Quote:
Originally Posted by fhomess
I don't really know much more about this hacking thing with regards to the OOTPOU than Getch does, but I did think of one thing. A potential problem with the OOTPOU is that the passwords are stored unencrypted, so if your commish is using the same ID/password combo for the utils that he's using for the website, you'd be compromising your security.
|
Yep. That plus I am sure many owners (or ex owners) never changed their password, so logging in to a user generally is not hard (I've done it many times on sites that needed help with something. Just try some users until 'baseball' let me in).
I really feel that if my utils had a security breach, it'd be somewhere as a user logged in. However, where is up in the air. Simply getting the server logs, as well as looking at the timestamps of files that changed at the time of the hack, will go a long way to solving this issue, rather than guessing at what it might be.