Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #55173 > unrolled thread

JUST GOT HACKED

Back to article view | Back to comp.lang.python

Contents

  JUST GOT HACKED Νίκος <nikos.gr33k@gmail.com> - 2013-10-01 12:58 +0300
    Re: JUST GOT HACKED Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-10-01 14:06 +0100
      Re: JUST GOT HACKED Νίκος <nikos.gr33k@gmail.com> - 2013-10-01 16:15 +0300
        Re: JUST GOT HACKED Chris “Kwpolska” Warrick <kwpolska@gmail.com> - 2013-10-01 15:27 +0200
          Re: JUST GOT HACKED Νίκος <nikos.gr33k@gmail.com> - 2013-10-01 16:42 +0300
            Fwd: JUST GOT HACKED Chris “Kwpolska” Warrick <kwpolska@gmail.com> - 2013-10-01 15:56 +0200
              Re: Fwd: JUST GOT HACKED Νίκος <nikos.gr33k@gmail.com> - 2013-10-01 16:58 +0300
            Re: JUST GOT HACKED Alister <alister.ware@ntlworld.com> - 2013-10-01 13:57 +0000
              Re: JUST GOT HACKED Νίκος <nikos.gr33k@gmail.com> - 2013-10-01 17:00 +0300
                Re: JUST GOT HACKED Daniel Stojanov <daniel.stjnv@gmail.com> - 2013-10-02 00:24 +1000
                  Re: JUST GOT HACKED Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-10-02 02:30 +0000
                    Re: JUST GOT HACKED Antoon Pardon <antoon.pardon@rece.vub.ac.be> - 2013-10-02 08:51 +0200
                    Re: JUST GOT HACKED Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-10-02 08:32 +0100
                  Re: JUST GOT HACKED Ravi Sahni <ganeshsahni07@gmail.com> - 2013-10-01 21:09 -0700
                  Re: JUST GOT HACKED rurpy@yahoo.com - 2013-10-02 09:41 -0700
                Re: JUST GOT HACKED Tim Chase <python.list@tim.thechases.com> - 2013-10-01 09:56 -0500
                Re: JUST GOT HACKED Ned Batchelder <ned@nedbatchelder.com> - 2013-10-01 10:52 -0400
                  Re: JUST GOT HACKED Νίκος <nikos.gr33k@gmail.com> - 2013-10-01 18:34 +0300
                    Re: JUST GOT HACKED alex23 <wuwei23@gmail.com> - 2013-10-02 09:28 +1000
                Re: JUST GOT HACKED Tim Delaney <timothy.c.delaney@gmail.com> - 2013-10-02 06:45 +1000
                Re: JUST GOT HACKED Ben Finney <ben+python@benfinney.id.au> - 2013-10-02 08:06 +1000
                  Re: JUST GOT HACKED Wayne Werner <waynejwerner@gmail.com> - 2013-10-04 06:23 -0700
                Re: JUST GOT HACKED Chris Angelico <rosuav@gmail.com> - 2013-10-02 08:15 +1000
                Re: JUST GOT HACKED Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-10-01 23:28 +0100
                Improving community discussion (was: JUST GOT HACKED) Ben Finney <ben+python@benfinney.id.au> - 2013-10-02 08:41 +1000
                Re: JUST GOT HACKED Antoon Pardon <antoon.pardon@rece.vub.ac.be> - 2013-10-02 08:29 +0200
                Re: JUST GOT HACKED Ben Finney <ben+python@benfinney.id.au> - 2013-10-02 16:49 +1000
                  Re: JUST GOT HACKED Steven D'Aprano <steve@pearwood.info> - 2013-10-02 07:29 +0000
                    Mutual respect, bullying, tolerance (was: JUST GOT HACKED) Ben Finney <ben+python@benfinney.id.au> - 2013-10-02 17:42 +1000
                    Re: JUST GOT HACKED Νίκος <nikos.gr33k@gmail.com> - 2013-10-02 13:22 +0300
                      Re: JUST GOT HACKED Chris Angelico <rosuav@gmail.com> - 2013-10-02 20:32 +1000
                        Re: JUST GOT HACKED Νίκος <nikos.gr33k@gmail.com> - 2013-10-02 13:43 +0300
                          Re: JUST GOT HACKED Chris Angelico <rosuav@gmail.com> - 2013-10-02 20:54 +1000
                            Re: JUST GOT HACKED Νίκος <nikos.gr33k@gmail.com> - 2013-10-02 14:01 +0300
                            Re: JUST GOT HACKED Νίκος <nikos.gr33k@gmail.com> - 2013-10-02 14:03 +0300
                              Re: JUST GOT HACKED Chris Angelico <rosuav@gmail.com> - 2013-10-02 21:11 +1000
                              Re: JUST GOT HACKED Heiko Wundram <modelnine@modelnine.org> - 2013-10-02 13:35 +0200
                              Re: JUST GOT HACKED Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-10-02 13:06 +0000
                          Re: JUST GOT HACKED Tim Chase <python.list@tim.thechases.com> - 2013-10-02 08:09 -0500
                          Re: JUST GOT HACKED Wayne Werner <waynejwerner@gmail.com> - 2013-10-04 06:49 -0700
                      Re: JUST GOT HACKED Denis McMahon <denismfmcmahon@gmail.com> - 2013-10-02 15:50 +0000
                Re: JUST GOT HACKED Ravi Sahni <ganeshsahni07@gmail.com> - 2013-10-02 12:32 +0530
                  Re: JUST GOT HACKED Steven D'Aprano <steve@pearwood.info> - 2013-10-02 09:08 +0000
                    Re: JUST GOT HACKED Antoon Pardon <antoon.pardon@rece.vub.ac.be> - 2013-10-02 13:28 +0200
                      Re: JUST GOT HACKED Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-10-02 13:17 +0000
                        Re: JUST GOT HACKED Neil Cerutti <neilc@norwich.edu> - 2013-10-02 16:05 +0000
                        Re: JUST GOT HACKED Antoon Pardon <antoon.pardon@rece.vub.ac.be> - 2013-10-03 09:01 +0200
                          Re: JUST GOT HACKED Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-10-03 11:30 +0000
                            Re: JUST GOT HACKED Antoon Pardon <antoon.pardon@rece.vub.ac.be> - 2013-10-04 15:48 +0200
                  Re: JUST GOT HACKED Grant Edwards <invalid@invalid.invalid> - 2013-10-02 13:34 +0000
                  Re: JUST GOT HACKED rurpy@yahoo.com - 2013-10-02 09:44 -0700
                    Re: JUST GOT HACKED Ravi Sahni <ganeshsahni07@gmail.com> - 2013-10-02 23:51 +0530
                  Re: JUST GOT HACKED Piet van Oostrum <piet@vanoostrum.org> - 2013-10-04 17:23 -0400
                Re: JUST GOT HACKED Ben Finney <ben+python@benfinney.id.au> - 2013-10-02 17:24 +1000
                Re: JUST GOT HACKED Ravi Sahni <ganeshsahni07@gmail.com> - 2013-10-02 13:07 +0530
                Re: JUST GOT HACKED Antoon Pardon <antoon.pardon@rece.vub.ac.be> - 2013-10-02 09:51 +0200
                Re: JUST GOT HACKED Ravi Sahni <ganeshsahni07@gmail.com> - 2013-10-02 18:47 +0530
                Goodbye: was JUST GOT HACKED Walter Hurry <walterhurry@lavabit.com> - 2013-10-02 21:13 +0000
                  Re: Goodbye: was JUST GOT HACKED Terry Reedy <tjreedy@udel.edu> - 2013-10-02 19:05 -0400
                  Re: Goodbye: was JUST GOT HACKED Ravi Sahni <ganeshsahni07@gmail.com> - 2013-10-03 09:21 +0530
                    Re: Goodbye: was JUST GOT HACKED Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-10-03 11:35 +0000
                      Re: Goodbye: was JUST GOT HACKED Ravi Sahni <ganeshsahni07@gmail.com> - 2013-10-03 17:31 +0530
                        Re: Goodbye: was JUST GOT HACKED Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-10-04 02:03 +0000
                  Re: Goodbye: was JUST GOT HACKED Walter Hurry <walterhurry@lavabit.com> - 2013-10-07 12:26 +0000
                    Re: Goodbye: was JUST GOT HACKED Chris Angelico <rosuav@gmail.com> - 2013-10-07 23:34 +1100
                    Re: Goodbye: was JUST GOT HACKED Tim Chase <python.list@tim.thechases.com> - 2013-10-07 08:12 -0500
                    Re: Goodbye: was JUST GOT HACKED Ravi Sahni <ganeshsahni07@gmail.com> - 2013-10-07 18:40 +0530
            Re: JUST GOT HACKED Pat Johnson <p.johnson125@gmail.com> - 2013-10-08 07:51 -0700
        Re: JUST GOT HACKED Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-10-01 14:28 +0100
        Re: JUST GOT HACKED Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-10-01 19:42 +0100
    Re: JUST GOT HACKED Piet van Oostrum <piet@vanoostrum.org> - 2013-10-01 14:21 -0400
    Re: JUST GOT HACKED Denis McMahon <denismfmcmahon@gmail.com> - 2013-10-01 22:05 +0000
    Re: JUST GOT HACKED Zero Piraeus <z@etiol.net> - 2013-10-01 20:02 -0300
      Re: JUST GOT HACKED Νίκος <nikos.gr33k@gmail.com> - 2013-10-02 02:28 +0300
        Re: JUST GOT HACKED Tim Delaney <timothy.c.delaney@gmail.com> - 2013-10-02 09:48 +1000
        Re: JUST GOT HACKED Tim Chase <python.list@tim.thechases.com> - 2013-10-01 19:14 -0500
        Re: JUST GOT HACKED Chris “Kwpolska” Warrick <kwpolska@gmail.com> - 2013-10-02 14:47 +0200
        Re: JUST GOT HACKED ishish <ishish@domhain.de> - 2013-10-02 13:57 +0100
      Re: JUST GOT HACKED Νίκος <nikos.gr33k@gmail.com> - 2013-10-02 13:52 +0300
        Re: JUST GOT HACKED feedthetroll@gmx.de - 2013-10-02 04:42 -0700
          Re: JUST GOT HACKED Νίκος <nikos.gr33k@gmail.com> - 2013-10-02 14:55 +0300
          Re: JUST GOT HACKED Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-10-02 12:51 +0000
            Re: JUST GOT HACKED Antoon Pardon <antoon.pardon@rece.vub.ac.be> - 2013-10-02 15:12 +0200
              Re: JUST GOT HACKED Νίκος <nikos.gr33k@gmail.com> - 2013-10-02 16:30 +0300
                Re: JUST GOT HACKED Rod Person <rodperson@rodperson.com> - 2013-10-02 10:31 -0400
            Re: JUST GOT HACKED Chris Angelico <rosuav@gmail.com> - 2013-10-02 23:06 +1000
    Re: JUST GOT HACKED Pat Johnson <p.johnson125@gmail.com> - 2013-10-08 07:53 -0700

Page 4 of 5 — ← Prev page 1 2 3 [4] 5  Next page →

#55409 — Re: Goodbye: was JUST GOT HACKED

On Thu, 03 Oct 2013 09:21:08 +0530, Ravi Sahni wrote:

> On Thu, Oct 3, 2013 at 2:43 AM, Walter Hurry <walterhurry@lavabit.com>
> wrote:
>> Ding ding! Nikos is simply trolling. It's easy enough to killfile him
>> but inconvenient to skip all the answers to his lengthy threads. If
>> only people would just ignore him!
> 
> Hello Walter Hurry please wait!
> 
> Did I do/say something wrong?!

Don't worry about it Ravi, you haven't done anything wrong.

Walter is not a regular here. At best he is a lurker who neither asks 
Python questions nor answers them. In the last four months, I can see 
four posts from him: three are complaining about Nikos, and one is a two-
line "Me to!" response to a post about defensive programming. 



> If one of us should go it should be me -- Im just a newbie here.

No, you are welcome here. You've posted more in just a few days than 
Walter has in months. We need more people like you.



-- 
Steven

[toc] | [prev] | [next] | [standalone]

#55410 — Re: Goodbye: was JUST GOT HACKED

On Thu, Oct 3, 2013 at 5:05 PM, Steven D'Aprano
<steve+comp.lang.python@pearwood.info> wrote:
> On Thu, 03 Oct 2013 09:21:08 +0530, Ravi Sahni wrote:
>
>> On Thu, Oct 3, 2013 at 2:43 AM, Walter Hurry <walterhurry@lavabit.com>
>> wrote:
>>> Ding ding! Nikos is simply trolling. It's easy enough to killfile him
>>> but inconvenient to skip all the answers to his lengthy threads. If
>>> only people would just ignore him!
>>
>> Hello Walter Hurry please wait!
>>
>> Did I do/say something wrong?!
>
> Don't worry about it Ravi, you haven't done anything wrong.
>
> Walter is not a regular here. At best he is a lurker who neither asks
> Python questions nor answers them. In the last four months, I can see
> four posts from him: three are complaining about Nikos, and one is a two-
> line "Me to!" response to a post about defensive programming.
>
>
>
>> If one of us should go it should be me -- Im just a newbie here.
>
> No, you are welcome here. You've posted more in just a few days than
> Walter has in months. We need more people like you.

Thanks for the welcome!

But No thanks for the non-welcome -- I dont figure why Walter Hurry
(or anyone else) should be unwelcome just because I am welcome.

The world (and the python list hopefully!!) is big enough for all of us

-- 
Ravi

[toc] | [prev] | [next] | [standalone]

#55450 — Re: Goodbye: was JUST GOT HACKED

On Thu, 03 Oct 2013 17:31:44 +0530, Ravi Sahni wrote:

> On Thu, Oct 3, 2013 at 5:05 PM, Steven D'Aprano
> <steve+comp.lang.python@pearwood.info> wrote:

>> No, you are welcome here. You've posted more in just a few days than
>> Walter has in months. We need more people like you.
> 
> Thanks for the welcome!
> 
> But No thanks for the non-welcome -- I dont figure why Walter Hurry (or
> anyone else) should be unwelcome just because I am welcome.

????

Who said Walter was unwelcome? It's *his* choice to leave, nobody is
kicking him out.

