Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Community > Feedback > Is MacNN trying to get this forum hacked?

Is MacNN trying to get this forum hacked?
Thread Tools
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Jan 28, 2008, 06:27 PM
 
This file has been active forever:

http://forums.macnn.com/phpinfo.php

Won't somebody wake up the machine admins and have this file removed? You do NOT want to keep it exposed like it has been for months.

This file is totally safe to yank, its contents are simply:

<?php
phpinfo();
?>
     
Addicted to MacNN
Join Date: Jul 2005
Location: Cooperstown '09
Status: Offline
Jan 28, 2008, 06:36 PM
 
Shhhhhh.
     
Professional Poster
Join Date: Sep 2005
Location: Rochester, NY
Status: Offline
Jan 28, 2008, 06:44 PM
 
Why are you trying to hack MacNN, besson3c?
     
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Jan 28, 2008, 08:10 PM
 
Originally Posted by Dork. View Post
Why are you trying to hack MacNN, besson3c?
Well, I just watched National Treasure, and I was thinking that I would be a MacNN hero if I could hack into this forum software and figure out who Abe really is. I'm sick of losing sleep puzzling this out in my head, so I decided to take matters into my own hands!
     
Administrator
Join Date: Mar 2000
Location: Land of the Easily Amused
Status: Offline
Jan 28, 2008, 08:24 PM
 
you must be imagining things
     
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Jan 28, 2008, 08:33 PM
 
Yeah, maybe I wasn't lucid, cause it's gone.

Sometimes I'm not lucid.
     
Addicted to MacNN
Join Date: Jul 2005
Location: Cooperstown '09
Status: Offline
Jan 28, 2008, 11:56 PM
 
I look forward to the file ending up on eBay.
     
Addicted to MacNN
Join Date: Nov 1999
Location: Madison, WI
Status: Offline
Feb 1, 2008, 07:53 PM
 
Originally Posted by rickey939 View Post
I look forward to the file ending up on eBay.
It will prolly be really cheap, but the shipping will totally kill the deal.

-Owl
     
Addicted to MacNN
Join Date: Apr 2005
Status: Offline
Feb 17, 2008, 05:32 AM
 
lol-
     
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Feb 19, 2008, 09:28 AM
 
Originally Posted by OwlBoy View Post
It will prolly be really cheap, but the shipping will totally kill the deal.

-Owl
Nah. eBay will decide this file is politically incorrect because the ad will mention something about it NOT being the PHP file from MacRumors, and so they'll cancel the auction. And still charge the seller all the fees. Gotta love eBay.

Glenn -----OTR/L, MOT, Tx
     
Moderator Emeritus
Join Date: Mar 2004
Location: Copenhagen
Status: Offline
Feb 19, 2008, 04:59 PM
 
Since this is pretty much a zombie thread whose topic is now irrelevant and has turned to randomness, can someone tell me why Besson was banned? Per request, or did I miss something? I didn’t see him do anything that could be considered a bannable offence?
     
Addicted to MacNN
Join Date: Nov 2007
Location: In the hearts and minds of MacNNers
Status: Offline
Feb 19, 2008, 05:03 PM
 
Whoa, when the hell did I miss that? $5 says he was Butthawk, and got a temp ban for the dupe account.
Edit: Or maybe the Not Butthawk account. This is all very complex, much like the Da Vinci Code.
     
Professional Poster
Join Date: Nov 2004
Location: eating kernel
Status: Offline
Feb 19, 2008, 07:00 PM
 
Originally Posted by Dakar the Fourth View Post
Whoa, when the hell did I miss that? $5 says he was Butthawk, and got a temp ban for the dupe account.
Edit: Or maybe the Not Butthawk account. This is all very complex, much like the Da Vinci Code.
I knew it.
Signature depreciated.
     
