Have you ever been hacked?

I think many people never think they can get hacked until they actually get hacked!!

Let's find out how common getting hacked actually is.

I've been hacked myself a few times. Once my server was used to do a DOS attack on a government site. *gulp* Another time some one got one of my passwords, and quite a few times one of my vBulletin sites have been hacked, mostly from some one getting a Super Mods password some how.

Heck, back in 1997 on Geocities, I got tricked in to giving out my username and password and with in a day, the site was deleted.

 

No joke- I just ate 25 Fudge Stripes cookies!

 

scary. its one thing that i always worry about.....

 

I've had some minor compromises, but never anything at the root level, luckily.

which is a really good thing, as I'm super lazy with backups ;-)

 

My days job involves doing Linux consultancy, part of which means having to find out how attackers got in and re-building newer, more secure servers for the customers.

Over the past six months, the number of hacked machines I've come across has risen a lot. I'd say in 50% of cases the attackers got in through SSH brute force attacks, where an account had a poor (dictionary word or same as username) password.

The rest are mainly cracked via the software installed on the machines (awstats, phpbb being the favourites). In pretty much all cases updates have been available for the software in question for months, but haven't been installed.

If people just kept their software up to date and used strong passwords, there would be a hell of a lot less security breaches.

In quite a few cases I find the attackers have been inside the machine for months, and the server owners only became aware when they got a big bandwidth bill, or their site seemed slow. If you're storing any data on your users (email addresses or even worse credit card numbers) then you really need to have top-notch security.

 

Hacked: No
SMAM Attached: Yes, and quite often

 

one of my server was hacked last year. it was very smart hack.
hacker monitored live chat sessions of web host provider and got login details.
he created backdoor before i hardened server.
then about 4 / 5 months he didn't do any thing and then started brutforce attacks to others. he had disabled logs, changed many serverces including ps, top, pine, ls etc.

lesson learned :- never use chat support of web host and never use plain password auth. setting up accesskey / ip based auth is good way.

 

Hacked.. never however as people have said before spamming is a problem

 

yes....suddenly all my database disappear, don know what happen. when i go check phpmyadmin, all database has been delete....damn the hacker...don know how they do tat.

 

I once got hacked, but that was on a non-updated version og PHPNuke, and the hacker was kind enough to only change the index page... but he gotme scared for a while...

 

I'm more afraid of click bombing .

 

Three times in about 6-7 years. All as the result of stupid script problems (i.e., my fault).

First time, I was using some program like formmail. Gawd, that was a lot of years ago. Anyway, the program would relay email if it received a properly formed input. Took forever to figure this out, they burned 10's of gigs of bandwidth until we figured it out. This was back when bandwidth was really expensive. No access to server though, all they were doing was calling a web page.

Second time, I woke up to find a bunch of my hosting accounts were reset. Turns out I'd left the 'setup' directory on the server. Running the setup program let them reset the userid/password. Didn't get them anywhere other than into my content management system, but still a bit scary. Thank goodness for proper backups! A quick restore of my database files, delete the setup directory and done.

Third time I was guilty of running an older copy of phpBB. THis is back when phpBB was getting comprimised routinely. A hacker came in and all they did was post using my user id a post titled 'you've been hacked' with a post saying 'please upgrade your version of phpbb'. No damage other than that.

I suspect this type of hack is by far the most common, rather than someone actually getting into root or command line access. Never had that happen.

Now I make sure I know what all the processes are on my machine. Only ssh access allowed to the server by me and my developer. Firewalled only the ports I need are opened. And I update at least once a week from one of my distro's mirrors. And clean up unused programs routinely. Other than that, not sure what else can be done for a regular joe running their own server.

 

I have been securing phpBB and ensure that their board stay up to date. Once I managed to hack into a local board, the data have been build up for years. So in order to prevent other hackers coming in to delete their data, I disable their board and drop a email to the webmaster.

After which, the webmaster thank me.

 

Have you tried the Fudge Sticks? Holy crap! I downed a whole box while posting back and forth with AnthonyCEA recently. They are addictive...


Someone tried to hack me with an axe once. I axed them not to do it anymore.

 

so many times, still i have few sites to restore

 

Not yet i hope not in future too

 

I have had 2 site's hacked, where they have just changed the index page. Luckily nothing server side *touches wood*

 

Yes ive had databases hacked, control panels everything. Not a nice feeling at all...

 

Friend of mine got hacked yesterday. If you run alot of PHP you should consider.

http://helpdesk.bluehost.com/kb/index.php?x=&mod_id=2&id=319

 

yes , i have been hacked before on a shared hosting after that i'm not using shared hosting for my main sites