how crackers/hackers add passwords to your paysite ???

i have been around a good few years now just wondered if you guys ever wondered how it was done ?

Unfortunately it is way too easy! And another angle is that people tend to use the same passwords on boards and a lot of other places! :rolleyes:

Peace and Profit

but would you guys know how its done i certainly know as like i say i have been around for a while the suddenly realised why not help owners to combat this ?!

after doing the rounds i thought maybe turn my hand to helping instead of taking !

well i just tried to edit my post but with no luck was going to add if anyone would like info please pm me ! :badcomp:

Well, poor programming of websites...

e.g. a users uses php and mysql to access the db. He then writes username and pwd into a php script of config file... however he does not put that file outside the webroot....

Now PHP fails and you can see username and pwd in plain text for the db... once you have that info you can try to connect to the db. I'm pretty sure when that guy doesn't even move the config file outside the webroot then he has a global root user to mysql which he lets to connect from everywhere... if so then probably the same guy does not encrypt user pwds which are stored.... or the hacker just inserts a new user there

That means you can easily get those things... I've seen that a couple of times where PHP has been failing... on a server.....

This is just a simple way of getting acces...

Some is down to pore programming some use other tools !

want to learn more pm me !