1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

We've been hacked :roll:

Discussion in 'News and Announcements' started by Nick, Dec 7, 2009.

  1. Nick

    Nick Well-Known Member

    Looks like we have ruffled some feathers because the folk from Pligg decided to hack into our demo site and renamed it "Pligg Rulez"! :rolleyes:

    We're an open source project and as such, our code is publicly available for all to see, which does leave us vulnerable to hackers. Still, that's half the fun of open source programming, and getting a friendly nudge like this from our friends at Pligg is a reminder that we need to pay more attention to security issues.
  2. JonH

    JonH Admin & Design

    Good to see Hotaru news is getting around :p
  3. carlo75

    carlo75 Design & Development

    Unfair... pligg don't rules!
  4. carlo75

    carlo75 Design & Development

    Do you know how they do that?
  5. Nick

    Nick Well-Known Member

    I can't say for sure, but it would have been possible with a cross-site request forgery - probably on the user permissions page to get admin access. I'll go through every form, adding tokens with this CSRF Protection Class, and then maybe they'll be kind enough to try and hack us again so we can see if it worked. :)
  6. Sunny

    Sunny New Member

    hahaha Nick your comments are amusing, thanks for the laugh :)

    We all see great potential in Hotaru and apparently so do the folks at Pligg.com. Quiet frankly, if it wasn't for them, Hotaru wouldn't be here. This is a good example of when developers care more for making money via Plug-gins than providing quality and support. This is just my personal opinion based on experience.

    Thanks Pligg!
  7. rushnp774

    rushnp774 New Member

    No wonder you've been going balls-to-the-wall with the CSRF stuff lately Nick. Makes sense :D. Hopefully that was how they did it, and that your changes will block it next time. If it wasn't how they hacked it, we're (hopefully) protected against CSRF in the future, so it's all good.
  8. bbrian017

    bbrian017 New Member

    I read pligg status update. They claim to have nothing to do with the attack.
  9. Nick

    Nick Well-Known Member

    Well that rules out all 50,000 Pligg users then. Phew! ;)

Share This Page