Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7

Thread: Hacked :/

  1. #1
    Regular Coder
    Join Date
    Jul 2007
    Location
    USA
    Posts
    147
    Thanks
    5
    Thanked 3 Times in 2 Posts

    Hacked :/

    Yeah, so my forum was hacked today. They took the home page and put up this you've been rick rolled video. Then they made one of those annoying boxes where you have to keep clicking 100's of time.

    In the mean time he also disabled the forums too. I'm wondering, if he didn't have access to my hosting, how did this happen? How can he do this? What steps can I take to preventing this sort of thing from happening again? I know we have some hackers here. No doubt about that. If you don't want to post the information about how to protect my site on here, you can PM it to me.

    Also, what can I do to get the hacker in trouble? I'm not so sure this hacker was professional as the kid admits to it. He's like 15 or 16 years old and I'm not to sure he did a clean job and may have left a trace. First step would probably be to contact my hosting company?
    Quote Originally Posted by rmedek View Post
    Doctordew, as soon as they come out with the opposite of an infraction, I am going to give you a million of them. You are my new favorite person on the forum.

  • #2
    Master Coder
    Join Date
    Apr 2003
    Location
    in my house
    Posts
    5,211
    Thanks
    39
    Thanked 201 Times in 197 Posts
    Quote Originally Posted by doctordew View Post
    I know we have some hackers here. No doubt about that.

    Also, what can I do to get the hacker in trouble?
    I am not sure that that would entice some hackers to help you

    First step would probably be to contact my hosting company?
    if you really want to pursue it then, yes. However, I would be more inclined to find out where they got in and to 'close the door'. maybe look up the website for the forum software and see if there is a known bug or vulnerability so you can get it fixed.

    sadly, such antics are part of the interweb.

    bazz
    "The day you stop learning is the day you become obsolete"! - my late Dad.

    Why do some people say "I don't know for sure"? If they don't know for sure then, they don't know!
    Useful MySQL resource
    Useful MySQL link

  • #3
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    There are several ways they could have gotten in. Usually either you had unsecure or insecure FTP accounts that let them in. Or they gained access to your server using a known security vulnerability in one of the services and then trashed your website and probably others that are hosted on the same server.

    I would report it to your host immediately so they can examine their logs and investigate the source of the breach. If they seem uninterested in actually fixing the problem, switch hosts because it will only happen again.
    OracleGuy

  • #4
    Regular Coder
    Join Date
    Jul 2007
    Location
    USA
    Posts
    147
    Thanks
    5
    Thanked 3 Times in 2 Posts
    It only affected this one site of mine. The other sites I had hosted on here remained unharmed. That's why I was wondering if they had some sort of way into my hosting without knowing my login information.

    Oracle, I'm using AnHosting(.com) which uses a cpanel. Would the unsecure ftp be something common for a cpanel? Cpanel seems to be the trend for hosting so I'd think that would be secure.

    Also let me reinterate that the forums were simply turned off. The page was blank. It was the home page that was html, css, and two simple php scripts for a url masker, and a newsletter signup.

    www.immforums.com is the home page I am referring to. It was restored, but I've been receiving threats about the site being taken down again...
    Quote Originally Posted by rmedek View Post
    Doctordew, as soon as they come out with the opposite of an infraction, I am going to give you a million of them. You are my new favorite person on the forum.

  • #5
    Master Coder
    Join Date
    Apr 2003
    Location
    in my house
    Posts
    5,211
    Thanks
    39
    Thanked 201 Times in 197 Posts
    As somewhat of a novce in this issue, I would start with the easy things while you await something from your isp.

    make sure you are virus-free, malware free etc and then change all your passwords. Then, I guess, if your data was harvested by a keylogger script, you will have made redundant, the info they need to get back in again.

    hth

    bazz
    "The day you stop learning is the day you become obsolete"! - my late Dad.

    Why do some people say "I don't know for sure"? If they don't know for sure then, they don't know!
    Useful MySQL resource
    Useful MySQL link

  • #6
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    As a preventative measure make sure that files or folders are writable that shouldn't be, like by your scripts. Make sure your forum software is up to date, they might have used a bug in there to gain access.

    Also change all your passwords for the FTP accounts and forum administrator account on there as a preventative measure as well.
    OracleGuy

  • #7
    Regular Coder kokjj87's Avatar
    Join Date
    Sep 2008
    Location
    Singapore
    Posts
    279
    Thanks
    1
    Thanked 55 Times in 54 Posts
    First check your server log
    see which file or directory he have been to.

    One of the common attack and really bad one is the Shell(Remote File Inclusion) attack, the hacker would upload or remotely include the malicious code...

    http://en.wikipedia.org/wiki/Remote_File_Inclusion

    Most common one is the C99 shell script..

    Basically the hacker could see everything, even your source code...
    A screen shot of how the c99 looks like:
    http://www.honeynet.org/files/images/c99.png

    Some of the web host have anti virus install on them(to prevent suck attack), but most of them does not have.

    Do pm me your website, so i can have a look.
    Last edited by kokjj87; 02-25-2009 at 10:37 AM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •