1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

My site was hacked into, admin added, any idea how?

Discussion in 'Security' started by Colleen, Jan 26, 2007.

Thread Status:
Not open for further replies.
0
  1. #1
    I gather some people out there prey on sites they think no one is monitoring, based on what this person did. While yes, I do have many sites, I do check on them regularly.

    Today I checked on my website, retrotutorials.com, this site runs off of tutorialSHRE and is hosted by Alwayswebhosting, anyway, if you see the news at the top, I add that myself when I update. Today I see a news entry I did not make:

    I decided to look into this further, in my database, in the users table, there's now 2 admins. Me of course and this individual. Here's the content from his entry in my database:

    id: 2
name: Contact Me
password: ad48ca5948fd0ba8789dfe9069b8865f
usergroup: admin
email: [email]emeston@gmail.com[/email]
    Code (markup):
    Yes, will you please all contact him and tell him off!

    Anyway, I am not removing anything as of yet, because I want my host to look into it. I viewed my Raw Access Logs but they only cover today.

    Would this be an issue with my script or my host? Aside from changing my password, is there anything I can do to be safe? :(
     
    Colleen, Jan 26, 2007 IP
  2. DomainKing

    DomainKing Banned

    Messages:
    277
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    0
    #2
    He sounds like a white-hat hacker who is just trying for free publicity. I would guess it's a vulnerability within one of your scripts on your site, and he noticed it and exploited it via a simple line of code or program.

    No need to "tell him off", just update software, and delete the admin account that has been added by him. If you have his IP (even though he probably used a proxy-chain), you could trace it.

    Need any more help, I do this for a living, so you can contact me via PM.

    Good luck.
     
    DomainKing, Jan 26, 2007 IP
  3. Red_Virus

    Red_Virus Well-Known Member

    Messages:
    3,756
    Likes Received:
    249
    Best Answers:
    0
    Trophy Points:
    135
    #3
    I think he found the Exploit in the script u are using on your site & just found way to free promotion...
     
    Red_Virus, Feb 7, 2007 IP
  4. wormy

    wormy Active Member

    Messages:
    1,112
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    80
    #4
    Uhmm shouldn't you be trying to figure out how he hacked you and how not to get hacked again rather than gathering an cyber army to e-spank that guy? Its probably some weakness in one of your scripts and if it was not him it could have been anyone else.
     
    wormy, Feb 7, 2007 IP
  5. koahost

    koahost Active Member

    Messages:
    457
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    60
    #5
    This seems there is a shell somewhere on the server connected to your database. Which he uses to import his own admin account. I have dealt with this crap in the paste
     
    koahost, Feb 8, 2007 IP
  6. Smyrl

    Smyrl Tomato Republic Staff

    Messages:
    13,740
    Likes Received:
    1,702
    Best Answers:
    78
    Trophy Points:
    510
    #6
    Closed at request of Colleen.
     
    Smyrl, Feb 8, 2007 IP
    Colleen and sundaybrew like this.
Thread Status:
Not open for further replies.