Bemani hack on website

James Kramer kramerjm-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon Sep 29 03:29:03 EDT 2008


Yes,
I really set up Joomla right from the box and only followed the basic
install script. I also was experimenting with opening the system up so
anyone could edit the pages. The idea was to leave it go for a while
and see what it evolved into.  I'll let it go a little further and see
if Bemani will be back like he threatened.  I never heard of any
hacker trade marking his name
Jay.

On Sun, Sep 28, 2008 at 12:58 PM, David Kramer <david-8uUts6sDVDvs2Lz0fTdYFQ at public.gmane.org> wrote:
> James Kramer wrote, On 09/28/2008 11:48 AM:
>> I have a Joomla site that was hacked by Bemani.   Has anyone heard of
>> this or is this some great genius that can hack a nearly wide open
>> site. It is running at the following address.
>> http://greaterpittsburgh.us/
>
> I have been hacked into a total of two times in the 12 or so years I've
> been running a server at home.  Once was a matter of weeks before I set
> up my first internet-facing server.  Remember, I'm a Software Engineer
> and Pointy-Haired Boss, not a SysAdmin.  I knew not what I was doing.
>
> The second time was when I installed TWiki (http://www.twiki.org) on my
> server.  It had *horrendous* security holes (now it merely has
> horrendous security holes if you don't keep it updated and don't
> configure it right).  This wasn't a *real* hacking, as they were only
> able to affect that site and not the rest of my box, since I had my
> permissions set correctly, but it was embarrasing nonetheless.
>
> The lesson here is that while some say Open Source Software is
> inherently more secure because there are so many eyeballs on the code
> (which I feel is true for *popular*, non-"cathedral" projects), they're
> also very configurable, and often not well documented.  That means it's
> much more important that you know what's running on your boxen, and how
> it's configured.
>
> In one job, we used to call software like that "Enough rope" (as in,
> "enough rope to hang yourself by, or do something useful".
>
>> I site was pretty wide open.  I was thinking about playing around with
>> an all open source website based on Joomla that anyone can modify.
>> The site is running on a virtual server.
>
> In the security world, that's called a "honeypot".   If you don't want
> it to be hacked, don't do that.  Of course, as you're running on a
> virtual server, reloading shouldn't be a problem.
> _______________________________________________
> Discuss mailing list
> Discuss-mNDKBlG2WHs at public.gmane.org
> http://lists.blu.org/mailman/listinfo/discuss
>





More information about the Discuss mailing list