Regards,



-- 
Steven

[toc] | [prev] | [next] | [standalone]

#56306 — Re: Goodbye: was JUST GOT HACKED

On Thu, 03 Oct 2013 11:35:00 +0000, Steven D'Aprano wrote:

> On Thu, 03 Oct 2013 09:21:08 +0530, Ravi Sahni wrote:
> 
>> On Thu, Oct 3, 2013 at 2:43 AM, Walter Hurry <walterhurry@lavabit.com>
>> wrote:
>>> Ding ding! Nikos is simply trolling. It's easy enough to killfile him
>>> but inconvenient to skip all the answers to his lengthy threads. If
>>> only people would just ignore him!
>> 
>> Hello Walter Hurry please wait!
>> 
>> Did I do/say something wrong?!
> 
> Don't worry about it Ravi, you haven't done anything wrong.
> 
> Walter is not a regular here. At best he is a lurker who neither asks
> Python questions nor answers them. In the last four months, I can see
> four posts from him: three are complaining about Nikos, and one is a
> two-
> line "Me to!" response to a post about defensive programming.
> 
> 
> 
>> If one of us should go it should be me -- Im just a newbie here.
> 
> No, you are welcome here. You've posted more in just a few days than
> Walter has in months. We need more people like you.

Steven,

You make a fair point. I have posted very little recently, for the 
following reasons:

a) I'm not really competent enough to answer python questions, at least 
not yet.

b) I try not to post my own Python questions unless as a last resort. I 
prefer to try to solve my own problems by reading the fine documentation, 
and DuckDuckGoing.

However, I do lurk assiduously and have learned much by reading excellent 
'answering' posts from many such as you.

The 'Goodbye' post was made in rather a fit of pique, for which I 
apologise. If I am allowed a second chance, there is actually something 
puzzling me at the moment. It's a UnicodeDecodeError, but I shall start 
a separate thread about it.

Sorry again.

Walter

[toc] | [prev] | [next] | [standalone]

#56307 — Re: Goodbye: was JUST GOT HACKED

On Mon, Oct 7, 2013 at 11:26 PM, Walter Hurry <walterhurry@lavabit.com> wrote:
> The 'Goodbye' post was made in rather a fit of pique, for which I
> apologise. If I am allowed a second chance, there is actually something
> puzzling me at the moment. It's a UnicodeDecodeError, but I shall start
> a separate thread about it.

You're allowed a second chance, and a third, and a seventh, and a
seventy-times-seventh (or a seventy-seventh, depending on which
translation you read). Welcome back. And yes, starting a separate
thread for the actual question is definitely the best way :)

ChrisA

[toc] | [prev] | [next] | [standalone]

#56308 — Re: Goodbye: was JUST GOT HACKED

On 2013-10-07 12:26, Walter Hurry wrote:
> The 'Goodbye' post was made in rather a fit of pique, for which I 
> apologise. If I am allowed a second chance, there is actually
> something puzzling me at the moment. It's a UnicodeDecodeError, but
> I shall start a separate thread about it.

Indeed, the list eagerly welcomes folks who want to learn Python (not
just have the answers spoon-fed to them **ehem**), so based on
your "I prefer to try to solve my own problems by reading the fine
documentation, and DuckDuckGoing," you're the ideal person we *want*
here.  You've already done the grunt work debugging/diagnosis, and
leave the interesting problems for the mailing-list to have fun
with. :-)

So UnicodeDecodeErrors?  Bring it on! :-)

-tkc

[toc] | [prev] | [next] | [standalone]

#56309 — Re: Goodbye: was JUST GOT HACKED

On Mon, Oct 7, 2013 at 5:56 PM, Walter Hurry <walterhurry@lavabit.com> wrote:
> On Thu, 03 Oct 2013 11:35:00 +0000, Steven D'Aprano wrote:
>
>> On Thu, 03 Oct 2013 09:21:08 +0530, Ravi Sahni wrote:
>>
>>> On Thu, Oct 3, 2013 at 2:43 AM, Walter Hurry <walterhurry@lavabit.com>
>>> wrote:
>>>> Ding ding! Nikos is simply trolling. It's easy enough to killfile him
>>>> but inconvenient to skip all the answers to his lengthy threads. If
>>>> only people would just ignore him!
>>>
>>> Hello Walter Hurry please wait!
>>>
>>> Did I do/say something wrong?!
>>
>> Don't worry about it Ravi, you haven't done anything wrong.
>>
>> Walter is not a regular here. At best he is a lurker who neither asks
>> Python questions nor answers them. In the last four months, I can see
>> four posts from him: three are complaining about Nikos, and one is a
>> two-
>> line "Me to!" response to a post about defensive programming.
>>
>>
>>
>>> If one of us should go it should be me -- Im just a newbie here.
>>
>> No, you are welcome here. You've posted more in just a few days than
>> Walter has in months. We need more people like you.
>
> Steven,
>
> You make a fair point. I have posted very little recently, for the
> following reasons:
>
> a) I'm not really competent enough to answer python questions, at least
> not yet.
>
> b) I try not to post my own Python questions unless as a last resort. I
> prefer to try to solve my own problems by reading the fine documentation,
> and DuckDuckGoing.
>
> However, I do lurk assiduously and have learned much by reading excellent
> 'answering' posts from many such as you.
>
> The 'Goodbye' post was made in rather a fit of pique, for which I
> apologise. If I am allowed a second chance, there is actually something
> puzzling me at the moment. It's a UnicodeDecodeError, but I shall start
> a separate thread about it.
>
> Sorry again.

