-end-user.com Hacked by Anonymous
  • 2007/8/21 4:03

  • amudee

  • Just popping in

  • Posts: 42

  • Since: 2007/8/8 1


Quote:

Peekay wrote:
I don't quite understand this amudee.

The xoops-end-user.com site is using MediaWIKI. Like any WIKI, if you register you will be able to add, change or remove content. That's what WIKIs are all about.

You could trash stuff on Wikipedia.org if you wanted to (sadly, people often do) but restoring the previous page generally takes less time than damaging the original. Page revisions are automatically archived, so content is never actually lost.

If all you did was remove content and add a comment, that's 'wiki vandalism' and just an accepted downside of running a WIKI.

If you found a way to hack the index page itself, that would be a matter of concern.


Thats quite interesting to know, thanks for sharing the information about wikis and vandalism. Surely i will never implement a wiki on my college website

Login

Who's Online

232 user(s) are online (97 user(s) are browsing Support Forums)


Members: 0


Guests: 232


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits