my site - hacked

Discussion in 'Site & Server Administration' started by tony84, Jun 30, 2006.

  1. #1
    My site (the rossi link) has been hacked, i was just checking the stats and i noticed a page that has been viewed i wasnt aware of, so ive clicked it and it says:


    Hacked By KatRina Iranian Hackers
    We are
    ReZa - sub_z3l2o - Vi5U4L - The.Polaris
    <REMOVED>@yahoo.com
    -=-=-=-=| project Is Started |=-=-=-=-=-


    do you think they have done anythign bad or just a game to see if they can hack it? (It was SMF theyve applied the page to)
     
    tony84, Jun 30, 2006 IP
  2. shamess

    shamess Well-Known Member

    Messages:
    1,127
    Likes Received:
    25
    Best Answers:
    0
    Trophy Points:
    185
    #2
    Bless 'em. Most probably just a game. Back everything up, find how they got in (change your passwords, etc), etc. just to make sure though.
     
    shamess, Jun 30, 2006 IP
  3. iatbm

    iatbm Prominent Member

    Messages:
    5,151
    Likes Received:
    352
    Best Answers:
    0
    Trophy Points:
    360
    #3
    check your raw logs what were they doing ....
    Change all the passwords !
     
    iatbm, Jun 30, 2006 IP
  4. tony84

    tony84 Well-Known Member

    Messages:
    1,864
    Likes Received:
    29
    Best Answers:
    0
    Trophy Points:
    140
    #4
    they viewed loads of pictures but just buttons and things like that, then they put that page up, nothing major really
     
    tony84, Jun 30, 2006 IP
  5. iatbm

    iatbm Prominent Member

    Messages:
    5,151
    Likes Received:
    352
    Best Answers:
    0
    Trophy Points:
    360
    #5
    what you must know is how they did it now what they were doing afterwards ;)
     
    iatbm, Jun 30, 2006 IP
  6. tony84

    tony84 Well-Known Member

    Messages:
    1,864
    Likes Received:
    29
    Best Answers:
    0
    Trophy Points:
    140
    #6
    how do you find that out?
     
    tony84, Jun 30, 2006 IP
  7. iatbm

    iatbm Prominent Member

    Messages:
    5,151
    Likes Received:
    352
    Best Answers:
    0
    Trophy Points:
    360
    #7
    check your raw logs if anything comes unusual and if you cannot find how they did it give those logs to some security advisor ! You did change passwords now ?
     
    iatbm, Jun 30, 2006 IP
  8. hans

    hans Well-Known Member

    Messages:
    2,923
    Likes Received:
    126
    Best Answers:
    1
    Trophy Points:
    173
    #8
    if hackers left a page on your site
    then you have the IP they used during that operation - even if it is a proxy - in the access_log files you can search for same IP to see if in the same sessino they surfed or modified any other files
    also look at the browser and OS signature they leave behind to trace other visitors with exactly same "fingerprint" in your log

    search entry door into your site and CLOSE it
    OR use the door for "noney-combing" to observe visitors in real time and get more data from your hackers until you know what they do before closing the door

    either way you need to know / find out exactly how they entered the site to secure the holes they found - in an earlier case I had on my site early this year - my "guests" used a well known backdoor of a software package i used - hackers know such backdoors - ignorant site owners like me always thought "never me ..."

    learn about any SW you have - search via yahoo and/or google all public security alert regarding your software

    a search with the below keywords might help you as a forum is an ideal SW to enter a site

    "SMF 1.0.6." security alert

    study all posts relevant to your own forum SW - some of the sites posting security relevant issues re your "SMF 1.0.6." might need to be searched in their archives to find your "SMF 1.0.6." security alert help

    do simily with any other SW you run - basically anything that allows posting or uploading or registration by others
     
    hans, Jun 30, 2006 IP
  9. bugon

    bugon Guest

    Messages:
    84
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    0
    #9
    The problem is that generally hackers aren't so nice as yours. I see attempts in my logs almost every day. But I am always afraid of those attempts which I don't see...
     
    bugon, Jul 1, 2006 IP
  10. tony84

    tony84 Well-Known Member

    Messages:
    1,864
    Likes Received:
    29
    Best Answers:
    0
    Trophy Points:
    140
    #10
    thanks for the replies
     
    tony84, Jul 1, 2006 IP
  11. Baxter7

    Baxter7 Well-Known Member

    Messages:
    189
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    108
    #11
    this is usefull, I had a similar problem
     
    Baxter7, Jul 3, 2006 IP
  12. amnezia

    amnezia Peon

    Messages:
    990
    Likes Received:
    31
    Best Answers:
    0
    Trophy Points:
    0
    #12
    there seem to be hundreds of sites going down at the minute, usually increases over the summer during the school holidays.
     
    amnezia, Jul 3, 2006 IP
  13. luckme

    luckme Peon

    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #13
    i found their site but is in their language. http://blacknews.ws/

    there are all the site who was hacked. just clik to see.
     
    luckme, Sep 16, 2006 IP
  14. america2

    america2 Peon

    Messages:
    35
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #14
    Great. They did you a favor write to them and say thank you in English and then offer a few tech guys a free beer to come figure out what they did so it doesn't happen twice :)
     
    america2, Sep 16, 2006 IP
  15. Namesniper

    Namesniper Well-Known Member

    Messages:
    365
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    118
    #15
    Namesniper, Sep 16, 2006 IP