Common_sense
New Member
Hello people here,
I am a regular member and a respected on here i should hope, but i wanted to say something which i didnt want my main or anything to do with me to be targeted by some idiots.
Right well the reason i made this, ive been in this scene along time and have done many different things, some good and some bad.. like all of us.
This whole boxhead thing IT IS A JOKE, most of his "UberL337" hacks have started from one website and led to another.. Want to know how?
1. He hacks the first website.
2. He downloads the database.
3. He searches the forum for other "Webmasters" or people that are respected and have access to other sites.
4. he finds there password hash and salt in the database.
5. He opens passwordpro and begins to crack it.
6. if you have the same password for everywhere else like the site that just got hacked, he got access to all of your stuff.
7. YOUR AN IDIOT FOR USING THE SAME DETAILS FOR EVERYTHING!
Now lets get off that part, heres another way he has hacked you.
Say he has gained access to a website ( Or a host) either by using your password from a DB or "another method" <<-- I doubt that!
He will upload a shell via the admin page ( normaly is vbulletin) but you can do this with other forum software, once he has access to the FTP listings etc and all of the files in that area ( your account with yoru host) which he could check the /home/ directory where all accounts on the server are located ie your FTP files etc.
If there is any that can be access (providing there is no directorys with weak permissions allowign access to it) he can then view YOUR files and and open your config file which contains your databae login and information. <<-- there you go again he got your db and passwords again.
Another way..
Well this is a bit more techical then others but he requires access to your server once again (most probaby using the methods above), he will look for users on the server that have permissions to use run shell which is basicaly allowing him to have access to SSH on the server, most places SHOULD! have this restricted to clients unless requested but some hosts dont have a clue about it ( the kiddie hosts) and he will have access to the server suing the shell and there user permissions.
^^ There you go another way he can get more databases and hack these so called sites with "UB3r1337" skillzzzzz.
You see this "BoxHead" is really nothing special he honestly is not, it is more your fault for using the SAME FUCKING PASSWORDS ALL THE TIME!. and going with some skiddie hosts that dont have a clue about anything and buy a server and want to make a quick buck off it!.
Some things you should do that will help prevent you being hacked:
1.DO NOT use the same password!
2. keep your sites software up to date.
3. Find a host that has a reputation with everyone and ask them about there security on the server.
4. do not go for a host which offeres amazingly cheap prices for high spec'd plans as i have said they are just wanting to make a quick bit of money and dont care about what they do, so security is most probably not that important.
5. do not let anybody know your passwords as that person could be a fool and get hacked and have your info in there private messages etc.
6. USE YOUR BLOODY BRAIN AND GET SOME COMMON SENSE!
Now i hope by doing this you will have some "Sense" as to what you do in future.
Regards,
Im not tell you my name :P
-----
Also please read and use this thread..
http://www.wjunction.com/showthread.php?t=21057
Also he is right with tip #6!!!!
I am a regular member and a respected on here i should hope, but i wanted to say something which i didnt want my main or anything to do with me to be targeted by some idiots.
Right well the reason i made this, ive been in this scene along time and have done many different things, some good and some bad.. like all of us.
This whole boxhead thing IT IS A JOKE, most of his "UberL337" hacks have started from one website and led to another.. Want to know how?
1. He hacks the first website.
2. He downloads the database.
3. He searches the forum for other "Webmasters" or people that are respected and have access to other sites.
4. he finds there password hash and salt in the database.
5. He opens passwordpro and begins to crack it.
6. if you have the same password for everywhere else like the site that just got hacked, he got access to all of your stuff.
7. YOUR AN IDIOT FOR USING THE SAME DETAILS FOR EVERYTHING!
Now lets get off that part, heres another way he has hacked you.
Say he has gained access to a website ( Or a host) either by using your password from a DB or "another method" <<-- I doubt that!
He will upload a shell via the admin page ( normaly is vbulletin) but you can do this with other forum software, once he has access to the FTP listings etc and all of the files in that area ( your account with yoru host) which he could check the /home/ directory where all accounts on the server are located ie your FTP files etc.
If there is any that can be access (providing there is no directorys with weak permissions allowign access to it) he can then view YOUR files and and open your config file which contains your databae login and information. <<-- there you go again he got your db and passwords again.
Another way..
Well this is a bit more techical then others but he requires access to your server once again (most probaby using the methods above), he will look for users on the server that have permissions to use run shell which is basicaly allowing him to have access to SSH on the server, most places SHOULD! have this restricted to clients unless requested but some hosts dont have a clue about it ( the kiddie hosts) and he will have access to the server suing the shell and there user permissions.
^^ There you go another way he can get more databases and hack these so called sites with "UB3r1337" skillzzzzz.
You see this "BoxHead" is really nothing special he honestly is not, it is more your fault for using the SAME FUCKING PASSWORDS ALL THE TIME!. and going with some skiddie hosts that dont have a clue about anything and buy a server and want to make a quick buck off it!.
Some things you should do that will help prevent you being hacked:
1.DO NOT use the same password!
2. keep your sites software up to date.
3. Find a host that has a reputation with everyone and ask them about there security on the server.
4. do not go for a host which offeres amazingly cheap prices for high spec'd plans as i have said they are just wanting to make a quick bit of money and dont care about what they do, so security is most probably not that important.
5. do not let anybody know your passwords as that person could be a fool and get hacked and have your info in there private messages etc.
6. USE YOUR BLOODY BRAIN AND GET SOME COMMON SENSE!
Now i hope by doing this you will have some "Sense" as to what you do in future.
Regards,
Im not tell you my name :P
-----
Also please read and use this thread..
http://www.wjunction.com/showthread.php?t=21057
Also he is right with tip #6!!!!
