Bemani hack on website
John Abreau
abreauj-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon Sep 29 12:22:05 EDT 2008
A quick google search seems to indicate that Bemani is the name
of a video game company.
On Mon, Sep 29, 2008 at 3:29 AM, James Kramer <kramerjm-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> Yes,
> I really set up Joomla right from the box and only followed the basic
> install script. I also was experimenting with opening the system up so
> anyone could edit the pages. The idea was to leave it go for a while
> and see what it evolved into. I'll let it go a little further and see
> if Bemani will be back like he threatened. I never heard of any
> hacker trade marking his name
> Jay.
>
> On Sun, Sep 28, 2008 at 12:58 PM, David Kramer <david-8uUts6sDVDvs2Lz0fTdYFQ at public.gmane.org> wrote:
>> James Kramer wrote, On 09/28/2008 11:48 AM:
>>> I have a Joomla site that was hacked by Bemani. Has anyone heard of
>>> this or is this some great genius that can hack a nearly wide open
>>> site. It is running at the following address.
>>> http://greaterpittsburgh.us/
>>
>> I have been hacked into a total of two times in the 12 or so years I've
>> been running a server at home. Once was a matter of weeks before I set
>> up my first internet-facing server. Remember, I'm a Software Engineer
>> and Pointy-Haired Boss, not a SysAdmin. I knew not what I was doing.
>>
>> The second time was when I installed TWiki (http://www.twiki.org) on my
>> server. It had *horrendous* security holes (now it merely has
>> horrendous security holes if you don't keep it updated and don't
>> configure it right). This wasn't a *real* hacking, as they were only
>> able to affect that site and not the rest of my box, since I had my
>> permissions set correctly, but it was embarrasing nonetheless.
>>
>> The lesson here is that while some say Open Source Software is
>> inherently more secure because there are so many eyeballs on the code
>> (which I feel is true for *popular*, non-"cathedral" projects), they're
>> also very configurable, and often not well documented. That means it's
>> much more important that you know what's running on your boxen, and how
>> it's configured.
>>
>> In one job, we used to call software like that "Enough rope" (as in,
>> "enough rope to hang yourself by, or do something useful".
>>
>>> I site was pretty wide open. I was thinking about playing around with
>>> an all open source website based on Joomla that anyone can modify.
>>> The site is running on a virtual server.
>>
>> In the security world, that's called a "honeypot". If you don't want
>> it to be hacked, don't do that. Of course, as you're running on a
>> virtual server, reloading shouldn't be a problem.
>> _______________________________________________
>> Discuss mailing list
>> Discuss-mNDKBlG2WHs at public.gmane.org
>> http://lists.blu.org/mailman/listinfo/discuss
>>
> _______________________________________________
> Discuss mailing list
> Discuss-mNDKBlG2WHs at public.gmane.org
> http://lists.blu.org/mailman/listinfo/discuss
>
--
John Abreau / Executive Director, Boston Linux & Unix
GnuPG KeyID: 0xD5C7B5D9 / Email: abreauj-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
GnuPG FP: 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
More information about the Discuss
mailing list