PHPAS V 4.0 security = big fail?

sly5 · 08-20-2008, 09:23 AM

Big Dog Arcade was hacked recently and the webmaster has posted a message that says the following:

"We had designed some templates based on this Version 4.0, after having been told by the owners of PHP Arcade Script that it was ready to be released. However, this script was vulnerable to attack and now we decided to start this entire domain over from scratch."

Does anyone know what the security status on V4.0 is? Has anyone else experience problems?

Just glad I didn't decide to upgrade...

peter_anderson · 08-20-2008, 09:27 AM

The message is on http://www.bigdogwebsitedesign.com/ not http://www.bigdogarcade.com/

v4 was going to have security problems - I knew from the start. People should never use BETA's until they are fully released.

sly5 · 08-20-2008, 09:46 AM

Quote:

Originally Posted by peter_anderson

The message is on http://www.bigdogwebsitedesign.com/ not http://www.bigdogarcade.com/.

Sharp as a razor blade. Error corrected.

piczogame · 08-20-2008, 11:23 AM

V4 isn't well designed out nor as it been given the right work to be even close to as finshed. I love phpas seriously but V4 looks to me is V3 with addons and alot of new open holes...

Wait till it offically comes out of BETA as from what i know its a sql injection exploit which maybe the cause as it has a past for it.

I woulded go near V4 at all as its a long way away from being stable and secure...

GetGamesHere · 08-20-2008, 10:06 PM

A friend's site was hacked on v4. His logs showed the command to cause it, and it actually works on v3 also, so don't feel too safe with not upgrading. If you want to know how to protect against it, PM me, because I am not going to post the hack for potentially dangerous people to see. It's a disturbingly easy hack, so I wouldn't be surprised if other scripts could be exploited with a similar approach.

piczogame · 08-20-2008, 10:39 PM

The fix for V3 has been posted on the forum if you signin to the forum you will see it as "Extra Security For You V3" under the phpas owners only subforum.

GetGamesHere · 08-21-2008, 12:01 AM

Thanks piczogamer, I didn't know that. I posted some additional suggestions there because the fix doesn't really address the issue, just makes it a little harder. But the full extent of the problem can be different for each of us depending on how much we modified it. I think the script is pretty good, just some portions of the security logic weren't fully implemented.

piczogame · 08-21-2008, 12:30 AM

Quote:

Originally Posted by GetGamesHere

Thanks piczogamer, I didn't know that. I posted some additional suggestions there because the fix doesn't really address the issue, just makes it a little harder. But the full extent of the problem can be different for each of us depending on how much we modified it. I think the script is pretty good, just some portions of the security logic weren't fully implemented.

Its PiczoGame but friends call me antz,
I know phpas has issues and till this day still remains as the strongest most customisable script ever created so far. You coulded get more open coding than this thats sellable 100 times over... Nearly every arcade script has a failure somehow and they can't say that its 100% Perfect as nothing ever is. Heck were just human so cut them some slack lol.

I bet the other scripts are way worser just not been exploited yet because phpas is really populer with most top big arcades.

archgames · 08-21-2008, 04:00 AM

Quote:

Originally Posted by piczogame

Nearly every arcade script has a failure somehow and they can't say that its 100% Perfect as nothing ever is.

Yep! You got it right... and i bet even if someone finds a fix to the problems another stupid hacker is going to try and find a new way to hack...it is a ongoing proccess and a ongoing war between the webmaster and hackers....Hopefully one day webmasters will win!

Thanks
Aash

LearnNewbie · 08-30-2008, 12:58 PM

Does anyone using phpas? look like they are out of beta but kinda look scary after the site got hack? lol

Anyway does anyone know phpas out of beta yet?

08-20-2008, 09:23 AM	#1 (permalink)
sly5 Preferred Member Join Date: Jul 2008 Location: On a platform somewhere in a station near you. Posts: 168	PHPAS V 4.0 security = big fail? Big Dog Arcade was hacked recently and the webmaster has posted a message that says the following: "We had designed some templates based on this Version 4.0, after having been told by the owners of PHP Arcade Script that it was ready to be released. However, this script was vulnerable to attack and now we decided to start this entire domain over from scratch." Does anyone know what the security status on V4.0 is? Has anyone else experience problems? Just glad I didn't decide to upgrade... __________________ Check out The Sly5 Arcade Blog, it's hot! Check out The Sly5 Games Arcade, it's hotter!

08-20-2008, 11:23 AM	#4 (permalink)
piczogame Arcade Freestyler Senior Member Join Date: Sep 2007 Location: Scotland Posts: 1,417	V4 isn't well designed out nor as it been given the right work to be even close to as finshed. I love phpas seriously but V4 looks to me is V3 with addons and alot of new open holes... Wait till it offically comes out of BETA as from what i know its a sql injection exploit which maybe the cause as it has a past for it. I woulded go near V4 at all as its a long way away from being stable and secure... __________________ ArcadeExchange.com - Independant Arcade Banner Exchange Service ArcadeRanks.com - Free Best Spam Free Arcade Topsite! PiczoGame Recommends TheHiveDesigns.com For Your Designing Needs! ----------------------------------------------------- Project Portal: Flashvolt.com 3 Month Project.

08-20-2008, 10:39 PM	#6 (permalink)
piczogame Arcade Freestyler Senior Member Join Date: Sep 2007 Location: Scotland Posts: 1,417	The fix for V3 has been posted on the forum if you signin to the forum you will see it as "Extra Security For You V3" under the phpas owners only subforum. __________________ ArcadeExchange.com - Independant Arcade Banner Exchange Service ArcadeRanks.com - Free Best Spam Free Arcade Topsite! PiczoGame Recommends TheHiveDesigns.com For Your Designing Needs! ----------------------------------------------------- Project Portal: Flashvolt.com 3 Month Project.

08-30-2008, 12:58 PM	#10 (permalink)
LearnNewbie Preferred Member Join Date: Jun 2007 Posts: 151	out of Beta? Does anyone using phpas? look like they are out of beta but kinda look scary after the site got hack? lol Anyway does anyone know phpas out of beta yet?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

08-20-2008, 09:27 AM	#2 (permalink)
peter_anderson Banned Senior Member Join Date: Jan 2008 Location: Who wants to know? Posts: 1,593	The message is on http://www.bigdogwebsitedesign.com/ not http://www.bigdogarcade.com/ v4 was going to have security problems - I knew from the start. People should never use BETA's until they are fully released.

08-20-2008, 10:06 PM	#5 (permalink)
GetGamesHere Preferred Member Join Date: Jul 2008 Location: Arizona Posts: 178	A friend's site was hacked on v4. His logs showed the command to cause it, and it actually works on v3 also, so don't feel too safe with not upgrading. If you want to know how to protect against it, PM me, because I am not going to post the hack for potentially dangerous people to see. It's a disturbingly easy hack, so I wouldn't be surprised if other scripts could be exploited with a similar approach.

08-21-2008, 12:01 AM	#7 (permalink)
GetGamesHere Preferred Member Join Date: Jul 2008 Location: Arizona Posts: 178	Thanks piczogamer, I didn't know that. I posted some additional suggestions there because the fix doesn't really address the issue, just makes it a little harder. But the full extent of the problem can be different for each of us depending on how much we modified it. I think the script is pretty good, just some portions of the security logic weren't fully implemented.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Phpas Forum Integration Mod	ArcadeSiteBuilder	The Bazaar	4	07-19-2008 11:06 PM
New Template Fully Coded into phpAS in valid XHTML/CSS	woochoochinchilla	Themes and Graphics	2	10-03-2007 08:09 AM