Professional Poster
Join Date: Sep 2005
Location: Rochester, NY
Status: Offline
Feb 19, 2008, 07:45 PM
 
I propose that whenever someone who is already a member becomes a "new member" and starts trolling, we should start referring to this activity as "butthawking". Just because I think that word is awesome. Butthawking should be punishable by π points of infractions.

For what it's worth, I think besson3c was the first butthawker here, but not the only butthawker. You can ask him on that known fanboy forum, if you like. (Actually, please go there, now that besson3c is banned from here for a while he's going to be there all the time, getting the carpet all messy...)
     
Mac Elite
Join Date: Sep 2006
Status: Offline
Feb 19, 2008, 08:04 PM
 
OMG!
He's a moderator there?!
lol!
     
Moderator Emeritus
Join Date: Mar 2004
Location: Copenhagen
Status: Offline
Feb 19, 2008, 08:06 PM
 
Originally Posted by Sherman Homan View Post
OMG!
He's a moderator there?!
lol!
Considering he started it, that makes good sense.

(I forget—it was just Besson who started it, right? And then BlueSky and... err, a few others, joined very quickly? Or did they start it together?)

(Actually, please go there, now that besson3c is banned from here for a while he's going to be there all the time, getting the carpet all messy...)
Are you calling me a cleaning lady?
     
Professional Poster
Join Date: Sep 2005
Location: Rochester, NY
Status: Offline
Feb 19, 2008, 08:14 PM
 
Originally Posted by Oisín View Post
Are you calling me a cleaning lady?
I figure that with new people to distract him, maybe he won't poop on the carpet quite so much....
     
Moderator Emeritus
Join Date: Mar 2004
Location: Copenhagen
Status: Offline
Feb 19, 2008, 08:15 PM
 
Cleaning lady or poop distractor.

I’m not sure which one’s the lesser evil here, to be honest.
     
Mac Elite
Join Date: Sep 2005
Status: Offline
Feb 19, 2008, 08:41 PM
 
I don't see how anyone knowing the output of phpinfo(); is going to make a forum any more hackable. If your Web server/PHP environment is set up insecurely, someone WILL figure out a hole, whether or not they've seen phpinfo().

That said ... the jumbled-up five stars look rather funny. :-P
     
Administrator
Join Date: Jun 2000
Location: California
Status: Offline
Feb 19, 2008, 09:40 PM
 
Originally Posted by Oisín View Post
Since this is pretty much a zombie thread whose topic is now irrelevant and has turned to randomness, can someone tell me why Besson was banned? Per request, or did I miss something? I didn’t see him do anything that could be considered a bannable offence?
besson3c's Butthawk account was banned for trolling, asking for SS numbers, etc after the joke wore off. When besson started up a 2nd Butthawk nick, (thereby ignoring the staff's troll decision) he got a week's vacation. He'll be back.

The 3rd Butthawk nick was someone else.
     
Moderator Emeritus
Join Date: Mar 2004
Location: Copenhagen
Status: Offline
Feb 20, 2008, 09:19 AM
 
Originally Posted by Tomchu View Post
I don't see how anyone knowing the output of phpinfo(); is going to make a forum any more hackable. If your Web server/PHP environment is set up insecurely, someone WILL figure out a hole, whether or not they've seen phpinfo().

That said ... the jumbled-up five stars look rather funny. :-P
Those are because he has more than 15,000 posts.

besson3c's Butthawk account was banned for trolling, asking for SS numbers, etc after the joke wore off. When besson started up a 2nd Butthawk nick, (thereby ignoring the staff's troll decision) he got a week's vacation. He'll be back.

The 3rd Butthawk nick was someone else.
Thanks for the info—I’d barely noticed this Butthawk nick, and didn’t know it was Besson in disguise.
     
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Feb 25, 2008, 01:19 PM
 
Originally Posted by Tomchu View Post
I don't see how anyone knowing the output of phpinfo(); is going to make a forum any more hackable. If your Web server/PHP environment is set up insecurely, someone WILL figure out a hole, whether or not they've seen phpinfo().

