admin panel hacked

Discussion in 'Security' started by johntropea, Sep 28, 2008.

  1. #1
    Hi everybody, my admin panel is been hacked. My script tracks the IP of the user that is : 193.239.143.45. I have tried to track it and I got these info:

    p Address 193.239.143.45 is found in Ukraine Flag for Ukraine
    IP Address 193.239.143.45 resolved to Hostname x-city.com.ua
    Query took 0 ms
    Init time was 1 ms
    Guessed City: Khmelnitskiy
    Region: Khmel'nyts'ka Oblast'


    What it is the probability that is effectively the IP of who tries to cheat at my site?

    I have also an email address and I get others info:

    Resolving host name "gmail-smtp-in.l.google.com"...
    Connecting to host address "64.233.183.27"...
    Connected.
    S 220 mx.google.com ESMTP f4si6442130nfh.27
    C HELO ipaddresslocation.org
    S 250 mx.google.com at your service
    C MAIL FROM: <info@ipaddresslocation.org>
    S 250 2.1.0 OK f4si6442130nfh.27
    C RCPT TO: <shiqiang.xiang@gmail.com>
    S 250 2.1.5 OK f4si6442130nfh.27
    C DATA
    S 354 Go ahead f4si6442130nfh.27
    This host states that the address is valid.
    Disconnected.


    Can someone tell me more if you have had a bad experience like this?
     
    johntropea, Sep 28, 2008 IP
  2. SteveWh

    SteveWh Member

    Messages:
    74
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    48
    #2
    I wouldn't bother trying to track down the perpetrator. The important question is how they did it. Even if you find this perpetrator, the same security problem would remain exploitable by anyone else. You need to find whatever it was that allowed them to get in, and fix it.

    What admin panel was it?
    Is there any way someone could have got your password (virus on your PC? Do you use wireless connection)?
    Did your password contain dictionary words? Would it have been easy to guess? The best passwords are long and consist entirely of random characters.
     
    SteveWh, Sep 29, 2008 IP
  3. Bohra

    Bohra Prominent Member

    Messages:
    12,573
    Likes Received:
    537
    Best Answers:
    0
    Trophy Points:
    310
    #3
    There isnt any point in tracking the hacker.. only thing possible is blocking the ip from accesing the server.. Try to find out how he got in and whether he left any files
     
    Bohra, Sep 29, 2008 IP
  4. johntropea

    johntropea Active Member

    Messages:
    546
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    68
    #4
    Thanks for your replies.

    Stevewh, I'm running with a Mac, I haven't a virus and my password was strong.

    Megamania, I wrote to Gooogle about that email address.

    I'm working on the hosting to find the holes.
     
    johntropea, Sep 30, 2008 IP
  5. JustRulz

    JustRulz Member

    Messages:
    88
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    48
    #5
    johntropea brothar , first check your hosting companie'z security holes. Update Kernel and Php Version. Check using functions expoits.Finished; you must check your scripts. maybe they can have accessable bugs so you can be hackable :)
     
    JustRulz, Oct 1, 2008 IP
  6. devsn

    devsn Active Member

    Messages:
    156
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    70
    #6
    Another thing is, maybe the intruder got access on your e-mail account, without you noticing it. Well, he can make your host send the password of your panel to your e-mail, and kaboom..
     
    devsn, Oct 3, 2008 IP
  7. expiringdomains

    expiringdomains Peon

    Messages:
    786
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    0
    #7
    This could be due to an unsecure script from untrusted site which you might have installed in your site.

    This had happened to me once. I fought with my hosting guys and at the end it was the script which was from an untruted source and I had to apologize to them later for that.
     
    expiringdomains, Oct 3, 2008 IP
  8. johntropea

    johntropea Active Member

    Messages:
    546
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    68
    #8
    yep, this is the reason. The problems was in the script also, this is the risk when you start with a cheap script. I learn the lesson. Thanks for your support anyway.;)
     
    johntropea, Oct 3, 2008 IP