Fucking Hacker Cunts

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • halfpint
    GFY's Halfpint
    • Jun 2007
    • 15223

    #1

    Fucking Hacker Cunts

    Some fucker hacked my website and deleted the whole fucking website, fucking hacker scumbags, This is total bullshit, so anybody who has links to my site, it will be back up within 24 hours

    Get FREE website listings on Cryptocoinshops.net
  • ridikuloz
    Confirmed User
    • Jun 2005
    • 2080

    #2
    ouch.... nice directory :X
    Each persons' level of stupidity makes us different.

    Comment

    • Babaganoosh
      ♥♥♥ Likes Hugs ♥♥♥
      • Nov 2001
      • 15841

      #3
      If people would secure their shit...

      Lets start by setting

      Options -Indexes
      I like pie.

      Comment

      • halfpint
        GFY's Halfpint
        • Jun 2007
        • 15223

        #4
        Originally posted by Babaganoosh
        If people would secure their shit...

        Lets start by setting

        Options -Indexes
        Ok so please help me out here with security issues as i am a noob at this game and any security help would really be apreciated

        Get FREE website listings on Cryptocoinshops.net

        Comment

        • TubeTitans_SusieQ
          Confirmed User
          • May 2007
          • 3884

          #5
          that sucks, hope you get it fixed!





          ICQ: 370399852

          Comment

          • fatfoo
            ICQ:649699063
            • Mar 2003
            • 27763

            #6
            yea how do you secure shit?
            Send me an email: [email protected]

            Comment

            • halfpint
              GFY's Halfpint
              • Jun 2007
              • 15223

              #7
              Originally posted by ADL_SusieQ
              that sucks, hope you get it fixed!
              Thanks, I do regular backups and so does the server, its just so bloody annoying , and inconvenient

              Get FREE website listings on Cryptocoinshops.net

              Comment

              • drocd
                Confirmed User
                • Aug 2007
                • 128

                #8
                black hackers?
                230-699

                Comment

                • halfpint
                  GFY's Halfpint
                  • Jun 2007
                  • 15223

                  #9
                  Originally posted by drocd
                  black hackers?
                  what do you mean by black hackers?

                  Get FREE website listings on Cryptocoinshops.net

                  Comment

                  • G-Rotica
                    Confirmed User
                    • Aug 2005
                    • 4258

                    #10
                    hackers suck. if you're a hacker reading this, I didn't mean that. please leave my shit alone.

                    Comment

                    • pornpf69
                      Too lazy to set a custom title
                      • Jun 2004
                      • 15782

                      #11
                      1st thing upload and INDEX page to your site!

                      Comment

                      • halfpint
                        GFY's Halfpint
                        • Jun 2007
                        • 15223

                        #12
                        Originally posted by G-Rotica
                        hackers suck. if you're a hacker reading this, I didn't mean that. please leave my shit alone.


                        Get FREE website listings on Cryptocoinshops.net

                        Comment

                        • Extreme John
                          Confirmed User
                          • Apr 2002
                          • 1475

                          #13
                          that sucks man hopefully youll get everything up quick.
                          Florida Honnies - Extreme John


                          51299342

                          Comment

                          • halfpint
                            GFY's Halfpint
                            • Jun 2007
                            • 15223

                            #14
                            Originally posted by pornpf69
                            1st thing upload and INDEX page to your site!

                            Thanks im doing that now

                            Get FREE website listings on Cryptocoinshops.net

                            Comment

                            • Martin3
                              Confirmed User
                              • Oct 2005
                              • 1529

                              #15
                              Ditch the virtual server and get a decent managed dedicated.
                              264-543-302

                              Comment

                              • halfpint
                                GFY's Halfpint
                                • Jun 2007
                                • 15223

                                #16
                                Originally posted by Martin3
                                Ditch the virtual server and get a decent managed dedicated.
                                wish i could but i cant afford that I have only had the website on the net for just over 4 months and I have only just started making a few pennies out of it, then all this shit happens

                                Get FREE website listings on Cryptocoinshops.net

                                Comment

                                • halfpint
                                  GFY's Halfpint
                                  • Jun 2007
                                  • 15223

                                  #17
                                  Originally posted by Extreme John
                                  that sucks man hopefully youll get everything up quick.

                                  Thanks, should all be up and running again within 24 hours , I have found all sorts of strange files in my public_hml directory, lol and they changed all the directory and file permissions

                                  Get FREE website listings on Cryptocoinshops.net

                                  Comment

                                  • inabon
                                    Good Old Fat Webmaster
                                    • Jul 2002
                                    • 970

                                    #18
                                    where are you hosting that site?
                                    Whoever dies with most toys wins.

                                    Comment

                                    • halfpint
                                      GFY's Halfpint
                                      • Jun 2007
                                      • 15223

                                      #19
                                      Originally posted by inabon
                                      where are you hosting that site?
                                      Hi its on hostgator..Why?
                                      Last edited by halfpint; 08-30-2007, 11:54 AM.

                                      Get FREE website listings on Cryptocoinshops.net

                                      Comment

                                      • HairToStay
                                        Confirmed User
                                        • Oct 2002
                                        • 1521

                                        #20
                                        What was exploited in this "hack"?
                                        Make bank by giving your surfers free pics every day and it costs you NOTHING! Use POTD Sponsors to find adult sponsors in more than 75 niches who offer a POTD feature!

                                        Comment

                                        • halfpint
                                          GFY's Halfpint
                                          • Jun 2007
                                          • 15223

                                          #21
                                          Originally posted by HairToStay
                                          What was exploited in this "hack"?
                                          They deleted the whole website, I have only uploaded the index at the moment, The server host is doing the reinstall as they have the most recent backup of the website

                                          Get FREE website listings on Cryptocoinshops.net

                                          Comment

                                          • riabanana
                                            Confirmed User
                                            • Jul 2007
                                            • 313

                                            #22
                                            Bad times man...
                                            Vibrators, dildos, cock rings and all other sex toys? We've got them ALL for you.

                                            http://venustoys.com

                                            Comment

                                            • halfpint
                                              GFY's Halfpint
                                              • Jun 2007
                                              • 15223

                                              #23
                                              Found some pretty weird files in my public html folder

                                              these are some of the names

                                              .zshrc
                                              .canna

                                              Get FREE website listings on Cryptocoinshops.net

                                              Comment

                                              • TeenCat
                                                Too lazy to set a koala
                                                • Jan 2007
                                                • 16139

                                                #24
                                                funny

                                                6bot
                                                / Coming again very soon!
                                                Svit Zlin Radio 24/7!

                                                Comment

                                                • halfpint
                                                  GFY's Halfpint
                                                  • Jun 2007
                                                  • 15223

                                                  #25
                                                  Originally posted by TeenCat
                                                  funny

                                                  one of them had all this funny chinese writing in them lol

                                                  Get FREE website listings on Cryptocoinshops.net

                                                  Comment

                                                  • C-Bass
                                                    Confirmed User
                                                    • Apr 2003
                                                    • 3153

                                                    #26
                                                    You's g0t di h4x0r3d
                                                    "Unhappy with the riches 'cause you're piss poor morally."

                                                    Trade traffic? - Highdef Blog

                                                    Comment

                                                    • halfpint
                                                      GFY's Halfpint
                                                      • Jun 2007
                                                      • 15223

                                                      #27
                                                      [QUOTE=Spotter_03;13011354]You's g0t di h4x0r3d



                                                      I cannot fault hostgator they have reinstalled evrey thing and done it real quick, really great support from them

                                                      Get FREE website listings on Cryptocoinshops.net

                                                      Comment

                                                      • CaptainHowdy
                                                        Too lazy to set a custom title
                                                        • Dec 2004
                                                        • 94733

                                                        #28
                                                        Originally posted by halfpint
                                                        I cannot fault hostgator they have reinstalled evrey thing and done it real quick, really great support from them
                                                        Good to know !

                                                        Comment

                                                        • halfpint
                                                          GFY's Halfpint
                                                          • Jun 2007
                                                          • 15223

                                                          #29
                                                          Thought i would just say a thankyou to hostgator for their great support and change my sig..and maybe get other peeps to sign up
                                                          Last edited by halfpint; 08-30-2007, 03:58 PM.

                                                          Get FREE website listings on Cryptocoinshops.net

                                                          Comment

                                                          • sortie
                                                            Confirmed User
                                                            • Mar 2007
                                                            • 7771

                                                            #30
                                                            Originally posted by halfpint
                                                            Thought i would just say a thankyou to hostgator for their great support and change my sig..and maybe get other peeps to sign up
                                                            Dude, unless you have some bad cgi scripts you installed then it's totaly your hosting companies falut. The hackers most likely got in because you had a weak password or you have an old version of SSH installed on the server.

                                                            Your host should detect the attempts at your password and shut login down and they should have the lastest SSH installed.

                                                            Comment

                                                            • halfpint
                                                              GFY's Halfpint
                                                              • Jun 2007
                                                              • 15223

                                                              #31
                                                              Originally posted by sortie
                                                              Dude, unless you have some bad cgi scripts you installed then it's totaly your hosting companies falut. The hackers most likely got in because you had a weak password or you have an old version of SSH installed on the server.

