Security

Suggestions, comments, questions, and developments related to the Super Soaker Central site and forums.
User avatar
DX
Posts: 1780
Joined: Wed Feb 04, 2004 1:00 pm

Post by DX » Wed Jun 09, 2004 12:35 am

Sniper as of lately has been rambling on about wanting to hack SSC. If someone was able to, is there any kind of backup that would restore the site? Waterbridges site has been hacked in the past. I doubt there is any threat but Doom, I would at least disable the source code.
Mess With the Best, Get Soaked Like the Rest!

2004 Red Sox - World Series Champions
2007 Red Sox - World Series Champions!

Hyper_9
Posts: 313
Joined: Sat Jun 28, 2003 12:00 pm

Post by Hyper_9 » Wed Jun 09, 2004 12:59 am

There are a few measures I know of. Either way, I know for a fact neo patches the entire site, SQL queries and all, onto his HD. If he tried it, it could be restored in 15 minutes.And I get to enjoy DoS on snipers computer, and reporting him to the authortities.

We already have a full set of personal information on him, as he was a complete idiot with many privacy issues.

He would be totally screwed.
Offical DMOZ Editor of "Recreation: Guns: Toy: Water Guns"
Soak On
HYPERACTIVE 4 EVER!

User avatar
SSCBen
Posts: 6449
Joined: Sat Mar 22, 2003 1:00 pm

Post by SSCBen » Wed Jun 09, 2004 1:14 am

Hyper is right, if he hacks us then he pretty much has screwed himself. I make backups of the site every once and a while. Sometimes I will make SQL backups, but not as often as the site.

There is no way sniper is getting into the site's FTP or CPanel. The password is randomly generated, and he doesn't even know the username to begin with. It will take him years to get through bruteforce. I'm also confident in the security of the servers we're running on. It's not going to happen.

User avatar
Monsoon
Posts: 832
Joined: Sun Jul 13, 2003 2:14 pm

Post by Monsoon » Wed Jun 09, 2004 1:58 am

I doubt that he would be the one hacking. He's probably going to get a friend of his or something to do the hacking for him. Yeah, all that security is enough to convince me that sniper won't be able to do anything.
Do not underestimate the power of stupidity in large groups

User avatar
RacerSoaker445
Posts: 951
Joined: Sun Mar 14, 2004 2:27 pm

Post by RacerSoaker445 » Wed Jun 09, 2004 1:40 pm

I have gotten into the site's directory, say the uploads area where a lot of things are uploaded.

Very simple, but in order to keep people from doing that, you need to redierect, say, Fourms.SSC.net/uploads/ to the page you were just at. My Mom has a very large site that has that, ultra handy.
I don't check this forum anymore.

User avatar
SSCBen
Posts: 6449
Joined: Sat Mar 22, 2003 1:00 pm

Post by SSCBen » Wed Jun 09, 2004 9:02 pm

I actually made it like that on purpose, so I could browse those directories without opening anything special. No security holes there anyway. The SSC images directory is also like that, it's not used anymore though. The most important directory, where most of the site's important info is held, is secure btw (it's sscentral.net/res/ for those who think they might be cool and figure it out). There is no way they could do anything in that directory anyway without opening FTP or CPanel. It's not chmodded to 777 or something similar so a GET/POST based attack isn't an option either.

The only security hole in the entier site is the forum's news, which is not being used currently. But that will not let sniper do anything other than read the first posts of some topics that were deleted and our planning board. Nothing to special, the only hole I know.

Believe me when I say the site is secure. My password is randomly generated, the FTP and CPanel ones are, but I'm not sure about Neo's and Mist's passwords. I've read internet security books before, I used to be into all that hacking XPBackfire-esque. There is no way an elementary schooler could hack this site, unless they were a child hacking prodigy or something. What would he gain by hacking anyway? The FBI making a visit maybe, or his ISP cutting his connection.

Freakymist
Posts: 361
Joined: Sat Mar 22, 2003 1:00 pm

Post by Freakymist » Thu Jun 10, 2004 7:42 pm

basically the only person (other than doom) that could really destroy this site is me... :Hey, that's funny.: considering I have more access to the site than anyone else including doom (By law I own this place).

User avatar
Neuro
Posts: 1081
Joined: Thu May 01, 2003 12:00 pm

Post by Neuro » Thu Jun 10, 2004 9:57 pm

not to mention the fact that a bruteforce attack by sniper would be impossible, he has 56k :Hey, that's funny.: (...baaaaddd memories of aol...) and I hate to admit it but it has been a while since I made a backup.... it's summer now though, I'll probably do one within the next week.
"I used to care, but now I take a pill for that."

You can pretty much ignore the times on that, I rarely ever have Xfire on when I play. I should, though.
Image
Image

Hyper_9
Posts: 313
Joined: Sat Jun 28, 2003 12:00 pm

Post by Hyper_9 » Thu Jun 10, 2004 11:00 pm

Originally posted by Freakymist@Jun 10 2004, 11:42 AM
basically the only person (other than doom) that could really destroy this site is me... :Hey, that's funny.: considering I have more access to the site than anyone else including doom (By law I own this place).
I SWORE owership of the domain techinally changed place in March...
Offical DMOZ Editor of "Recreation: Guns: Toy: Water Guns"
Soak On
HYPERACTIVE 4 EVER!

User avatar
BlueSmudge
Posts: 886
Joined: Sun Apr 18, 2004 10:57 pm

Post by BlueSmudge » Thu Jun 10, 2004 11:08 pm

I wouldn't be so sure about sniper. My blind step-cousin hacked my local hospital's patient medical records when he was 12.

I don't think sniper even has any disabilities.
--------------------------------------------------------------
Image
BlueSoak.net
--------------------------------------------------------------

User avatar
SSCBen
Posts: 6449
Joined: Sat Mar 22, 2003 1:00 pm

Post by SSCBen » Thu Jun 10, 2004 11:14 pm

No Hyper, I paid Freakymist for the hosting and domain to keep it simple. ;)

Hacking is achieved by holes in the system. I am very sure there are no holes that would let us do that. That hospital likely was running of IIS or something similar. Everytime Microsoft fixes something in that, they add a few new holes. It does take time to find them so that's why many go unfound. IIS is unsecure, and it's sad that many servers run off it.

User avatar
Neuro
Posts: 1081
Joined: Thu May 01, 2003 12:00 pm

Post by Neuro » Fri Jun 11, 2004 2:11 am

fortunately, apache is run on over 60% of the internet's web servers :D
actually I do know of something..... nevermind I'd have to talk to the site's host about that...
"I used to care, but now I take a pill for that."

You can pretty much ignore the times on that, I rarely ever have Xfire on when I play. I should, though.
Image
Image

treebomber
Posts: 16
Joined: Fri Jun 11, 2004 2:38 am

Post by treebomber » Fri Jun 11, 2004 3:25 am

:Hey, that's funny.: what has sniper doen now

I'm an old friend of his.

and yes, if you're wondering, he does have the tools to hack this site. usually what he does is, he will try to crack you're password with a cracker he downloaded a wile back, if that doesn't work, then he will flood the dam place.

but he is just bluffing. He doesn't want to hack sscentral, but he can.

User avatar
BlueSmudge
Posts: 886
Joined: Sun Apr 18, 2004 10:57 pm

Post by BlueSmudge » Fri Jun 11, 2004 3:47 am

what did I tell you guys! If a blind kid can do it, a underdeveloped brat can do it.
Or are you just helping sniper threaten us?
--------------------------------------------------------------
Image
BlueSoak.net
--------------------------------------------------------------

Hyper_9
Posts: 313
Joined: Sat Jun 28, 2003 12:00 pm

Post by Hyper_9 » Fri Jun 11, 2004 4:08 am

Alpha, I know every overrider in the book. SSC Servers are configured to cut off the account for 24 hours after 5 unsucessful login attempts.

Bravo, Theres a difference between a smart blind kid and a dumbass kid.
Offical DMOZ Editor of "Recreation: Guns: Toy: Water Guns"
Soak On
HYPERACTIVE 4 EVER!

Locked