Thanks!
For changing decision!

[toc] | [prev] | [next] | [standalone]

#56409

I don't think you are allowed to use the word dumbass to describe anyone or anything buddy.



On Tuesday, October 1, 2013 9:42:31 AM UTC-4, Ferrous Cranus wrote:
> Στις 1/10/2013 4:27 μμ, ο/η Chris “Kwpolska” Warrick έγραψε:
> 
> > On Tue, Oct 1, 2013 at 3:15 PM, Νίκος <nikos.gr33k@gmail.com> wrote:
> 
> >> Στις 1/10/2013 4:06 μμ, ο/η Mark Lawrence έγραψε:
> 
> >>>
> 
> >>> On 01/10/2013 10:58, Νίκος wrote:
> 
> >>>>
> 
> >>>> Just logged in via FTP to my server and i saw an uploade file named
> 
> >>>> "Warnign html"
> 
> >>>>
> 
> >>>> Contents were:
> 
> >>>>
> 
> >>>> WARNING
> 
> >>>>
> 
> >>>> I am incompetent. Do not hire me!
> 
> >>>>
> 
> >>>> Question:
> 
> >>>>
> 
> >>>> WHO AND MOST IMPORTNTANLY HOW DID HE MANAGED TO UPLOAD THIS FILE ON MY
> 
> >>>> ACCOUNT?
> 
> >>>>
> 
> >>>> PLEASE ANSWER ME, I WONT GET MAD, BUT THIS IS AN IMPORTANT SECURITY RISK.
> 
> >>>>
> 
> >>>> SOMEONES MUST HAVE ACCESS TO MY ACCOUNT, DOES THE SOURCE CODE OF MY MAIN
> 
> >>>> PYTHON SCRIPT APPEARS SOMEPLACE AGAIN?!?!
> 
> >>>
> 
> >>>
> 
> >>> Would you please stop posting, I've almost burst my stomach laughing at
> 
> >>> this.  You definetely have a ready made career writing comedy.
> 
> >>
> 
> >>
> 
> >> Okey smartass,
> 
> >>
> 
> >> Try to do it again, if you be successfull again i'll even congratulate you
> 
> >> myself.
> 
> >>
> 
> >> --
> 
> >> https://mail.python.org/mailman/listinfo/python-list
> 
> >
> 
> > It looks like you are accusing someone of doing something without any
> 
> > proof whatsoever.  Would you like help with the fallout of the lawsuit
> 
> > that I hope Mark might (should!) come up with?i'am
> 
> >
> 
> > Speaking of “try again”, I doubt it would be hard…  As long as a FTP
> 
> > daemon is running somewhere (and you clearly do not know better); or
> 
> > even you have a SSH daemon and you do not know better, an attacker
> 
> > can:
> 
> >
> 
> > a) wait for you to publish your password yet again;
> 
> > b) get you to download an exploit/keylogger/whatever;
> 
> > c) brute-force.
> 
> >
> 
> > Well, considering it’s unlikely you actually have a long-as-shit
> 
> > password, (c) is the best option.  Unless your password is very long,
> 
> > in which case is not.
> 
> >
> 
> > I’m also wondering what language your password is in.  If you actually
> 
> > used a Greek phrase, how long will it take you to get locked out due
> 
> > to encoding bullshit?
> 
> 
> 
> Like i use grek letter for my passwords or like i'am gonna fall for any 
> 
> of your 3 dumbass reasons.
> 
> 
> 
> I already foudn the weakness and corrected it.

[toc] | [prev] | [next] | [standalone]

#55198

On 01/10/2013 14:15, Νίκος wrote:
> Στις 1/10/2013 4:06 μμ, ο/η Mark Lawrence έγραψε:
>> On 01/10/2013 10:58, Νίκος wrote:
>>> Just logged in via FTP to my server and i saw an uploade file named
>>> "Warnign html"
>>>
>>> Contents were:
>>>
>>> WARNING
>>>
>>> I am incompetent. Do not hire me!
>>>
>>> Question:
>>>
>>> WHO AND MOST IMPORTNTANLY HOW DID HE MANAGED TO UPLOAD THIS FILE ON MY
>>> ACCOUNT?
>>>
>>> PLEASE ANSWER ME, I WONT GET MAD, BUT THIS IS AN IMPORTANT SECURITY
>>> RISK.
>>>
>>> SOMEONES MUST HAVE ACCESS TO MY ACCOUNT, DOES THE SOURCE CODE OF MY MAIN
>>> PYTHON SCRIPT APPEARS SOMEPLACE AGAIN?!?!
>>
>> Would you please stop posting, I've almost burst my stomach laughing at
>> this.  You definetely have a ready made career writing comedy.
>
> Okey smartass,
>
> Try to do it again, if you be successfull again i'll even congratulate
> you myself.
>

Oh boy is this fun!!!  Is this Nikos or is this not Nikos, that is the 
question?  Thinking that I could hack a website, there's more likelihood 
that it's the latest member of the UK Royal Family.

