There cutenews is hacked.

Happned the other day rly.
gd newz

Lmao. Stupidly simple to do.

nice find :)

Well seeing as there's several threads in the Website section telling sites not to use cutenews due to security risks they shouldn't be using cutenews :eusa_whis.
But unlucky to them.

Good find.

Lol @ Tweety owning Favourtism

I never used ClubHabbo so this doesn't really bother me.

lol@tweety

good one tbh, since it popular ;).

Ye, they shoulkd be more careful.

Noob Favourtism

and haha @ clubcraphabbo

ClubHabbo uses Cutenews!? Oh dear.

I noticed that their news section was down at a random visit yesterday lol. I do find all this "hacking" seriously pathetic.

Someone did post an article about cutenews being easy to hack if peple use dictionary words as their password. :8

It doesn't matter how secure their passwords were.
*Text Removed*

Edited by Agesilaus (Forum Super Moderator): Please do not discuss techniques that can possibly hack another webiste.

It doesn't matter how secure their passwords were.
*Text Removed*
Wasnt that what i had done in that pm and u said it was wrong?

ClubHabbo wasn't the only fansite to be 'hacked' via this exploit, HabboHarmony and HFFM are just two others who were effected, sorted now ;)

ClubHabbo wasn't the only fansite to be 'hacked' via this exploit, HabboHarmony and HFFM are just two others who were effected, sorted now ;)

Are you going to continue using cutenews?

Are you going to continue using cutenews?

Unless we get a new news system, once weve sorted the exploit then i guess so.

Are you going to continue using cutenews?

I don't see them coding their own News System even though it is very much possible and much safer. It costs money however to employ/pay a coder for the News System to be built to a more secure meaning. News systems on Habbo are traditionally cutenews however if you searched long and hard on Google, I think there are safer alternatives.

If you're listening Simon, do it. =P

Unless we get a new news system, once weve sorted the exploit then i guess so.
You might aswell use one of the free ones available here as they all use sessions which are much more safer than cookies that cutenews uses.

I've seen about 10 sites with the same issued today, including HabboHarmony which is official.

To be honest, it's good that things get hacked. Therefore making the website realise where they're vunerable and knowing they can patch it up.

Loads of sites have got it, duckylove, habbosmart, haboz, habble-aus, habbozone, hobtech, habfever loads more
its a bit sad really that people spend time doing it when it gets removed within minutes lol

Anyway apart from the news, did any other part of the site get affected?

Btw, slightly off topic, but when Ryan mentioned HFFM it reminded me. Do HFFM an ClubHabbo have the same owners/management? I know Ryan is CH owner but is there anyone else who runs both? I'm only asking because they both seem really similar.

an australian based site called wearelegion is hacking all of the official fansites cutenews.
every official australian fansite has been hacked and they're starting to hack international sites.
just a piece of advice if you'd like the news that they delete. do a backup.
there's that cutenews exploit that lets them in. they don't need a password or anything, just one of the users account names.

Anyway apart from the news, did any other part of the site get affected?

Btw, slightly off topic, but when Ryan mentioned HFFM it reminded me. Do HFFM an ClubHabbo have the same owners/management? I know Ryan is CH owner but is there anyone else who runs both? I'm only asking because they both seem really similar.

I noticed too but I don't think Ryan and Carnio get along to well! :P

Im in a krew that haxxed habbox and runescape...

Its no big..

Im in a krew that haxxed habbox and runescape...

Its no big..


OMG SIZROCKS GANG GONNA PWN YOU!

OMG SIZROCKS GANG GONNA PWN YOU!

LOLIRL! Well that's interesting! Why not just put the cutenews on a seperate DNS to the website, and iFrame it? I guess the impact shouldn't be as bad then if they were to hack it unlike how it is most of the time. I guess that's a makeshift way of fixing it.

LOLIRL! Well that's interesting! Why not just put the cutenews on a seperate DNS to the website, and iFrame it? I guess the impact shouldn't be as bad then if they were to hack it unlike how it is most of the time. I guess that's a makeshift way of fixing it.Good idea but people would still be able to find where it's hosted. :P

I'd suggest another news script.

Good idea but people would still be able to find where it's hosted. :P

I'd suggest another news script.

Obviously they would? All they'd have to do is look into the source code, however the consequences wouldn't be so severe.

Obviously they would? All they'd have to do is look into the source code, however the consequences wouldn't be so severe.Well, from what I know (not much haha) they could get into cutenews and delete, add, edit news etc... redirect the page and all that. So if it's still being shown on the page from the other server and it got 'hacked' then it could be redirected, deleted etc... on the main site.

Well, from what I know (not much haha) they could get into cutenews and delete, add, edit news etc... redirect the page and all that. So if it's still being shown on the page from the other server and it got 'hacked' then it could be redirected, deleted etc... on the main site.

Regular backups combat the deletion & edition. As for addition, just a recovery account would be ok, somewhere placed on the cutenews as an invisible user, even to administrators (I'm sure it could be done). Redirecting the page which is in an iFrame? Oh the pain of it all. iFrames can be easily closed too, so if there was a problem all they need to do is redirect it to a maintenance page. It's not as hard as it sounds, it's just a little bit of precaution.

Regular backups combat the deletion & edition. As for addition, just a recovery account would be ok, somewhere placed on the cutenews as an invisible user, even to administrators (I'm sure it could be done). Redirecting the page which is in an iFrame? Oh the pain of it all. iFrames can be easily closed too, so if there was a problem all they need to do is redirect it to a maintenance page. It's not as hard as it sounds, it's just a little bit of precaution.
That is true, good point. Redirecting the iframe is still bad, if it was to a porn site or something... unless the users were feeling horny haha. But really, I'm sure there's a code for redirecting out of iframes (so the site opens in a new window/tab) - I'm not the best when it comes to iframes. :P

That is true, good point. Redirecting the iframe is still bad, if it was to a porn site or something... unless the users were feeling horny haha. But really, I'm sure there's a code for redirecting out of iframes (so the site opens in a new window/tab) - I'm not the best when it comes to iframes. :P

Redirecting out of iFrames? That'd most probably be Javascript in the form of:

"IF URL = 'www.clubhabbo.net/news_display' (http://www.clubhabbo.net/news)
THEN Keep iFrame display true[/URL]
ELSE iFrame display = False or Redirect to = '[URL="http://www.clubhabbo.net/maintenance"]www.clubhabbo.net/maintenance (http://www.clubhabbo.net/news)' "

As an example... I'm not sure if that can be done to what I've said but it's something which could be used. Best to ask the resident JavaScript man, Invent. :P Otherwise, then it'd just be a mere little edit they've done in the website. It wouldn't inflict its credibility too much.

Redirecting out of iFrames? That'd most probably be Javascript in the form of:

"IF URL = 'www.clubhabbo.net/news_display' (http://www.clubhabbo.net/news)
THEN Keep iFrame display true
ELSE iFrame display = False or Redirect to = 'www.clubhabbo.net/maintenance (http://www.clubhabbo.net/maintenance)' "

As an example... I'm not sure if that can be done to what I've said but it's something which could be used. Best to ask the resident JavaScript man, Invent. :P Otherwise, then it'd just be a mere little edit they've done in the website. It wouldn't inflict its credibility too much.I can do PHP (not loads but I can) however I can not do Javascript. :P There's usually a way to do most things though. But I get where you're coming from, 'tis a good idea. But if your cutenews is hacked and it's on your main server it can't do any other destruction anyway (apart from what cutenews can do, edit news, delete etc...)

I read somewhere Cutenews have decided to leave the development of it... so people will have to patch it themselves, which I think some have already (on the CN forums)

I can do PHP (not loads but I can) however I can not do Javascript. :P There's usually a way to do most things though. But I get where you're coming from, 'tis a good idea. But if your cutenews is hacked and it's on your main server it can't do any other destruction anyway (apart from what cutenews can do, edit news, delete etc...)

I read somewhere Cutenews have decided to leave the development of it... so people will have to patch it themselves, which I think some have already (on the CN forums)

Mmm... Incorporation of technologies like AJAX using Cutenews would be great, and since they've halted development I guess you could take it for your own, edit it and well... Rebuild it into something intense. But that's my 2 cents, I'm being very pursuing. =P

To edit cookies you do not need any javascript knowledge at all as there is an add-on the can do it for you ;).

