Quote:
Originally posted by Alphawolf
Was hacked today. It was a good lesson.
In a way it was an ideal time to get hacked. Someone must have been running a sniffer on my forum and got my Admin account.
They stripped polls, and generally acted like a gremlin.
Deleted all but 1 photo gallery before I noticed this and changed the password.
The password is not a 'guessable' password, so it was some sort of 'sniffer'.
|
Unlike spazlabs, I wouldn't jump to the brute force conclusion. You possibly have an open window somewhere that let the intruder in. I mean, many of the scripts used by adult webmasters that I've seen around aren't hardened security-wise. How many adult (pay and content) sites have blatant vulnerabilities just by looking at the home page? Many.
I wouldn't redirect to a harmful site. At best, I'd logged the attempt and show the attacker that it has been logged. Or I'd send the attacker to a banner page or pop-up hell (for your benefit). Scare him if you want but _don't_ try to seek revenge.
There are two risks if you follow this dark path :
1. You might unwittingly give added incentive to try to mess you up.
2. You might punish an overly curious but innocent user.
My word of advice : Be cool and remain professional, but harden your site.
Entreri.
p.s. I've worked as software quality assurance for awhile (2-3 years) and specialized in web application testing, including penetration testing...