nobsMailing List
Sign up for our free monthly e-newsletter.
nobsNetwork
Nobs Network Forum Nobs Invest - Nobs Investment Community Nobs Forex Blog Forex for Beginner
nobsPopular Entries
I just found this post in a private forum. The source is credible:
Here might be some very valuable information you may want to know this hacker is good…damn good…
I would like to give this warning for all users and Admins. Please check your E-gold accounts and look for any spends to this account below. Do not look for payments received. He does not give, he takes. This guy has made one hell of a mess, excuse my language please!
I do believe this creep is using some type of exploit or mysql injection that I’m unaware of. I am on the search for new updates on any new mysql injection codes. Also, all Admins need to check all files on their servers and look for this software, Myshell, or anything with a .php or p.pl a.pl files that look funny. They can and will control your program and make you look really bad to your members. These are the creeps that try to make good Admins look bad. I want all of you to understand I don’t care what server you have, if they want in and want to tear you down they find ways. Again, the software they are using is Myshell
I trust you members can spread the word to all good Admins to check all their files on their servers, no matter if it’s a dedicated server or a shared server.3/21/2007
11:30 Payment Made xxxxxxxx Gold -9.521448 4052592 xxxxxx USD 661.60 To: bill’s gold Memo: payment id=453 member=342Hacker’s email address: architechdata@gmail.com
Hacker’s E-gold account number. 4052592
Hacker’s E-gold account name: Bill’s Gold
Wow! Just when you get comfy that your e-gold is safe, a hacker comes up with something new. As a reminder on things to do to keep your accounts safe, please read the article I wrote last year here.
JMO,
Sharon
P.S. I left the email above so that programs scraping for email addresses to SPAM will find it. LOL
Popularity: 3% [?]
Nobody is safe in this online world, and for example there are new vulnerabilities in php now that need to be fixed. I don’t believe in databases, there are a lot of bugs inside them, but sometimes they are necessary.
Sometimes the problem is that your server (when you have your hosting) doesn’t update these new bugs, and some crackers out there can gain access and destroy your forum, blog, and so on. If we talk from hyip,s then it’s more serious with many people investing their money and their personal and account information.
In this case I suppose that e-gold is updating their servers, but as you know when a new bug is found a cracker needs to break a server before it is updated.
And of course there are some exploits or vulnerabilities that nobody knows. Some crackers find these bugs and share them in secret.
One thing that I don’t like from e-gold is using windows servers
But perhaps these accounts were hacked because their owners didn’t setup his e-gold security to “high” level.
Thanks for posting the warning here Sharon!
This is one of the reasons why I don’t like having a website with online database and back office, it’s just not safe; but eventually I will have to upgrade to that.
But first I need a good programmer. I had several programmers on my list. If I hear one of their websites or scripts was hacked, I take their name off my list. This way, I ran out of programmers to choose from. lol
Be well, be safe!
Dan
You are quite right Dan. Having a publicly accessible site with a backend that is database is just not safe. Perhaps the only safe bet would be to go private and setup a mechanism where people have to enter a certain ssl key or maybe a password to first of all have access to the site. Also it might help if the IP to the server is kept private and distributed to members via e-mail (preferably encrypted). All of this might seem a bit extreme, but I suppose a better safe than sorry policy is best. I might also add that admins should be a bit more proactive and ask their hosting provider about what version of mysql they’re running (if they’re willing to divulge that info), and then check mysql’s website for security holes. However, I doubt that most admins would go to such lengths. I dunno, what do you people think would be the safest administrative practices?
You can add this Yahoo suer ID, he contacted me to offer this hacking solution
juer_juerii