CG'ing: Explain this to me?

5 posts / 0 new
Last post
Fri, 19/08/2011 - 3:43pm
#1
altars
altars's picture
Offline
Last seen: 8 years 11 months ago
Joined: 19/08/2011 - 3:39pm
CG'ing: Explain this to me?
Someone told me this is what is happening and I don't understand all the lingo. Can someone explain what this means? -----c99 shell (not an account, a PHP shell) on a popular neopets website, e.g.: Jellyneo, sunnyneo, ect. Plaintext login grabber routed to a Virtual Private Server, oh and a database dump. Seeing as it's not impossible to crack salted md5 hashes.------ & is there any way to know what site is compromised? I know what cg'ing is so no need to explain that. x3 It's when someone grabs yo cookie jar. B)
Top
Fri, 19/08/2011 - 3:57pm
saudor
saudor's picture
Offline
Last seen: 10 hours 42 min ago
Joined: 10/06/2007 - 12:30pm
md5 hashes are crackable especially since most people use simple dictionary words. That's not CGing but rather taking advantage of holes in the php script. Or in the case of neomallers, an user with too much admin access. ----------------------------- [color=purple]Are you protected?[/color] http://www.neopets.com/~punchback_bob CG information & more
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
Top
Fri, 19/08/2011 - 4:40pm
altars
altars's picture
Offline
Last seen: 8 years 11 months ago
Joined: 19/08/2011 - 3:39pm
Oh so it would only be detectable by admins? I'm kinda sketchy about going on neo-fan sites now. *unsure* Of course I know neomallers is fine. :P
[center][br][br]Remembrance™[br]http://www.neopets.com/browseshop.phtml?owner=altars[/center]
Top
Fri, 19/08/2011 - 4:56pm
saudor
saudor's picture
Offline
Last seen: 10 hours 42 min ago
Joined: 10/06/2007 - 12:30pm
Actually, neomallers was broken into last year around March through a moderator account. They uploaded that script you mentioned to our servers and got into admin. And yes our hash tables were taken. And yep I'm posting about it on a public forum as well lol But we've taken action against it. Moderator accounts are limited to editing forum posts only and even then, a strict filter is in place. We also have the capability to monitor changes to our file system as well as critical content areas of our database. There is also another layer of security that is being added to the site but i can't really release the details of that as it is our final line of defence :P In terms of neo fan sites, i know sunny neo was broken into.. but apart from that, not sure. And yeah, it's detectable by admins but only if they are watching their files+database With that being said, if the password on fan sites is different from neopets, it wouldn't be an issue. ----------------------------- [color=purple]Are you protected?[/color] http://www.neopets.com/~punchback_bob CG information & more
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
Top
Fri, 19/08/2011 - 5:54pm
altars
altars's picture
Offline
Last seen: 8 years 11 months ago
Joined: 19/08/2011 - 3:39pm
Oh, well at least you are honest haha I'll remember that. :) The one on here is different so I suppose that's good haha. x3 I will change mine on other sites now. e-e
[center][br][br]Remembrance™[br]http://www.neopets.com/browseshop.phtml?owner=altars[/center]
Top