Looks like its happened again...?

rofl it redirects to
http://www.google.co.uk/search?hl=en&safe=off&rlz=1B3GGGL_enGB210GB210&q=clubhabbo+just+got+owned&btnG=Search&meta=

Yup redirects you to a google search when u search "ClubHabbo just got owned"

odear, looks theyre having more problems :l
I remember they went thru lots of hackings a few months ago..
Just not their day ..

I think the problem needs to be addressed and solved sooner rather than later...

http://www.jpowered.com/php-scripts/news-content-management/
http://www.xigla.com/absolutenm/
http://www.codefixer.com/tutorials/news_management_system_part1.asp

Well, that was hard.

To edit cookies you do not need any javascript knowledge at all as there is an add-on the can do it for you ;).Yeah there's a free addon for Firefox. :D

Oh dear again!? Their best bet would be to take down search.php...

I think the problem needs to be addressed and solved sooner rather than later...

http://www.jpowered.com/php-scripts/news-content-management/
http://www.xigla.com/absolutenm/
http://www.codefixer.com/tutorials/news_management_system_part1.asp

Well, that was hard.

Maybe you should tell *Removed*?

Edited by --ss-- (Forum Super Moderator): Please do not edit a moderator's warning.

Maybe you should tell *Removed*?

Firstly, LOL. Secondly, maybe he should do the Google work himself? Searching "News Management System" really does turn up alot of results. Cutenews being close to the bottom in fact! Plus, I don't know where I've put my communications link to him...

Edited by --ss-- (R******* Forum Moderator): Please do not be rude.Excuse me! He was not being rude! I do believe he was just mistaken of the site owners name.

SkaterJew is infact a popular member of Habbo Hotel UK just like SkaterChu. He was just confused.
http://www.habbo.co.uk/home/SkaterJew

Thank you.

(yes i am joking and bored...)

LOLIRL! Well that's interesting! Why not just put the cutenews on a seperate DNS to the website, and iFrame it? I guess the impact shouldn't be as bad then if they were to hack it unlike how it is most of the time. I guess that's a makeshift way of fixing it.

I was thinking that!!!!!!!!!! And I know NOTHING about websites.


Well, from what I know (not much haha) they could get into cutenews and delete, add, edit news etc... redirect the page and all that. So if it's still being shown on the page from the other server and it got 'hacked' then it could be redirected, deleted etc... on the main site.

Bah, burst my bubble :P.


Redirecting out of iFrames? That'd most probably be Javascript in the form of:

"IF URL = 'www.clubhabbo.net/news_display' (http://www.clubhabbo.net/news)
THEN Keep iFrame display true
ELSE iFrame display = False or Redirect to = 'www.clubhabbo.net/maintenance (http://www.clubhabbo.net/maintenance)' "

As an example... I'm not sure if that can be done to what I've said but it's something which could be used. Best to ask the resident JavaScript man, Invent. :P Otherwise, then it'd just be a mere little edit they've done in the website. It wouldn't inflict its credibility too much.

What do the true and false mean in that? Does it somehow become false when its hacked...?


Excuse me! He was not being rude! I do believe he was just mistaken of the site owners name.

SkaterJew is infact a popular member of Habbo Hotel UK just like SkaterChu. He was just confused.
http://www.habbo.co.uk/home/SkaterJew

Thank you.

(yes i am joking and bored...)

LOL!

That would be the way it would be displayed. If the news_display is right and it's not being directed it'll be displayed (it's true in nature) however if it is not, then it is false and will not work. :]

Im in a krew that haxxed habbox and runescape...

Its no big..
omg leet stay away from him!!!!!!!!!!1111

I don't like Clubhabbo

All they do is pay noobs to scream "CLUBHABBO.COM FOR DEPRESSING MUSIC"

omg leet stay away from him!!!!!!!!!!1111

I know lol.

OT: Wth is that under your name?

Cutenews - that says it all really.