Biggest hacking incident ever - check your sites

Discussion in 'Site & Server Administration' started by mad4, May 19, 2006.

0
  1. #1
    mad4, May 19, 2006 IP
  2. T0PS3O

    T0PS3O Feel Good PLC

    Messages:
    13,219
    Likes Received:
    777
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Can't find this in a hurry... Is this IIS only? Or some software vulnerability?
     
    T0PS3O, May 19, 2006 IP
  3. mad4

    mad4 Peon

    Messages:
    6,986
    Likes Received:
    493
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Seems to be phpBB forums from looking at the MSN results.
     
    mad4, May 19, 2006 IP
  4. websiteideas

    websiteideas Well-Known Member

    Messages:
    1,406
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    130
    #4
    From reading the digg comments, it looks like it might be web hosts with weak security.
     
    websiteideas, May 19, 2006 IP
  5. paidhosting

    paidhosting Peon

    Messages:
    4,822
    Likes Received:
    483
    Best Answers:
    0
    Trophy Points:
    0
    #5
    /me goes to shell and types : shutdown :D
     
    paidhosting, May 19, 2006 IP
  6. RatDog

    RatDog Peon

    Messages:
    298
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    0
    #6
    I found the following folder and file added to the root directory of one of my sites: ssfm/isko.htm

    That page rendered a page that says, "HACKED BY ISKORPITX" followed by some vulgarities about France, Greece and some other stuff in a language I don't know.

    The source has a redirect that says: "refresh"content="35;URL=http://www.nukepaper.com/module/design.html"

    I deleted that folder and file from the server.
     
    RatDog, May 19, 2006 IP