main site infected?

[toneddu2000]

I don't understand rook, that pun is referred to me?
You can check , is in the source. It was on the Drupal showcase for years. I don't tell baloney
About the programming argument, imho for programming I intend every language that helps you to reach your task with the minimum effort and maximum quality

[r00k]

no it wasnt directed to you.

Some hacker "picked" this site to illustrate his keen sense of programming. He pick us as fellow nerds who would think his programming was cool, but he picked our butt by making it something that blocks us from accessing the resources on the front page.

[revelator]

Ya i prefer constructing something with my measly skills i wonder why some get there kicks by destroying something

[toneddu2000]

ah ok, sorry rook, but some english constructs are still obscure to me!
yeah totally agree. Hacking is cool as long as you do it for learning/testing purpouse on your own machine (testing holes in your own code, testing firewalls, etc). Once you start attacking other sites is just being ass**le

[frag.machine]

Script kiddies don't deserve to be called "hackers". Most of the time they don't even have any idea about what they're doing.

[toneddu2000]

Well, frag.machine, either this script kid has been very lucky or inside3d main page security is pretty lax

[revelator]

php has some security flaws but is easy to work with i guess thats where the popularity comes from,
many sites therefore resort to using some sort of captcha or other ways to keep malicius activity to a minimum.
Most of the time a serious attack takes place its for robbing passwords or other identity theft shit, what i dont get
is why someone would try out something like that on a developer board,
were not crazy so forget about stealing the password for my bank account will ya i dont use the same password as i log on with here doh
besides even if they do get my password for the bank they still need a set of numbers that only i have to verify that its actually me attempting to access it,
so they would also need to have a trojan on my PC to capture keystrokes and my PC has some nasty protection keeping that from happening.

Still its annoying and i hope it will get fixed

[frag.machine]

It's very likely that the I3D site was invaded using some automated tool that takes an IP subnet as argument and then starts to scan every address looking for well known exploits. So no, the script kid who defaced the site probably doesn't know the nature of our discussions. OTOH, we are probably running pretty outdated versions of PHP and forums, so this is kinda expected. :/

[Spirit]

I'd volunteer to take a look at the code but only in November/December. I would be able to help trying to find the hole(s) in webserver logs before that.

[Cobalt]

Main page is very hacked today

[Spike]

stuff like that doesn't help. note that it potentially applies to ANY cgi program that uses the system() libc function, not just bash cgi scripts.

[revelator]

actually a new security risk has surfaced concerning system using bash its called shellshock and is mostly a risk for for people using unix based software.
But users of cygwin / msys / msys2 should also look out. The new threat uses bash's scripting ability to get malicious code onto a users PC.

Do not be fooled this is much worse than the heartbleed bug :S.

[goldenboy]

What's this new fashion of giving catchy names to bugs?

And aren't there lots of new root exploits discovered every week? How is something like "shell shock" different?

Debian/Ubuntu had this exploit fixed yesterday already, btw. apt-get update, apt-get install bash.

[revelator]

[Spirit]