                                                              Your host should detect the attempts at your password and shut login down and they should have the lastest SSH installed.
                                                              I think a lot of it was my fault, I was messing about with some cgi scripts, one which was yours and i had changed some of the directory and file perrmissions, so I guess this made it much more easyier to hack the site

                                                              (not your scripts fault btw its was my stupidity i guess)

                                                              Get FREE website listings on Cryptocoinshops.net

                                                              Comment

                                                              • sortie
                                                                Confirmed User
                                                                • Mar 2007
                                                                • 7771

                                                                #32
                                                                Originally posted by halfpint
                                                                I think a lot of it was my fault, I was messing about with some cgi scripts, one which was yours and i had changed some of the directory and file perrmissions, so I guess this made it much more easyier to hack the site

                                                                (not your scripts fault btw its was my stupidity i guess)
                                                                Damn dude, you never ran the script so it can't be hacked.

                                                                Hackers can't do anything with bad file permissions unless they are actually on your server already.

                                                                File permissions stop other accounts on your server from writing to your files.
                                                                And if your server is partioned to private virtual account that shit don't even matter because nobody can even get a path to your account to even attempt to write.

                                                                FACT: If you have to chmod to keep others from writing to your files then your hosting is SHIT!!

                                                                But hey, you will not listen...so good luck.

                                                                Comment

                                                                • halfpint
                                                                  GFY's Halfpint
                                                                  • Jun 2007
                                                                  • 15223

                                                                  #33
                                                                  Originally posted by sortie
                                                                  Damn dude, you never ran the script so it can't be hacked.

                                                                  Hackers can't do anything with bad file permissions unless they are actually on your server already.

                                                                  File permissions stop other accounts on your server from writing to your files.
                                                                  And if your server is partioned to private virtual account that shit don't even matter because nobody can even get a path to your account to even attempt to write.

                                                                  FACT: If you have to chmod to keep others from writing to your files then your hosting is SHIT!!

                                                                  But hey, you will not listen...so good luck.

                                                                  Ok i also recieved this from the tech guys "but keep in mind if your scripts have SQL injection or other vulnerabilities this isn't something we can really actively scan for. You'll need to keep any scripts and/or CMS systems you have installed updated to the latest versions"
                                                                  also I was playing with another script which i did install and ran what I said was it had nothing to do with your script..unless you cant read, I also said that it was most probally my stupidy for leaving the directories/files vunrable

                                                                  Get FREE website listings on Cryptocoinshops.net

                                                                  Comment

                                                                  • directfiesta
                                                                    Too lazy to set a custom title
                                                                    • Oct 2002
                                                                    • 30135

                                                                    #34
                                                                    Originally posted by halfpint
                                                                    Ok i also recieved this from the tech guys "but keep in mind if your scripts have SQL injection or other vulnerabilities this isn't something we can really actively scan for. You'll need to keep any scripts and/or CMS systems you have installed updated to the latest versions"
                                                                    \
                                                                    They are right.
                                                                    A lot of open source scripts ( Wordpress,joomla,etc...) have holes that hackers use to either change your front page or delete your site.
                                                                    Keep your scipts up-to-date and lower as much as possible the permission of your folders.
                                                                    I know that Asspimple is stoopid ... As he says, it is a FACT !

                                                                    But I can't figure out how he can breathe or type , at the same time ....

                                                                    Comment

                                                                    • tony299
                                                                      lurker
                                                                      • Aug 2002
                                                                      • 57021

                                                                      #35
                                                                      man that sucks.

                                                                      Comment

                                                                      • halfpint
                                                                        GFY's Halfpint
                                                                        • Jun 2007
                                                                        • 15223

                                                                        #36
                                                                        Originally posted by directfiesta
                                                                        They are right.
                                                                        A lot of open source scripts ( Wordpress,joomla,etc...) have holes that hackers use to either change your front page or delete your site.
                                                                        Keep your scipts up-to-date and lower as much as possible the permission of your folders.
                                                                        Thank you. The script which i installed was nothing to do with the cgi tube, it was a topsite script, and as sortie stated i could not install his script as it gave me an internal server error and because i was mesing about with scripts I was changing directory perrmissions and did not put them back so this just makes it all the more easeir for some one to do what they did

                                                                        Get FREE website listings on Cryptocoinshops.net

                                                                        Comment

                                                                        • halfpint
                                                                          GFY's Halfpint
                                                                          • Jun 2007
                                                                          • 15223

                                                                          #37
                                                                          Haha do you want to know what is funny about this, because pornpf69 sugested i upload my index page before the website was reinstalled I got a signup from my index page, nothing big, but it was a signup, suppose it was because the users had nowhere else to go on the website but the index page, so after all this crap it actually turned out not so bad, maybe this is the way to go a one page website.....

                                                                          Thanks guys for your help

                                                                          Get FREE website listings on Cryptocoinshops.net

                                                                          Comment

                                                                          • TeenCat
                                                                            Too lazy to set a koala
                                                                            • Jan 2007
                                                                            • 16139

                                                                            #38
                                                                            hey man what about to leave internet and bake some cookies? ;)

                                                                            6bot
                                                                            / Coming again very soon!
                                                                            Svit Zlin Radio 24/7!

                                                                            Comment

                                                                            • ladida
                                                                              Confirmed User
                                                                              • Nov 2005
                                                                              • 2179

                                                                              #39
                                                                              Originally posted by sortie
                                                                              Dude, unless you have some bad cgi scripts you installed then it's totaly your hosting companies falut. The hackers most likely got in because you had a weak password or you have an old version of SSH installed on the server.

                                                                              Your host should detect the attempts at your password and shut login down and they should have the lastest SSH installed.
                                                                              Clueless. Refrain from giving advices on these matters.
                                                                              agentGFY *at* gmail.com

                                                                              Comment

                                                                              • drjones
                                                                                Confirmed User
                                                                                • Oct 2005
                                                                                • 908

                                                                                #40
                                                                                Originally posted by sortie
                                                                                Damn dude, you never ran the script so it can't be hacked.

                                                                                Hackers can't do anything with bad file permissions unless they are actually on your server already.

                                                                                File permissions stop other accounts on your server from writing to your files.
                                                                                And if your server is partioned to private virtual account that shit don't even matter because nobody can even get a path to your account to even attempt to write.

                                                                                FACT: If you have to chmod to keep others from writing to your files then your hosting is SHIT!!

                                                                                But hey, you will not listen...so good luck.
                                                                                Hackers can do plenty if you are publicly serving world writable directories and files through your webserver. No shell access needed.
                                                                                ICQ: 284903372

                                                                                Comment

                                                                                • Libertine
                                                                                  sex dwarf
                                                                                  • May 2002
                                                                                  • 17860

                                                                                  #41
                                                                                  Originally posted by sortie
                                                                                  Damn dude, you never ran the script so it can't be hacked.

                                                                                  Hackers can't do anything with bad file permissions unless they are actually on your server already.

                                                                                  File permissions stop other accounts on your server from writing to your files.
                                                                                  And if your server is partioned to private virtual account that shit don't even matter because nobody can even get a path to your account to even attempt to write.

                                                                                  FACT: If you have to chmod to keep others from writing to your files then your hosting is SHIT!!

                                                                                  But hey, you will not listen...so good luck.
                                                                                  Note to self: stay the fuck away from TubeCGI... the guy who made it knows absolutely nothing about computers.
                                                                                  /(bb|[^b]{2})/

                                                                                  Comment

                                                                                  • sortie
                                                                                    Confirmed User
                                                                                    • Mar 2007
                                                                                    • 7771

                                                                                    #42
                                                                                    Originally posted by Libertine
                                                                                    Note to self: stay the fuck away from TubeCGI... the guy who made it knows absolutely nothing about computers.
                                                                                    Ok, please explain how a hacker who cannot get in thru SSH or a script or a server port can write to any directory.

                                                                                    I would like to know this.

                                                                                    Didn't the wordpress hacks etc... all involve the script accepting data from an html page and then executing it, which is a no-no. They fixed that issue as soon as they realized the mistake.

                                                                                    I'm serious, please explain. I'm not being sarcastic. If you have this information then please share it so people can protect themselves.

                                                                                    Comment

                                                                                    • sortie
                                                                                      Confirmed User
                                                                                      • Mar 2007
                                                                                      • 7771

                                                                                      #43
                                                                                      Originally posted by drjones
                                                                                      Hackers can do plenty if you are publicly serving world writable directories and files through your webserver. No shell access needed.
                                                                                      Yeah, they can do plenty without shell access but doesn't it mostly involve feeding something to a script that executed it and they gain access that way.

                                                                                      They could flood the old version of SSH and cause integer overflow which allowed them server access without a password.

                                                                                      What have you seen that was different then that?

                                                                                      I mean, if you know then don't keep it a secret and let us all get hacked.
                                                                                      Last edited by sortie; 08-31-2007, 07:28 AM.

                                                                                      Comment

                                                                                      • sortie
                                                                                        Confirmed User
                                                                                        • Mar 2007
                                                                                        • 7771

                                                                                        #44
                                                                                        Originally posted by sortie
                                                                                        FACT: If you have to chmod to keep others from writing to your files then your hosting is SHIT!!

                                                                                        http://resources.bravenet.com/articl...g_php_scripts/


                                                                                        Have a good day.

                                                                                        Comment

                                                                                        • halfpint
                                                                                          GFY's Halfpint
                                                                                          • Jun 2007
                                                                                          • 15223

                                                                                          #45
                                                                                          Hi just an update on what has happened The tech guys sent me this

                                                                                          This appears to be telnet script which allows the user to remove files. I have disabled these scripts from the cgi-bin and blocked the connecting IP. I am also showing that this user connected to the toplist scripts,
                                                                                          If this script is not being used, I would recommend removing the toplist scripts from your account.

                                                                                          I had an idea it was this stupid topsite script that caused it, the name of the toplist is "Best Top List" so stay away from it it is bad news

                                                                                          Get FREE website listings on Cryptocoinshops.net

                                                                                          Comment

                                                                                          • halfpint
                                                                                            GFY's Halfpint
                                                                                            • Jun 2007
                                                                                            • 15223

                                                                                            #46
                                                                                            BTW The IP address is showing up from Mauritius
                                                                                            Africa but whois is to know that this is their real IP but glad they sorted it

                                                                                            Get FREE website listings on Cryptocoinshops.net

                                                                                            Comment

                                                                                            • alby_persignup
                                                                                              Confirmed User
                                                                                              • May 2007
                                                                                              • 3119

                                                                                              #47
                                                                                              that shit hurts! sucks
                                                                                              OnProbation Links Directory | OnProbation Design Services | OnProbation Cash

                                                                                              Comment

                                                                                              • Libertine
                                                                                                sex dwarf
                                                                                                • May 2002
                                                                                                • 17860

                                                                                                #48
                                                                                                Originally posted by sortie
                                                                                                Ok, please explain how a hacker who cannot get in thru SSH or a script or a server port can write to any directory.

                                                                                                I would like to know this.

                                                                                                Didn't the wordpress hacks etc... all involve the script accepting data from an html page and then executing it, which is a no-no. They fixed that issue as soon as they realized the mistake.

                                                                                                I'm serious, please explain. I'm not being sarcastic. If you have this information then please share it so people can protect themselves.
                                                                                                It's all about maximum security.

                                                                                                The reason you always set permissions as low as possible is so that, for example, you have some added security against badly written scripts.

                                                                                                Every programmer knows, or should know, that mistakes can and will slip through. By using security at every level, you can prevent those mistakes from becoming disasters.

                                                                                                You use low permissions for the same reason you don't keep unencrypted user passwords in your database: to make sure that if someone manages to slip through, he can do as little as possible.
                                                                                                /(bb|[^b]{2})/

                                                                                                Comment

                                                                                                • Libertine
                                                                                                  sex dwarf
                                                                                                  • May 2002
                                                                                                  • 17860

                                                                                                  #49
                                                                                                  Originally posted by sortie
                                                                                                  From your own damn link:

                                                                                                  Q. So with Chmod 777 not being a security problem, why should I use other chmod settings?
                                                                                                  A. Because we all take a maximum security view point and keeping chmod settings lower than 777 will simply provide additional security for each individual file. This is part of a maximum security philosophy.
                                                                                                  /(bb|[^b]{2})/

                                                                                                  Comment

                                                                                                  • halfpint
                                                                                                    GFY's Halfpint
                                                                                                    • Jun 2007
                                                                                                    • 15223

                                                                                                    #50
                                                                                                    Originally posted by alby_persignup
                                                                                                    that shit hurts! sucks
                                                                                                    Yeah its a pain in the arse but most of it was my own fault for installing a crappy script in the first place, it has taught me not to use free scripts and from what i saw of the script that was deleteing my pages it was actually looking for files, it had commands like this

                                                                                                    'find suid files'
                                                                                                    'find config* files'
                                                                                                    'find all writable files'
                                                                                                    'find all writable directories'
                                                                                                    'find all service.pwd files'
                                                                                                    'show opened ports'

                                                                                                    and a load more, Im not gonna post them all here

                                                                                                    Pretty mad but I have learned a good lesson from this, like i would never get hacked, its always somebody else, and anyway why would someone hack a small site like mine so just watch what scripts you install

                                                                                                    Get FREE website listings on Cryptocoinshops.net

                                                                                                    Comment

                                                                                                    Working...