My Mainstream Site Got Hacked with PORN! Who Did It?? [SCREENSHOTS] - GoFuckYourself.com

Acepimp · 03-12-2019, 09:26 AM

I have some mainstream sites running Wordpress. The DNS was on Cloudflare. I looked at one site today and all I see is this Button:

So I click it and it takes me to what looks like a Russian porn site and then immediately loads this pop-up:

So I go to close the pop-up and it immediately opens a new tab with this full-screen ad:

When I finally close all the bullshit the site looks like this:

---------------------------------

I fixed this in 2 minutes by switching the site back to my webhost's nameservers.

So have any of you heard of Cloudflare DNS hacks?

ghjghj · 03-12-2019, 09:30 AM

If you're not using 2FA on cloudflare they are most likely in your e-mail too.

~Ray · 03-12-2019, 12:18 PM

Oooo spooky

lezinterracial · 03-12-2019, 12:52 PM

Web cache poisoning? I don't know much about it. But it does seem popular.

https://portswigger.net/blog/practic...ache-poisoning

HairyChick · 03-12-2019, 06:39 PM

Have you looked at server logs to see what commands were used? And from what possible IP? Was it a Wordpress hack using an older version? Did they hit any other sites on the box?

lezinterracial · 03-14-2019, 06:17 AM

Any updates on this? Was it web cache poisoning? Been reading up more on it, Pretty interesting stuff. James Kettle did a presentation on it. He is a genius.

NatalieK · 03-14-2019, 09:45 AM

fuckers, hope you get it sorted

Acepimp · 03-14-2019, 04:07 PM

So I logged into CloudFlare, where my account didn't have any websites on Cloudflare! It looks like someone was able to get into my account and remove my site & redirect my domain.

I updated my password with a much stronger one and will also start using 2FA. Site is back up on Cloudflare.

I found this interesting article on DNS cache poisoning.

03-12-2019, 09:26 AM	#1
Acepimp All Facts Matter Industry Role: Join Date: Jan 2012 Location: East Coast Posts: 16,585	My Mainstream Site Got Hacked with PORN! Who Did It?? [SCREENSHOTS] I have some mainstream sites running Wordpress. The DNS was on Cloudflare. I looked at one site today and all I see is this Button: So I click it and it takes me to what looks like a Russian porn site and then immediately loads this pop-up: So I go to close the pop-up and it immediately opens a new tab with this full-screen ad: When I finally close all the bullshit the site looks like this: --------------------------------- I fixed this in 2 minutes by switching the site back to my webhost's nameservers. So have any of you heard of Cloudflare DNS hacks? __________________ Earn Recurring Money with ➜ Live Adult Webcams \| CrakRevenue \| Dream Cash Like Hot Sluts? >> DaniDanielsPorn.com Just Surfing? Chat with Streamate Camgirls

03-12-2019, 12:18 PM	#3
~Ray visit hardlinks.org Industry Role: Join Date: Jun 2003 Location: Las Vegas , Nv >>> [email protected] or icq 94994627 anytime Posts: 18,362	Oooo spooky __________________ Adult Backlinks for Adult Websites - Testimonials Available

03-12-2019, 12:52 PM	#4
lezinterracial Confirmed User Industry Role: Join Date: Jul 2012 Posts: 2,925	Web cache poisoning? I don't know much about it. But it does seem popular. https://portswigger.net/blog/practic...ache-poisoning __________________ Live Sex Shows Best Adult Content to Promote

03-12-2019, 06:39 PM	#5
HairyChick Slowly dying Industry Role: Join Date: Sep 2012 Location: Padanaram Posts: 3,091	Have you looked at server logs to see what commands were used? And from what possible IP? Was it a Wordpress hack using an older version? Did they hit any other sites on the box? __________________ ***************************************** Anti-Semites have Small Penis Syndrome. The only known treatment is electroshock therapy combined with cerebellum removal. Fortunately, it’s a tiny procedure. *****************************************

03-14-2019, 06:17 AM	#6
lezinterracial Confirmed User Industry Role: Join Date: Jul 2012 Posts: 2,925	Any updates on this? Was it web cache poisoning? Been reading up more on it, Pretty interesting stuff. James Kettle did a presentation on it. He is a genius. __________________ Live Sex Shows Best Adult Content to Promote

03-12-2019, 09:30 AM	#2
ghjghj So Fucking Banned Join Date: Jun 2005 Posts: 3,770	If you're not using 2FA on cloudflare they are most likely in your e-mail too.

03-14-2019, 09:45 AM	#7
NatalieK Natalie K Industry Role: Join Date: Apr 2010 Location: Spain Posts: 18,537	fuckers, hope you get it sorted __________________ My official site NatalieK.xxx My free porn & affiliate blog Natalie K affiliate program First time girls Skype: gspotproductions - "Converting your traffic into income since 2005"

03-14-2019, 04:07 PM	#8
Acepimp All Facts Matter Industry Role: Join Date: Jan 2012 Location: East Coast Posts: 16,585	So I logged into CloudFlare, where my account didn't have any websites on Cloudflare! It looks like someone was able to get into my account and remove my site & redirect my domain. I updated my password with a much stronger one and will also start using 2FA. Site is back up on Cloudflare. I found this interesting article on DNS cache poisoning. __________________ Earn Recurring Money with ➜ Live Adult Webcams \| CrakRevenue \| Dream Cash Like Hot Sluts? >> DaniDanielsPorn.com Just Surfing? Chat with Streamate Camgirls