Some fucker hacked my website and deleted the whole fucking website, fucking hacker scumbags, This is total bullshit, so anybody who has links to my site, it will be back up within 24 hours
Fucking Hacker Cunts
Collapse
X
-
Tags: None
-
-
Comment
-
Comment
-
-
Comment
-
Comment
-
1st thing upload and INDEX page to your site!Comment
-
Comment
-
Comment
-
Comment
-
Comment
-
Comment
-
What was exploited in this "hack"?Make bank by giving your surfers free pics every day and it costs you NOTHING! Use POTD Sponsors to find adult sponsors in more than 75 niches who offer a POTD feature!Comment
-
Comment
-
Found some pretty weird files in my public html folder
these are some of the names
.zshrc
.cannaComment
-
Comment
-
You's g0t di h4x0r3dComment
-
[QUOTE=Spotter_03;13011354]You's g0t di h4x0r3d


I cannot fault hostgator they have reinstalled evrey thing and done it real quick, really great support from them
Comment
-
Comment
-
Dude, unless you have some bad cgi scripts you installed then it's totaly your hosting companies falut. The hackers most likely got in because you had a weak password or you have an old version of SSH installed on the server.
Your host should detect the attempts at your password and shut login down and they should have the lastest SSH installed.


Comment
-
I think a lot of it was my fault, I was messing about with some cgi scripts, one which was yoursDude, unless you have some bad cgi scripts you installed then it's totaly your hosting companies falut. The hackers most likely got in because you had a weak password or you have an old version of SSH installed on the server.
Your host should detect the attempts at your password and shut login down and they should have the lastest SSH installed.
and i had changed some of the directory and file perrmissions, so I guess this made it much more easyier to hack the site
(not your scripts fault btw its was my stupidity i guess)Comment
-
Damn dude, you never ran the script so it can't be hacked.I think a lot of it was my fault, I was messing about with some cgi scripts, one which was yours
and i had changed some of the directory and file perrmissions, so I guess this made it much more easyier to hack the site
(not your scripts fault btw its was my stupidity i guess)
Hackers can't do anything with bad file permissions unless they are actually on your server already.
File permissions stop other accounts on your server from writing to your files.
And if your server is partioned to private virtual account that shit don't even matter because nobody can even get a path to your account to even attempt to write.
FACT: If you have to chmod to keep others from writing to your files then your hosting is SHIT!!
But hey, you will not listen...so good luck.


Comment
-
Damn dude, you never ran the script so it can't be hacked.
Hackers can't do anything with bad file permissions unless they are actually on your server already.
File permissions stop other accounts on your server from writing to your files.
And if your server is partioned to private virtual account that shit don't even matter because nobody can even get a path to your account to even attempt to write.
FACT: If you have to chmod to keep others from writing to your files then your hosting is SHIT!!
But hey, you will not listen...so good luck.
Ok i also recieved this from the tech guys "but keep in mind if your scripts have SQL injection or other vulnerabilities this isn't something we can really actively scan for. You'll need to keep any scripts and/or CMS systems you have installed updated to the latest versions"
also I was playing with another script which i did install and ran what I said was it had nothing to do with your script..unless you cant read, I also said that it was most probally my stupidy for leaving the directories/files vunrableComment
-
They are right.Ok i also recieved this from the tech guys "but keep in mind if your scripts have SQL injection or other vulnerabilities this isn't something we can really actively scan for. You'll need to keep any scripts and/or CMS systems you have installed updated to the latest versions"
\
A lot of open source scripts ( Wordpress,joomla,etc...) have holes that hackers use to either change your front page or delete your site.
Keep your scipts up-to-date and lower as much as possible the permission of your folders.I know that Asspimple is stoopid ... As he says, it is a FACT !
But I can't figure out how he can breathe or type , at the same time ....Comment
-
Thank you. The script which i installed was nothing to do with the cgi tube, it was a topsite script, and as sortie stated i could not install his script as it gave me an internal server error and because i was mesing about with scripts I was changing directory perrmissions and did not put them back so this just makes it all the more easeir for some one to do what they didComment
-
Haha do you want to know what is funny about this, because pornpf69 sugested i upload my index page before the website was reinstalled I got a signup from my index page,
nothing big, but it was a signup, suppose it was because the users had nowhere else to go on the website but the index page, so after all this crap it actually turned out not so bad, maybe this is the way to go a one page website.....
Thanks guys for your helpComment
-
Clueless. Refrain from giving advices on these matters.Dude, unless you have some bad cgi scripts you installed then it's totaly your hosting companies falut. The hackers most likely got in because you had a weak password or you have an old version of SSH installed on the server.
Your host should detect the attempts at your password and shut login down and they should have the lastest SSH installed.agentGFY *at* gmail.comComment
-
Hackers can do plenty if you are publicly serving world writable directories and files through your webserver. No shell access needed.Damn dude, you never ran the script so it can't be hacked.
Hackers can't do anything with bad file permissions unless they are actually on your server already.
File permissions stop other accounts on your server from writing to your files.
And if your server is partioned to private virtual account that shit don't even matter because nobody can even get a path to your account to even attempt to write.
FACT: If you have to chmod to keep others from writing to your files then your hosting is SHIT!!
But hey, you will not listen...so good luck.ICQ: 284903372Comment
-
Note to self: stay the fuck away from TubeCGI... the guy who made it knows absolutely nothing about computers.Damn dude, you never ran the script so it can't be hacked.
Hackers can't do anything with bad file permissions unless they are actually on your server already.
File permissions stop other accounts on your server from writing to your files.
And if your server is partioned to private virtual account that shit don't even matter because nobody can even get a path to your account to even attempt to write.
FACT: If you have to chmod to keep others from writing to your files then your hosting is SHIT!!
But hey, you will not listen...so good luck./(bb|[^b]{2})/Comment
-
Ok, please explain how a hacker who cannot get in thru SSH or a script or a server port can write to any directory.
I would like to know this.
Didn't the wordpress hacks etc... all involve the script accepting data from an html page and then executing it, which is a no-no. They fixed that issue as soon as they realized the mistake.
I'm serious, please explain. I'm not being sarcastic. If you have this information then please share it so people can protect themselves.


Comment
-
Yeah, they can do plenty without shell access but doesn't it mostly involve feeding something to a script that executed it and they gain access that way.
They could flood the old version of SSH and cause integer overflow which allowed them server access without a password.
What have you seen that was different then that?
I mean, if you know then don't keep it a secret and let us all get hacked.Last edited by sortie; 08-31-2007, 07:28 AM.


Comment
-
-
Hi just an update on what has happened The tech guys sent me this
This appears to be telnet script which allows the user to remove files. I have disabled these scripts from the cgi-bin and blocked the connecting IP. I am also showing that this user connected to the toplist scripts,
If this script is not being used, I would recommend removing the toplist scripts from your account.
I had an idea it was this stupid topsite script that caused it, the name of the toplist is "Best Top List" so stay away from it it is bad newsComment
-
BTW The IP address is showing up from Mauritius
Africa but whois is to know that this is their real IP but glad they sorted it
Comment
-
that shit hurts! sucksOnProbation Links Directory | OnProbation Design Services | OnProbation CashComment
-
It's all about maximum security.Ok, please explain how a hacker who cannot get in thru SSH or a script or a server port can write to any directory.
I would like to know this.
Didn't the wordpress hacks etc... all involve the script accepting data from an html page and then executing it, which is a no-no. They fixed that issue as soon as they realized the mistake.
I'm serious, please explain. I'm not being sarcastic. If you have this information then please share it so people can protect themselves.
The reason you always set permissions as low as possible is so that, for example, you have some added security against badly written scripts.
Every programmer knows, or should know, that mistakes can and will slip through. By using security at every level, you can prevent those mistakes from becoming disasters.
You use low permissions for the same reason you don't keep unencrypted user passwords in your database: to make sure that if someone manages to slip through, he can do as little as possible./(bb|[^b]{2})/Comment
-
From your own damn link:
Q. So with Chmod 777 not being a security problem, why should I use other chmod settings?
A. Because we all take a maximum security view point and keeping chmod settings lower than 777 will simply provide additional security for each individual file. This is part of a maximum security philosophy./(bb|[^b]{2})/Comment
-
Yeah its a pain in the arse but most of it was my own fault for installing a crappy script in the first place, it has taught me not to use free scripts and from what i saw of the script that was deleteing my pages it was actually looking for files, it had commands like this
'find suid files'
'find config* files'
'find all writable files'
'find all writable directories'
'find all service.pwd files'
'show opened ports'
and a load more, Im not gonna post them all here
Pretty mad but I have learned a good lesson from this, like i would never get hacked, its always somebody else, and anyway why would someone hack a small site like mine so just watch what scripts you installComment




Comment