Hacked By Dengesiz Team Foreve Turkey.
Asked Modified Viewed 4,312 times
Danish1977
Danish1977 10
Microsoft Certified Application Developer C#
<---[url=www.mit-sted.dk]My Spot >
<---[url=www.mit-sted.dk]My Spot >
- Member, joined since
- Contributed 76 posts on the community forums.
- Started 10 threads in the forums
- Started this discussions
That's all my site says right now.
index.php contains only that text.......
How did that happen with 6.01.3??
Something that should have been upgraded to 6.01.4??
Thought that was minor bugs that was not security issued.
www.mit-sted.dk
Nothing to see in SQL
Never used the same password at any other sites but my own.
Noone else knows my PW for FTP or SQL but me...
A case to solve here...site were in maintenance mode, only i have access, only one member but me, trusted one...
UPDATE: No files except index.php has been changed, and nothing in sql has been changed - just looked at my backup from last night.
index.php contains only that text.......
How did that happen with 6.01.3??
Something that should have been upgraded to 6.01.4??
Thought that was minor bugs that was not security issued.
www.mit-sted.dk
Nothing to see in SQL
Never used the same password at any other sites but my own.
Noone else knows my PW for FTP or SQL but me...
A case to solve here...site were in maintenance mode, only i have access, only one member but me, trusted one...
UPDATE: No files except index.php has been changed, and nothing in sql has been changed - just looked at my backup from last night.
Edited by Danish1977 on 01-09-2006 18:15,
answered
Hmm, nasty :( - that definately needs further investigation and from what you've said, you were secure.
Is Maintenance mode a possible weakness? Seems strange that all your sites were in that mode when it happened
Is Maintenance mode a possible weakness? Seems strange that all your sites were in that mode when it happened
answered
Was your FTP password an easily bruteforced password?
muscapaul
muscapaul 10
Paul
Time flies like an arrow, fruit flies like banana (Groucho Marx)
Sites: Diptera.info (site owner); Online-Keys.net (site owner); Sciomyzidae.info (site co-owner); muscapaul.com (defunct; site owner)
Time flies like an arrow, fruit flies like banana (Groucho Marx)
Sites: Diptera.info (site owner); Online-Keys.net (site owner); Sciomyzidae.info (site co-owner); muscapaul.com (defunct; site owner)
- Veteran Member, joined since
- Contributed 1,075 posts on the community forums.
- Started 8 threads in the forums
Have you checked avatars and image attachments using the approriate infusion for the image checks?
answered
Hey, you should feel honored (joking, joking)! Go here.
The Dengesiz Team is #27 on the overall list of website attackers as listed on that site with over 5K attacks.
The Dengesiz Team is #27 on the overall list of website attackers as listed on that site with over 5K attacks.
muscapaul
muscapaul 10
Paul
Time flies like an arrow, fruit flies like banana (Groucho Marx)
Sites: Diptera.info (site owner); Online-Keys.net (site owner); Sciomyzidae.info (site co-owner); muscapaul.com (defunct; site owner)
Time flies like an arrow, fruit flies like banana (Groucho Marx)
Sites: Diptera.info (site owner); Online-Keys.net (site owner); Sciomyzidae.info (site co-owner); muscapaul.com (defunct; site owner)
- Veteran Member, joined since
- Contributed 1,075 posts on the community forums.
- Started 8 threads in the forums
Hmm, when you know of a vulnerability in a often used CMS it will not be that difficult to get a lot of hacks done, certainly if you are working in a team. Little honour in that, IMAO.
answered
http://www.dengesiz-team.org/forum/in.../index.php
And they actually use phpBB o_O I'll be around tinkering with a few things o_O
And they actually use phpBB o_O I'll be around tinkering with a few things o_O
you are server hack ;)
http://www.mit-sted.dk/ server hacked owned
http://www.mit-sted.dk/ server hacked owned
answered
Quote
SySt3Mc1x wrote:
you are server hack ;)
http://www.mit-sted.dk/ server hacked owned
Wtf is up with you...
answered
For every negative, there's a positive... As much as it is extremely annoying and time-consuming for those involved when a site is hacked, weaknesses/vulnerabilities are exposed and can be dealt with, thus making systems even more secure.
With the latest exploit (involving old messages.php) it has highlighted the necessity to stay up to date file-wise - obvious to most, but there are still many old-version sites running and just waiting to be exploited... and let's not forget the password issue "lesson".
Let's hope that Danish1977 finds out how his site was attacked (more involvement/suggestions needed) and we might find another little security hole that can be blocked - or maybe just learn another security lesson. ;)
With the latest exploit (involving old messages.php) it has highlighted the necessity to stay up to date file-wise - obvious to most, but there are still many old-version sites running and just waiting to be exploited... and let's not forget the password issue "lesson".
Let's hope that Danish1977 finds out how his site was attacked (more involvement/suggestions needed) and we might find another little security hole that can be blocked - or maybe just learn another security lesson. ;)
Danish1977
Danish1977 10
Microsoft Certified Application Developer C#
<---[url=www.mit-sted.dk]My Spot >
<---[url=www.mit-sted.dk]My Spot >
- Member, joined since
- Contributed 76 posts on the community forums.
- Started 10 threads in the forums
- Started this discussions
Quote
muscapaul wrote:
Have you checked avatars and image attachments using the approriate infusion for the image checks?
No. Only i have an avatar, and only one other member but me. A friend through 20 years.
Noone has access to my site except the 2 of us.
Nothing's been changed in SQL, nothing's been changed in any files except index.php.
My password was not an easy one to trick. contains 12 chars, lower and upper case, 4 digits...
I'm lost.
answered
Did you find the IP? How did they access your site? Did you use the same pw as you did on other sites?
When the Swedish site was "hacked" last week, the guy used your name and pass from a totally different site, could that have been the case here?
Check out which IP and if you find it, send it to me, I have some list of IP's...
When the Swedish site was "hacked" last week, the guy used your name and pass from a totally different site, could that have been the case here?
Check out which IP and if you find it, send it to me, I have some list of IP's...
Danish1977
Danish1977 10
Microsoft Certified Application Developer C#
<---[url=www.mit-sted.dk]My Spot >
<---[url=www.mit-sted.dk]My Spot >
- Member, joined since
- Contributed 76 posts on the community forums.
- Started 10 threads in the forums
- Started this discussions
KEFF wrote:
Did you find the IP?
- No, i have NO tracks of anything, i got the list of IP's, but won't help, no marks are left, only a changed index.php
How did they access your site?
- No clue at all :(
Did you use the same pw as you did on other sites?
- Nope, using a strong password for my site, not used anywhere else, and different to my profile password.
When the Swedish site was "hacked" last week, the guy used your name and pass from a totally different site, could that have been the case here?
Check out which IP and if you find it, send it to me, I have some list of IP's...
I'm lost :(
- 6.01.3
- Maintenance mode
- Nothing changed in Database
- Noone been logged in since i backed it up
- Only file changed is index.php
- Noone but me knows that password, not used anywhere else.
Could someone get read access to my config through maintenance.php somehow, an unrewealed bug?
Packetsniffing through application session maybe?
Did you find the IP?
- No, i have NO tracks of anything, i got the list of IP's, but won't help, no marks are left, only a changed index.php
How did they access your site?
- No clue at all :(
Did you use the same pw as you did on other sites?
- Nope, using a strong password for my site, not used anywhere else, and different to my profile password.
When the Swedish site was "hacked" last week, the guy used your name and pass from a totally different site, could that have been the case here?
Check out which IP and if you find it, send it to me, I have some list of IP's...
I'm lost :(
- 6.01.3
- Maintenance mode
- Nothing changed in Database
- Noone been logged in since i backed it up
- Only file changed is index.php
- Noone but me knows that password, not used anywhere else.
Could someone get read access to my config through maintenance.php somehow, an unrewealed bug?
Packetsniffing through application session maybe?
Wanabo
Wanabo 10
- Senior Member, joined since
- Contributed 598 posts on the community forums.
- Started 94 threads in the forums
Does your config.php has the correct attributes? 644
Danish1977
Danish1977 10
Microsoft Certified Application Developer C#
<---[url=www.mit-sted.dk]My Spot >
<---[url=www.mit-sted.dk]My Spot >
- Member, joined since
- Contributed 76 posts on the community forums.
- Started 10 threads in the forums
- Started this discussions
Yes
Falk
Falk 148
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 12 questions
Would you like to give me admin/ftp access mate? I'll gladly try to help resolve your prob. ;)
Danish1977
Danish1977 10
Microsoft Certified Application Developer C#
<---[url=www.mit-sted.dk]My Spot >
<---[url=www.mit-sted.dk]My Spot >
- Member, joined since
- Contributed 76 posts on the community forums.
- Started 10 threads in the forums
- Started this discussions
For now i've heard that there should be a possible security whole in TUFAT Chat, so i upgraded that.
Uploaded my old index.php again so they could have a 2nd shot if they'd like LOL
Changed all passwords all over again as well, so i'll see if anything comes up yet again...hope not. If so, i'll send you my details Digi, for now there's nothing else to see but a changed file, index.php, looked through all other files with winmerge, nothing changed, no timestamps either, and sql, nothing inthere changed as well...weird.
I'll get back to you Digi, if any new attack comes up. Just made a backup of database and all files. Noone enters my site till n eventually 2nd attack, then i'll backup everything again, without logging in.
Uploaded my old index.php again so they could have a 2nd shot if they'd like LOL
Changed all passwords all over again as well, so i'll see if anything comes up yet again...hope not. If so, i'll send you my details Digi, for now there's nothing else to see but a changed file, index.php, looked through all other files with winmerge, nothing changed, no timestamps either, and sql, nothing inthere changed as well...weird.
I'll get back to you Digi, if any new attack comes up. Just made a backup of database and all files. Noone enters my site till n eventually 2nd attack, then i'll backup everything again, without logging in.
Falk
Falk 148
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 12 questions
Btw does your host have register globals and/or magic_quotes_gpc set to off? if so, update to 6.01.5.
Danish1977
Danish1977 10
Microsoft Certified Application Developer C#
<---[url=www.mit-sted.dk]My Spot >
<---[url=www.mit-sted.dk]My Spot >
- Member, joined since
- Contributed 76 posts on the community forums.
- Started 10 threads in the forums
- Started this discussions
Register Globals set to on
magic_quotes_gpc On
magic_quotes_runtime Off
magic_quotes_sybase Off
magic_quotes_gpc On
magic_quotes_runtime Off
magic_quotes_sybase Off
Category Forum
Bugs and Errors - 6Labels
None yet
Statistics
- Views 0 views
- Posts 18 posts
- Votes 0 votes
- Topic users 10 members
0 participants
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions