CG'ing: Explain this to me?

Submitted by altars on Fri, 19/08/2011 - 3:43pm
Someone told me this is what is happening and I don't understand all the lingo. Can someone explain what this means? -----c99 shell (not an account, a PHP shell) on a popular neopets website, e.g.: Jellyneo, sunnyneo, ect. Plaintext login grabber routed to a Virtual Private Server, oh and a database dump. Seeing as it's not impossible to crack salted md5 hashes.------ & is there any way to know what site is compromised? I know what cg'ing is so no need to explain that. x3 It's when someone grabs yo cookie jar. B)
Forums: 
Neopets Misc
  • 3732 reads

md5 hashes are crackable especially since most people use simple dictionary words. That's not CGing but rather taking advantage of holes in the php script. Or in the case of neomallers, an user with too much admin access. ----------------------------- [color=purple]Are you protected?[/color] http://www.neopets.com/~punchback_bob CG information & more
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
saudor | Fri, 19/08/2011 - 3:57pm |

Oh so it would only be detectable by admins? I'm kinda sketchy about going on neo-fan sites now. *unsure* Of course I know neomallers is fine. :P
[center][br][br]Remembrance™[br]http://www.neopets.com/browseshop.phtml?owner=altars[/center]
altars | Fri, 19/08/2011 - 4:40pm |

Actually, neomallers was broken into last year around March through a moderator account. They uploaded that script you mentioned to our servers and got into admin. And yes our hash tables were taken. And yep I'm posting about it on a public forum as well lol But we've taken action against it. Moderator accounts are limited to editing forum posts only and even then, a strict filter is in place. We also have the capability to monitor changes to our file system as well as critical content areas of our database. There is also another layer of security that is being added to the site but i can't really release the details of that as it is our final line of defence :P In terms of neo fan sites, i know sunny neo was broken into.. but apart from that, not sure. And yeah, it's detectable by admins but only if they are watching their files+database With that being said, if the password on fan sites is different from neopets, it wouldn't be an issue. ----------------------------- [color=purple]Are you protected?[/color] http://www.neopets.com/~punchback_bob CG information & more
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
saudor | Fri, 19/08/2011 - 4:56pm |

Oh, well at least you are honest haha I'll remember that. :) The one on here is different so I suppose that's good haha. x3 I will change mine on other sites now. e-e
[center][br][br]Remembrance™[br]http://www.neopets.com/browseshop.phtml?owner=altars[/center]
altars | Fri, 19/08/2011 - 5:54pm |