-- 
Cheers.

Mark Lawrence

[toc] | [prev] | [next] | [standalone]

#55234

On 01/10/2013 14:27, Chris “Kwpolska” Warrick wrote:
>
> It looks like you are accusing someone of doing something without any
> proof whatsoever.  Would you like help with the fallout of the lawsuit
> that I hope Mark might (should!) come up with?
>

Why would I want to sue someone who's very kindly given me the longest, 
loudest laugh I've had in years?  Besides I can't afford a lawyer, don't 
want to put any money the way of ThievingScumbagLawyers.co.uk, and what 
is the point of sueing a person who almost certainly is going bust and 
hence can't afford to pay up.

Finally it was most certainly *NOT* me who did the hacking.  If it had 
of been I would have taken the same type of action just to teach Nikos a 
lesson, but I would have owned up to my trickery after a few hours.  As 
it happens my skills are so outdated that I wouldn't have the faintest 
idea where to start, unless of course I'd have taken the trouble of 
wading through the gazillions of posts talking about websites here with 
the occasional mention of how (not) to write Python.

-- 
Cheers.

Mark Lawrence

[toc] | [prev] | [next] | [standalone]

#55233

Νίκος <nikos.gr33k@gmail.com> writes:

> Just logged in via FTP to my server and i saw an uploade file named
> "Warnign html"
>
> Contents were:
>
> WARNING
>
> I am incompetent. Do not hire me!
>
> Question:
>
> WHO AND MOST IMPORTNTANLY HOW DID HE MANAGED TO UPLOAD THIS FILE ON MY
> ACCOUNT?
>
> PLEASE ANSWER ME, I WONT GET MAD, BUT THIS IS AN IMPORTANT SECURITY RISK.
>
> SOMEONES MUST HAVE ACCESS TO MY ACCOUNT, DOES THE SOURCE CODE OF MY MAIN
> PYTHON SCRIPT APPEARS SOMEPLACE AGAIN?!?!

This shows that the warning was correct.
-- 
Piet van Oostrum <piet@vanoostrum.org>
WWW: http://pietvanoostrum.com/
PGP key: [8DAE142BE17999C4]

[toc] | [prev] | [next] | [standalone]

#55241

On Tue, 01 Oct 2013 12:58:50 +0300, Νίκος wrote:

> Just logged in via FTP to my server and i saw an uploade file named
> "Warnign html"

Yes, so we can add "basic internet security" to the growing list of 
things you know nothing about:

python programming, etiquette, http, dns, tcp/ip, mimetypes, utf-8, basic 
internet security

And this is just based on the last 30 days of your posts!

-- 
Denis McMahon, denismfmcmahon@gmail.com

[toc] | [prev] | [next] | [standalone]

#55250

:

Imagine, if you will, a pub landlord. I'll call him Nick.

The pub Nick manages is a run-of-the-mill affair: he leases it from a
brewery, and they look after most of the technical aspects of the
business. When it comes down to it, Nick is just a reseller of alcohol.
If one of the regulars mentions that they like Joomlager[1], all he has
to do is call the brewery and they'll handle the rest.

After a little while, Nick decides that his six months experience behind
a bar qualifies him for greater things. He's heard that the cool kids
are all drinking artesanal, micro-brewed Python Ale these days, so
thinking to himself "how hard can it be?", Nick throws syrup, yeast and
water into a big bucket next to the bar (reading up on how to do it
properly is too boring for Nick), and after a week or so, he's got a
sludgy mess for his trouble.

"Great!", thinks Nick. "I can sell this no problem".

Unsurprisingly, Nick's "beer" is awful. His customers aren't that fussy
(they're in Nick's bar, after all), but the stuff doesn't even seem to
get you even slightly merry, and a couple of people have gotten ill
after drinking it.

Undaunted, Nick decides to stick at it. He still can't be bothered to
learn anything about fermentation or any of that boring crap, but that's
okay, because he's discovered the local Python Ale Brewing Club.

The PABC is a friendly, helpful bunch, and a lot of the members really
know their stuff. For example, when Nick asks "how do I avoid letting
that scummy residue into the glass when I dunk it into the bucket to
serve someone?", they try to explain to him that a) serving directly
from the same bucket he brewed in is a bad idea, and b) if he'd brewed
it right, there shouldn't be any scummy residue in the first place.

Of course, Nick doesn't have time for any of that - he just wants an
answer to his question. He resolutely ignores anyone who tells him
things like "anyone could spit (or worse) in that open bucket; you need
to think about safety", and if someone tells him he should add malt to
improve the flavour, he just throws some ovaltine into the bucket he's
serving from, along with any half-finished drinks left by his customers.

Meanwhile, a lot of the members of the PABC are getting tired of Nick
asking the same questions over and over again, and not listening to the
answers - and especially his casual disregard for the safety of his
customers. They're enthusiasts, after all, and he's the kind of guy that
gives drinking establishments a bad name.

So, one night just before closing time, one of them pours bright green
food dye into Nick's bucket - nothing that would hurt anyone, but
something that Nick couldn't fail to notice before opening up the next
day. It's a little sketchy to adulterate his product like that, but he's
proved impervious to everyone's attempts to get him to take safety
seriously - maybe *this* will shock him into action.

Sure enough, the next morning Nick starts crying about how someone has
poisoned his beer. It's okay though; he's covered the bucket with a wet
towel, and he challenges anyone to get past what he believes is his
now-perfect security.

 - - -

In other words: you weren't "hacked". You'd been repeatedly told that
you had publicly visible source code on the net containing passwords in
plain text; all anyone had to do was login to your server with the
credentials you negligently exposed, and open a text editor. If that's
hacking, I'm Neo.

That's not to say someone else *hasn't* pissed in your bucket, but if
they have, they won't have publicised the fact.

By the way: if you haven't already, you'll want to remove the extra line
from your .htaccess file. And in case it isn't obvious: no, it wasn't
Mark Lawrence.

 -[]z.

[1] "It's a bit rough, but it gets the job done. Gives you a terrible
hangover, mind".

-- 
Zero Piraeus: flagellum dei
http://etiol.net/pubkey.asc

[toc] | [prev] | [next] | [standalone]

#55254

Στις 2/10/2013 2:02 πμ, ο/η Zero Piraeus έγραψε:
> In other words: you weren't "hacked". You'd been repeatedly told that
> you had publicly visible source code on the net containing passwords in
> plain text; all anyone had to do was login to your server with the
> credentials you negligently exposed, and open a text editor. If that's
> hacking, I'm Neo.

I'am aware of that fact, but the line you are refering too was just 
initiating a mysql connection:

con = pymysql.connect( db = 'mypass', user = 'myuser', passwd = 
'mysqlpass', charset = 'utf8', host = 'localhost' )

That was viewable by the link Mark have posted.

But this wasnt my personal's account's login password, that was just the 
mysql password.

Mysql pass != account's password

> That's not to say someone else *hasn't* pissed in your bucket, but if
> they have, they won't have publicised the fact.

Ah, now i shoudl worry for more people breaking in?

> By the way: if you haven't already, you'll want to remove the extra line
> from your .htaccess file.

Tell me the line you are referring to.
Yes i added some line but i want you to tell me which line is that.

> case it isn't obvious: no, it wasn't
> Mark Lawrence.

Who was it then, you?

[toc] | [prev] | [next] | [standalone]

#55259

[Multipart message — attachments visible in raw view] — view raw

On 2 October 2013 09:28, Νίκος <nikos.gr33k@gmail.com> wrote:

>
> con = pymysql.connect( db = 'mypass', user = 'myuser', passwd =
> 'mysqlpass', charset = 'utf8', host = 'localhost' )
>
> That was viewable by the link Mark have posted.
>
> But this wasnt my personal's account's login password, that was just the
> mysql password.
>
> Mysql pass != account's password


Because there's no chance with the brilliance you display that there could
be any possibility of login details being kept in plaintext in your
database.

And of course your database is so well locked down that no attacker with a
login to it could then execute arbitrary code on your system.

And there's also zero chance that your personal account login details are
also available in plaintext somewhere that you're unaware of.

Tim Delaney

[toc] | [prev] | [next] | [standalone]

#55262

On 2013-10-02 09:48, Tim Delaney wrote:
> Because there's no chance with the brilliance you display that
> there could be any possibility of login details being kept in
> plaintext in your database.
> 
> And of course your database is so well locked down that no attacker
> with a login to it could then execute arbitrary code on your system.
> 
> And there's also zero chance that your personal account login
> details are also available in plaintext somewhere that you're
> unaware of.

And there's no way an elephant-sized hole in the web application
allowed for dropping files/scripts on the server to do the arbitrary
bidding of anybody who read the source...

-tkc

[toc] | [prev] | [next] | [standalone]

#55322

On Wed, Oct 2, 2013 at 1:48 AM, Tim Delaney <timothy.c.delaney@gmail.com> wrote:
> On 2 October 2013 09:28, Νίκος <nikos.gr33k@gmail.com> wrote:
>>
>>
>> con = pymysql.connect( db = 'mypass', user = 'myuser', passwd =
>> 'mysqlpass', charset = 'utf8', host = 'localhost' )
>>
>> That was viewable by the link Mark have posted.
>>
>> But this wasnt my personal's account's login password, that was just the
>> mysql password.
>>
>> Mysql pass != account's password
>
>
> Because there's no chance with the brilliance you display that there could
> be any possibility of login details being kept in plaintext in your
> database.

Or the statement is a blatant lie and was meant to be

    mysql_password is not account_password

as they have the same value, but are set independently.  (too much Python Ale…)

-- 
Chris “Kwpolska” Warrick <http://kwpolska.tk>
PGP: 5EAAEA16
stop html mail | always bottom-post | only UTF-8 makes sense

[toc] | [prev] | [next] | [standalone]

#55325

Am 02.10.2013 13:47, schrieb Chris “Kwpolska” Warrick:
> On Wed, Oct 2, 2013 at 1:48 AM, Tim Delaney
> <timothy.c.delaney@gmail.com> wrote:
>> On 2 October 2013 09:28, Νίκος <nikos.gr33k@gmail.com> wrote:
>>>
>>>
>>> con = pymysql.connect( db = 'mypass', user = 'myuser', passwd =
>>> 'mysqlpass', charset = 'utf8', host = 'localhost' )
>>>
>>> That was viewable by the link Mark have posted.
>>>
>>> But this wasnt my personal's account's login password, that was 
>>> just the
>>> mysql password.
>>>
>>> Mysql pass != account's password
>>
>>
>> Because there's no chance with the brilliance you display that there 
>> could
>> be any possibility of login details being kept in plaintext in your
>> database.
>
> Or the statement is a blatant lie and was meant to be
>
>     mysql_password is not account_password
>
> as they have the same value, but are set independently.  (too much
> Python Ale…)

Who cares... mysql> \! bash... job done.

[toc] | [prev] | [next] | [standalone]

#55305

zero piraeus have said:

> In other words: you weren't "hacked". You'd been repeatedly told that
> you had publicly visible source code on the net containing passwords in
> plain text; all anyone had to do was login to your server with the
> credentials you negligently exposed, and open a text editor. If that's
> hacking, I'm Neo.

I'am aware of that fact, but the line you are refering too was just 
initiating a mysql connection:

con = pymysql.connect( db = 'mypass', user = 'myuser', passwd = 
'mysqlpass', charset = 'utf8', host = 'localhost' )

That was viewable by the link Mark have posted.

But this wasnt my personal's account's login password, that was just the 
mysql password.

Mysql pass != account's password

> That's not to say someone else *hasn't* pissed in your bucket, but if
> they have, they won't have publicised the fact.

Ah, now i shoudl worry for more people breaking in?

> By the way: if you haven't already, you'll want to remove the extra line
> from your .htaccess file.

Tell me the line you are referring to.
Yes i added some line but i want you to tell me which line is that.

> case it isn't obvious: no, it wasn't
> Mark Lawrence.

Who was it then, you?


I wont get mad but i want you too answer all of my questions and:

1. state by which method you managed to break in since at noplace at my 
awareness did i psot my account's login pass, only the source code of my 
main script which is now fixed by me altering the httpd.conf file and 
placing extra lines into my main .htaccess file

2. Be sincere and tell me if you have created a backdoor on my server 
that allows you to remotely login and do stuff.

I will even thank you for not destroying my system, but i want these 
questions i just types to be answered so i take action to fix things ven 
better.

Please, this is a business server.

[toc] | [prev] | [next] | [standalone]

#55314

Am Mittwoch, 2. Oktober 2013 12:52:39 UTC+2 schrieb Ferrous Cranus:
> ...
>> By the way: if you haven't already, you'll want to remove the extra line
>> from your .htaccess file.
> Tell me the line you are referring to.
I think it will be the line YOU did NOT enter. Just take a look yourself. The best way will be to compare it to a backup you made before the change.
(Nikos and backups. Good joke, ins't it?)

> ...
> I wont get mad but i want you too answer all of my questions and:
> 1. state by which method you managed to break in since at noplace at my 
> awareness did i psot my account's login pass, only the source code of my 
> main script which is now fixed by me altering the httpd.conf file and 
> placing extra lines into my main .htaccess file
> 2. Be sincere and tell me if you have created a backdoor on my server 
> that allows you to remotely login and do stuff.
> I will even thank you for not destroying my system, but i want these 
> questions i just types to be answered so i take action to fix things ven 
> better.
ROTFL. You made my day. Again!

> Please, this is a business server.
No it ist not:
Am Montag, 30. September 2013 20:03:32 UTC+2 schrieb Ferrous Cranus:
> ...
> I learn Python for personal pleasure because i like programming.
"Learning for personal pleasure" and "business server" can't be true both.
So one of the statements is wrong. Therefore you are a liar Nikos, I'm sorry. 

[toc] | [prev] | [next] | [standalone]

Page 4 of 5 — ← Prev page 1 2 3 [4] 5  Next page →

Back to top | Article view | comp.lang.python

csiph-web