{"id":13,"date":"2005-09-20T23:58:06","date_gmt":"2005-09-21T04:58:06","guid":{"rendered":"http:\/\/inanimatereason.com\/2005\/09\/20\/hacked-off\/"},"modified":"2005-09-22T16:51:21","modified_gmt":"2005-09-22T21:51:21","slug":"hacked-off","status":"publish","type":"post","link":"https:\/\/inanimatereason.com\/blog\/2005\/09\/hacked-off\/","title":{"rendered":"Hacked Off"},"content":{"rendered":"<p>The other day, one of my websites was defaced by a scripted hack. I&#8217;m still not sure exactly how they got in, but I assume I can thank the recently identified <a href=\"http:\/\/secunia.com\/advisories\/16801\/\" class=\"extlink\">SQL<\/a> <a href=\"http:\/\/phpnuke.org\/modules.php?name=PHP-Nuke_HOWTO&#038;page=sql-injection-with-php-nuke.html\" class=\"extlink\">Injection<\/a> exploits such as <a href=\"http:\/\/www.milw0rm.com\/id.php?id=1219\" class=\"extlink\">this one<\/a> since the hack was accomplished by replacing the footer values in my <a href=\"http:\/\/phpnuke.org\" class=\"extlink\">PHP-Nuke<\/a> configuration database.<\/p>\n<p>During the course of a normal day, my PC tends to stay logged into <a href=\"http:\/\/www.chat-solutions.org\" class=\"extlink\">IRC<\/a>. Unfortunately, I&#8217;ve been working on a project lately that requires me to login to a remote network using a VPN and the client security policy forces all my internet traffic through the VPN connection which is nicely firewalled. When I log in to upload my work and test, I have to disconnect all the little utilities and applications I use that constantly access my Internet connection.<\/p>\n<p>This is important because had I not been offline working, I could have dealt with my problem a bit quicker. As it was, I only found out about it because one of my online buddies dug out my phone number from whois and called me.<\/p>\n<p>I&#8217;m not going to glorify the hack or the hacker by any direct mention. The defacement looked like <a href=\"http:\/\/inanimatereason.com\/images\/20050917hacked.jpg\">this<\/a>. As far as I can tell, the intrusion was complete scripted. My guess is that the script googles a string that somehow identifies vulnerable systems and then runs the exploit against one of the unpatched entry forms.<\/p>\n<p>Sadly, the latest public release of PHP-Nuke still hasn&#8217;t fixed the bug. I think I&#8217;ll be motivated soon to migrate that site off of Nuke and onto another CMS.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The other day, one of my websites was defaced by a scripted hack. I&#8217;m still not sure exactly how they got in, but I assume I can thank the recently identified SQL Injection exploits such as this one since the hack was accomplished by replacing the footer values in my PHP-Nuke configuration database. During the &hellip; <a href=\"https:\/\/inanimatereason.com\/blog\/2005\/09\/hacked-off\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Hacked Off<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[2],"tags":[],"class_list":["post-13","post","type-post","status-publish","format-standard","hentry","category-tech-nonsense"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p1yjzF-d","_links":{"self":[{"href":"https:\/\/inanimatereason.com\/blog\/wp-json\/wp\/v2\/posts\/13","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/inanimatereason.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/inanimatereason.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/inanimatereason.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/inanimatereason.com\/blog\/wp-json\/wp\/v2\/comments?post=13"}],"version-history":[{"count":0,"href":"https:\/\/inanimatereason.com\/blog\/wp-json\/wp\/v2\/posts\/13\/revisions"}],"wp:attachment":[{"href":"https:\/\/inanimatereason.com\/blog\/wp-json\/wp\/v2\/media?parent=13"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/inanimatereason.com\/blog\/wp-json\/wp\/v2\/categories?post=13"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/inanimatereason.com\/blog\/wp-json\/wp\/v2\/tags?post=13"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}