Site Hacked by jarkmeister, Help!

Viewed my site at 3 today and it was fine, view it again at 6:30 and I see this

I have no idea how to go about handling a hacker, if anyone could help I would appreciate it.

site is http://www.sqwibble.com

Dylan

 

There is nothing you can do I have been hacked before by triangledates.com/ and all I could do is get the back up files back up.

 

anyway I can figure out how he did it so I can make the site more secure?

 

I am not sure but was it a forum? Because PHPbb is easily hacked.

Also search google for JarkMeister I suspected he was a gamer because half the sites I have gotten hacked were gaming sites.

 

no it was the arcadebuilder script. http://www.arcadebuilder.net/

 

Google DarkMeister and maybe you can contact him I don't know what it will do but if you can get his MSN send it here.

 

did that, from what I was able to find his email is .

undoubtedly not his main email but its all I could find, and hes from norway I believe.

 

It sound like your script seriously needs to be patched by the people who created it because it is easy to hack the cookies to gain admin access to the site.

Check out this July 1 advisory: http://www.milw0rm.com/exploits/4133

Unfortunately, I do not have the script on any of my machines, so I cannot suggest what code to fix.

 

AWESOME.


(Sarcasm)

Damm.

Oh well, will just sell the domain now.

Will never buy that script again.

Thanks for letting me know.

Dylan

 

Hello Dylan, my site also hacked by jarkmeister.check my site cach http://www.arcadebrigade.org/ but at this time my site working properly.
Check this URL - http://72.14.253.104/search?sourcei...29IN229&q=cache:http://www.arcadebrigade.org/

 

For more information contact script owner - http://www.arcadebuilder.net/ If you have any problem then please post massage on this thread

Thanks
Narendra

 

apparently there has been a ptach released for this script to block the sql injection, get in contact with Winston over at arcadebuilder for it.

Ps, hes a great guy, really helpful.

 

If you have log files on your server, that can be a good source to find out how your site was hacked.

Did the hacked leave any sort of contact? I have had my site hacked once before (only because I used a simple password, and used same pass at a PHPBB forum the guy hacked), but I contacted him, asked him how he did it, he showed me how exactly to hack that version of PHPBB and told me how to prevent it... pretty nice of him.

 

Please visit ArcadeBuilder.net at http://arcadebuilder.net/updates/ for a quick drop-in update patch to security.

 

so was my version of arcade builder the first to be hacked then???

 

Mine too... damn it...

www.proarcade.info

 

running fine now mate.

 

Dude! I know the hacker that hacked you! Lol, he used a SQL injection.
You can find more about the attack here...

http://milw0rm.com/exploits/4133

 

I have had arcade builder on my site for a couple of years.

Today I checked the arcade and there has been links posted to these sites-

Free Online Games
Shooting Games
Girls Games
Games Online
Fashion Games
Free Games
Watch Movies Online

I emailed Winston and then I found this thread and so I have changed my password and run the security patch as recommended above.

I have to say that Winston is normally very helpful when there are problems

 

I know this thread is kinda old, but let me tell you that the fixes for arcade builder (all of them) are available.

Some background for those not aware. Arcade Builder is actually gamesitescript- an old version without many functions or features, and even without the security fixes/patchs that the new GSS 4.5/5.0 has.

There are many broken features of arcade builder, and many sqli and xss vunerabilities.

If you run Arcade Builder then you can add the features/fuctions/mods and fixes here:
www.gssmods.com


Examples:

SQLi exploit:
(search allows non-alpha/numeric parameters to be entered into search)
http://www.mygumba.com/index.php?params=search&q=%27

XSS (cross site scripting)
(can bypass the token system and create over 1,000 token credits

Checkref() function vunerable- not sanitizing database input
not using mysql_real_escape_string

Registration will allow sqli injections as it doesnt sanitize, or restrict
Usernames can be registered like the following:

TAF Mailer http referrer vunerablility/spam mailer:
Taf mailer can be access and used whether it is disabled or not in the admin area (Guest Users can still access and use it even if it is restricted to members only), and since it has no captcha can be easily used to spoof a http referrer (if link to taf embedded on another site it will send a url link from that site instead of a link from your own site), and the taf mailer can easily be used by autmated spam bots/spam mailer programs to automate the sending of 1,000's of emails from your website.
http://www.mygumba.com/index.php?params=taf