Hackers In Invisionfree Need help urgently

[Xevian 0]

It is the version 1.3 and the site is not destroyed, just shut down by the hacker. They say that it is offline and it will be deleted in 10-20 days... Seems like a rather wierd way to delete it... Anyway we moved to a back-up site until we can get a more secure website.

[-=Wrighty=- 0]

InvisionFree is very easy to hack into so I've been told. As I know myself its very simple compared to normal IPB, meaning it can be very easily hacked.All the invisionfree users claim that its amazing and IPB is the n00b version, but then again, I guess, they've never tried it.

[Xevian 0]

Guess so... People usually settle on something that works, and defend it until the horrible truth comes out. Like with invisionfree, so far, among my friends, around 10 out of 30 sites have been hacked... Makes it rather weak and we all filed complaints to invisionfree to introduce better security, but they don't do anything. We users are on our own!

[Jguy101 0]

The IF ACP is way better than the standard IPB version, but they removed some good features like custom profile fields, and security's horrible.

[Xevian 0]

I see... I like using custom profile fields... Altering stuff is fun! Oh and for now we just moved to another back-up site and then sooner or later it will also get hacked then we try to move into Xisto! Hope it works!

[iGuest 3]

Invisionfree and IPB are way different. The ipb 2.0.3 and up hasthe best security and is impossible to hack. My friend tried to hack me for a test and it didnt work. However we tested it on a invisionfree board (Mine) and it worked. Also yeah my friend owned ifgraphics andwas hacked laready 2 times by a guy name Xenobia. I destroyed hisemail but its still not enough!

[ninjamunky 0]

You should read up on this kind of thing at http://www.hackthissite.com/ It's sort of a learning site for basic and semi-advanced hacking skills. From the webhacking missions I did, all I needed was some basic knowledge, like view source, and stuff like that and I was able to get like 4 levels into their webhacking mission. It's a good site for if you're curious or whatever. If you have space that supports PHP and MySQL, contact me and we'll talk about IPB 2.0 or whatever the latest official release is.

[Sakizen 0]

ok well, based on what links i seen.I'm assuming you are using the free service form invisionfree.com.Your hacker was probably a social engineerer. Which means he used an admin's trust to get in, or someone else's stupidity.Why this suggestion and not any other suggestions such as exploits, XSS, SQL Injects, etc?the host is patched and quite secure. unless they have access to the admin CP, they can only use basic HTML at the very most.Anything more dangerous is filtered and disabled.This includes script tags or popular XSS attempts such as <img src="someScriptFile.js"For SQL Injection, this is nearly impossible unless you can return an SQL Server Error. InvisionFree uses the PHP service, which probably uses MySQL. Unless you can add some naughty characters in the login fields or in the URL itself and return a SQL error displaying some table and column names. SQL Injection probably isn't possible. InvisionFree is a professional and updated reguarly site. They filter these type of inputs. They have thousands and thousands of boards registered and being used every day. If someone can SQL Inject, they can clear all that in seconds. And I haven't seen that many 404 errors.Going back to my point of Social Engineering. Make sure your computer is cleaned.Hackers best tool is trust.Honestly, as of today, the only potential danger that InvisionFree has that I can see is their cookie setup.It has 2 dangerous pieces of information that people can take advantage of. These include the Member_ID, and the password hash code.I won't release what type of hash code it uses, but it isn't hard to figure it out.Basically, if someone can get a hold of your cookie value, then they can find your username easily be going to:invisionfreeboard.com/index.php?viewmember=[member_id]and if the user has a very common/weak password, the hash code can be broken.That being said, someone can easily find your username and password just by the cookie file..not to mention the session ID.Just for kicks, I know someone is going to say that hash is one-way and can't be decoded, but this is how it is done.lLet's say "hello" encrypted is equal to "asfgh"Very easily to make programs encrypt a word from a dictionary file to test if the english word "hello" encrypted using a specific encryption method to see if it equals to "asdfg"I know this post is very confusing to read and unorganized.

[grim reaper1666 0]

i d recommend going for phpbb3 that is harder to hack into and it would be best to use a different host

[8ennett 0]

I'm not really well versed in the arts of using the computer without software aid, anyway, my friend's friend created a invision free board for roleplaying, and this hacker who hates my friend's friend hacked into the original board and deleted it, now he is attacking the second board that we have made... Can someone give me some insight on how this hacker is always successful? Is there anyway to block this?

There are so many responses to this yet this was posted over five years ago lol if they're still having trouble with this guy then they need some police intervention me thinks. Invision boards are notoriously unsecure, although that has been addressed over the years. But yeah if you aren't going to write your own forum then I would suggest vBulletin. Highly secure and full customiseable with so many additonal plugins available. Short of that, you could always try hacking this guy back, or just go round to his place and kick in his PC? Possibly his face while you're at it? lol only joking

[Sakizen 0]

didn't even realize this was posted in 2005... rofl