HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Security enhancements - Comments

Login / Search

 [ Join | More ]
 

Security enhancements

Posted 28 July 2013, 11:58 PM

Hello all,

During the last week we had two major failed attempts to hack ocPortal.com.

The first was a bot attack of many different hack patterns, multiple attempts per second sustained over roughly an hour. The hack-attack detection system flagged up these attacks well and correctly banned the offending machines.

Read more


Avatar
By hackers, I have to assume you mean crackers. There is a difference. Crackers are the guys that go around busting into sites and things. Hackers are just a type of programming group that hack at code, not at sites. I only bring this up because there's plenty enough bad information on hacker/cracker and I thought that I should do my part here.

That said, it is good to know that ocPortal is as invincible as I always believe it to be. It is the superman CMS. Silly crackers were foolish to even try.
Avatar
Well, I think attempts to get most people to use or understand the word 'cracker' are pretty futile. Do you also always say you use GNU/Linux rather than Linux :lol:? Most words in the English language don't mean what they were originally coined to mean. For example, the word 'coin' originally meant 'wedge', which a coin was, but now nobody would understand it to mean 'wedge' ;).

It's important for me to never say ocPortal is invincible, although I very much appreciate your confidence and support! We did make a couple of mistakes that left us open to attack, although they were not vulnerabilities in ocPortal itself. The main thing is we have now introduced a lot of new security measures. Yesterday we introduced new 'encrypt' and 'self_destruct' tags for support ticket users, as well as post editing and deletion support. Our intrusion detection system is working really nicely, it alerts every time I make any change that could be suspicious, so I know it's working :lol:.
Avatar
LOL of course not, besides the GNU/Linux debate (which is silly if you ask me - you wouldn't call Windows 8 Metro/Windows NT 6.3 and if you really wanted to call Linux GNU/Linux, ou' have to call it GNU/X/KDE(or whatever)/ALSA/Linux. IMO, it's best to call it by the distro anyway, but yeah), isn't the same as hacker vs cracker.

But the coin vs wedge analogy does fit so your point is well taken. Still, I needed to do my civic duty :P.

At least it knows that what you are doing is suspicious! That is progress right there! I've tried for years to warn ocPortal of your suspicious behaviour.


Avatar
Not only do I agree with Chris reasoning for using the word but I also think the term hackers nowadays suites todays situations of this kind because (although you are correct originally Crackers and Hackers meant 2 different things)

A) Todays "Crackers" are mostly "Hackers".

Meaning most are not true skilled crackers but those with intermediate skills "Hacking together" methods and code originated by more skilled true "Crackers" and then those with even less skill often called "Skiddies" or "Script Kiddies".

True "Crackers" are probably responsible for not much more than a handlful of the thousands of cases out there.

B) As Chris points out the word hacker has evolved in the common peoples eyes to mean what originally was meant to represent a cracker. Just like he points out happened to coin/wedge.

C) True "Crackers" are often less ego oriented than the more common breed of "Hacker" meaning the "Cracker" is often more concerned with exploitation for personal benefit or for the challenge itself unlike the "Hacker" who is often more concerned with wreaking havoc, defacing sites, disrupting others simply to boost his ego and by simply operating this way he makes himself unworthy of the title "Cracker" and really is just a hack!


Now if you are reading this debate and are a Cracker I am not as worried that you'll feel the need to take the words posted here as a challenge to demonstrate your skill as I believe you are of a higher character than to waste your time like that but I do hope if you fall under the category of what I deemed hacker, as tempted as you might be to punish me or this community or to "Prove" your skills I would hope that my words might inspire you to take the next step in evolution of your skill development and that is to become a true "Cracker" who demands of himnself a higher set of standards.

 If you must be disruptive go be disruptive somewhere that deserves it not in a community that's working hard helping the "little guys" of the world and helping to provide something decent as an alternative to the monopolies out there.
Avatar
You are just a little off on your definition of Cracker there Duck. Being called a cracker is derogatory, not some form of elite hacker. This confusion of course does an outstanding job at reinforcing Chris's point.

For clarification:

wikipedia said

In the computer security context, a hacker is someone who seeks and exploits weaknesses in a computer system or computer network[1] . Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge.[2] The subculture that has evolved around hackers is often referred to as the computer underground and is now a known community.[3] While other uses of the word hacker exist that are not related to computer security, such as referring to someone with an advanced understanding of computers and computer networks,[4] they are rarely used in mainstream context. They are subject to the long standing hacker definition controversy about the true meaning of the term hacker. In this controversy, the term hacker is reclaimed by computer programmers who argue that someone breaking into computers is better called a cracker,[5] not making a difference between computer criminals (black hats) and computer security experts (white hats).[6] Some white hat hackers claim that they also deserve the title hacker, and that only black hats should be called crackers.

It also shows that I was pointedly wrong as well, although I wasn't speaking of "hacker" in computer network sense but computer programming sense. Hacker does and can apply to this use-case, so sorry for trying to correct you there Chris. However, Cracker does not equal Hacker +.

Source: Hacker (computer security) - Wikipedia, the free encyclopedia

But lets not get off  what really matters here folks. That is that ocportal = teh awesome.
Avatar
I think maybe I may have chosen the wrong words in my explanation?

I did not mean to imply "Cracker" is in no way derogatory. What I mean is if you take the words hack and crack by definition while both can mean to "break" something, hack would imply unskilled effort to break where as crack would be a more definitive skilled action.

A "Cracker" "understands" the sytems and code fairly thoroughly his attempts to break in are methodical yet with the ability to improvise and discover NEW exploits, NEW methods, etc. Typically one with these skills is more interested in exploitation for gain (Stealing stuff etc) and are less likely to "WANT" attention. Occaisionally it may be for ego and fun but again are less likely to want to attention but rather to save their backdoors for another day if they need it.

Where as I was implying that the "Hacker" on the other hand is often less skilled relying on eploiting "known" exploits or using "tried" methods to break in (think hacking and slashing at something)  and then once they do are simply satisfied to show off they've done so by defacing or disrupting the innocent. They can have more skill than a script kiddie but that to me doesn't make them a "true Cracker" the definition you are trying to imply that makes them different from the term hacker.

That distinction which was probably provided by those with medium to higher skill (including true Crackers) to feed their egos is only further perpetuated today by those in the security industry trying to impress clients (or potential clients) by sounding more knowledgable "of the scene" when no matter how many times the client hears it "hacker" still means cracker to them. *EDIT (or I should say "Cracker" still means "Hacker" to them)

But my point being that that original distinction by definition  is what makes todays typically (aka the majority) "Cracker" really more of a "Hacker" than a true cracker.

in other words:

Hackers (originally) was suppose to mean someone who hacks together code (or written words etc) to produce a program (or written work of low quality) and Cracker was supposed to mean someone who breaks code purposefully.

So a "hacker" was a less skilled programmer or author.

A Cracker was a skilled break-in artists be it safes or computer networks or programs etc.

Now that these days there is a prolifiration of Scripts or Tutorials on the basics of "Cracking" there are thousands of new unskilled (or medium skilled) people performing the job of Cracking which to me makes them the sames as those "Hackers" of Programs or Written Works etc and now they have earned the title of "hackers" in the "Cracking" world

 Not sure if I made any more sense this time?


Last edit: by Duck




Avatar
Thank you, team!

 :thumbs:

Avatar
They will try everytime again, but Thanks Team for this.

 :thumbs:

Avatar
It is such a shame that we must always deal with these kinds of abuse. I am glad you guys were able to keep things at bay and that you have instituted plans that would help reduce future affects. I feel for the time lost having to firefight.

Avatar
Glad to hear you have overcome these malicious attacks.

Avatar
Thank you, we may not show it as well as we should at times, but we do know the fantastic work you all do on ocPortal makes this the most stable script of it's type to manage.

There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: