My SSL Helped Me Stay Seccure
#1
I am running like 4 mybb forums on my website and as the hacker hacked into the Mybb's Github page, and i do not what what he did but the result was that whenever anyone using mybb would log into his admin panel and a version check was performed, hacker would get a copy of the database.
I was unaware of the hack logged into my admin panel. My ssl was blocking content. It had never happened before so that did concern me. Anyways, i ended up manually unblocking the content for two of my forums.
Then after reading about the hack, as instructed, i looked into my admin logs and the two forums (that i manually unblocked the content for) had the download of the backup mentioned in records but when i checked the rest of my two forums (They had content blocked) there no nothing. No database backup was downloaded.
So in my opinion, if you can afford it, you must use an ssl. And never unblock the content without first verifying the source of the content.
I still have no understanding of how my ssl knew that something is wrong. I would appreciate if someone could explain a little.
Reply
#2
(2014-11-18, 06:46 PM)helper4u Wrote: I still have no understanding of how my ssl knew that something is wrong. I would appreciate if someone could explain a little.

Modern browsers block unprotected content by default. That means, if you visit a website through HTTPS and it attempts to load any content through HTTP (unprotected channel, and the address of the resource containing the malicious code included only HTTP), it will block it regardless of its source (from your or an external domain).

A solution was proposed that would block any content linking to external servers (to prevent XSS attacks within the ACP), even without HTTPS - Content Security Policy, but there is no information whether it will be implemented yet.
devilshakerz.com/pgp (DF3A 34D9 A627 42E5 BC6A 6750 1F2F B8AA 28FF E1BC) ▪ keybase.io/devilshakerz
Reply
#3
Thanks but it did not make much sense to me. It is ok Smile
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)