That said ... the jumbled-up five stars look rather funny. :-P
It's not that phpinfo() in and of itself makes the server less secure, but it is advertising the server's vulnerabilities. When a basic Nessus scan picks up this file and provides a convenient way for anybody to plan an attack based on the weakness and exploits of the older PHP version being run on the server and all that is required to close that screen door you left wide open is to delete the file, why not? It's an extremely easy thing to do.
     
Mac Elite
Join Date: Sep 2005
Status: Offline
Feb 25, 2008, 02:05 PM
 
Security through obscurity, then?

What's the use of the screen door if the rest of the house is missing a wall (vulnerable PHP release)? The real solution is to upgrade PHP.
     
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Feb 25, 2008, 02:08 PM
 
Originally Posted by Tomchu View Post
Security through obscurity, then?

What's the use of the screen door if the rest of the house is missing a wall (vulnerable PHP release)? The real solution is to upgrade PHP.
That is true.

Again, I'm not saying that deleting the file creates more inherent security, I'm just saying that it is extremely low dangling fruit, and that leaving it around does advertise vulnerabilities. I'm not saying that these vulnerabilities could not be discovered via another means, but leaving the file around is sort of like writing "my door is unlocked" along the side of your house or something, ya know?
     
Mac Elite
Join Date: Sep 2005
Status: Offline
Feb 25, 2008, 03:04 PM
 
Perhaps.

If it was a vulnerable PHP installation to start with. :-P
     
Addicted to MacNN
Join Date: Jan 2001
Location: The Sar Chasm
Status: Offline
Feb 25, 2008, 09:24 PM
 
Originally Posted by rickey939 View Post
I look forward to the file ending up on eBay.
I have a brand new, unused folder I'll sell you for $5.00 I just made it on my desktop using shift+command+n, but realized I didn't need it. Paypal me, and I'll email it to you.

When a true genius appears in the world you may know him by this sign, that the dunces are all in confederacy against him. -- Jonathan Swift.
     
Mac Elite
Join Date: Aug 2005
Status: Offline
Mar 19, 2008, 11:32 PM
 
If it comes in a good and reliable hard drive as wrapper, I'll take it for that price.

;o)
"Criticism is a misconception: we must read not to understand others but to understand ourselves.”

Emile M. Cioran
     
Banned
Join Date: Jun 2005
Location: Indy.
Status: Offline
Mar 20, 2008, 01:48 AM
 
Will you take it on a floopy?
     
Moderator
Join Date: Jun 2000
Location: inside 128, north of 90
Status: Offline
Mar 20, 2008, 12:22 PM
 
jaz drive ftw
     
Banned
Join Date: Jun 2005
Location: Indy.
Status: Offline
Mar 20, 2008, 06:53 PM
 
Bernoulli drive?
     
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status: Online
Mar 20, 2008, 07:12 PM
 
SyQuest.
     
Moderator
Join Date: Jun 2000
Location: inside 128, north of 90
Status: Offline
Mar 21, 2008, 04:30 PM
 
Zip!
( Last edited by andi*pandi; Mar 21, 2008 at 04:30 PM. Reason: (I can't post in allcaps???))
     
Professional Poster
Join Date: Sep 2005
Location: Rochester, NY
Status: Offline
Mar 21, 2008, 04:43 PM
 
Originally Posted by andi*pandi View Post
Zip!
Click of Death FTW!
     
Addicted to MacNN
Join Date: Mar 2006
Location: California
Status: Offline
Mar 21, 2008, 04:51 PM
 
Originally Posted by Dork. View Post
please work
     
Administrator
Join Date: Jun 2000
Location: California
Status: Offline
Mar 21, 2008, 05:49 PM
 
Off-topic for the win.

The original issue has been addressed, and we've drifted from left field into the stands.

     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 01:51 AM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2