ive been hacked need help asap

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Va2k
    I’m still alive barley.
    • Oct 2001
    • 10060

    #1

    ive been hacked need help asap

    I come home find all my index.html files were changed to this
    <html>
    <head>
    <title>Hacked By USG!</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    </head>

    <body bgcolor="#000000" text="#999999" link="#6666FF">
    <center><h3>USG (UNIX Security Guards)</h3></center>
    <hr>
    <p> There is no such thing as Jerusalem the capital of Israel</p>
    <p> There is only one arabic Jerusalem</p>
    <p> USA I think that you are all about to be some war criminals</p>

    <p> UK you are a slave to USA</p>
    <hr>
    <p align="center"><b>FREE PALESTINE!</b></p>
    <p align="center"><b>STOP THE PAIN!</b></p>
    <p>&nbsp;</p>
    <p>Greetz: AIC (Anti India Crew), WFD (World Fabulous Defacers),DkD,
    BreaKIce, Rivver, TheBugz, raiden4 and everyone else who fights for the same case.</p>
    <p>&nbsp;</p>
    <p align="center"><code> WE Are: Egyptian|Fighter, ShellCode, LinuxLover
    and rD.</code></p>
    <p align="center">&nbsp;</p>
    <p align="center"><code>rD of USG</code></p>
    <p align="center"><b> <strong><a
    href="mailto:[email protected]">[email protected] m</a></strong></b></p>
    </body>
    </html>


    WTF how can this happen anyone know how or what they did to get in?
  • Amputate Your Head
    There can be only one
    • Aug 2001
    • 39075

    #2
    sorry man... I thought you'd like it.
    SIG TOO BIG

    Comment

    • mrthumbs
      salad tossing sig guy
      • Apr 2002
      • 11702

      #3
      And did the new front-end convert..?!

      Comment

      • Amputate Your Head
        There can be only one
        • Aug 2001
        • 39075

        #4
        Originally posted by mrthumbs
        And did the new front-end convert..?!
        I can't see how it wouldn't....
        SIG TOO BIG

        Comment

        • pornJester
          Confirmed User
          • Mar 2001
          • 6138

          #5
          you're fucked... but seriously you need someone (who know's what they are doing) to take a look at your server.,, hit me up on icq if you need some help finding someone to do so.. 91573698


          FreshBucks | Webmaster Vault | GayAW
          Trusted Names in Adult.
          ICQ 9157.3698

          Comment

          • cherrylula
            lol
            • Jan 2002
            • 15969

            #6
            that fucking sucks ass.....

            May the force be with you.

            Comment

            • Va2k
              I’m still alive barley.
              • Oct 2001
              • 10060

              #7
              FREAKING terriost or how ever you spell it lmao man that really sucks donkey balls

              Comment

              • theking
                Nice Kitty
                • Sep 2002
                • 21053

                #8
                Va2K I am sorry this happened to you. You seem to be a decent sort and hard working. I hope you can fix the problem ASAP.
                Last edited by theking; 10-07-2002, 05:26 PM.
                When you're running down my country hoss...you're walking on the fighting side of me!

                FOR THE LYING LOWLIFE POSTING AS PATHFINDER...http://gfy.com/fucking-around-and-pr...athfinder.html

                Comment

                • Va2k
                  I’m still alive barley.
                  • Oct 2001
                  • 10060

                  #9
                  www.fuckingmature.com this is one out of about 150 sites on my box ARGH@#$@#$@#$@#$#@$$#@#$@#@$$#@

                  Comment

                  • .:Frog:.
                    Confirmed User
                    • Jul 2002
                    • 2123

                    #10
                    weird!
                    Last edited by .:Frog:.; 10-07-2002, 05:30 PM.
                    <a href="http://www.pornopayouts.com/?rid=pp3076">PornoPayouts</a>
                    Tons of Hosted Galleries.

                    Comment

                    • Va2k
                      I’m still alive barley.
                      • Oct 2001
                      • 10060

                      #11
                      Originally posted by theking
                      Va2K I am sorry this happened to you. You seem to be a decent sort and hard working. I hope you can fix the problem ASAP.
                      you know thank you I could understand if i fucked others or was a cheat but GOD DAMN what did i do to deserve this shit. FIRST god damn VISA then money and NOW MY SITES am I pissed hell yea cause I dont knwo what to do and my admin is been so busy I cant get a hold of him if there is anyone I MEAN anyone that knows me and I know them I will pay you what I can if you help me fig out how the FUCK they did this

                      Comment

                      • gothweb
                        Confirmed User
                        • Jun 2002
                        • 8849

                        #12
                        [/COLOR]

                        Photos by Ian X.: Distinctive photos of goth babes.
                        Blood Money:Your traffic, my sites, our money.
                        MojoHost: Still the best.

                        Comment

                        • Carrie
                          Confirmed User
                          • Apr 2002
                          • 3162

                          #13
                          Are you prepared to wipe that box and re-load it?
                          Most likely they left themselves a backdoor. Hunting down that backdoor could take days, while simply reloading could take a few hours.
                          When your sysadmin reappears, tell him you want IPChains set up on the box immediately with Logcheck emailing you every 15 minutes (at least) and all non-essential ports closed down.
                          If you've got telnet on the box, install SSH2 and disable telnet. If you've got anonymous FTP turned on, turn it off.
                          Change all of your passwords - and then do it again at *least* once a month from here on out.
                          If you still can't get a hold of your sysadmin, install this until you can: http://www.pointman.org/PMFirewall/
                          It's got easy instructions and is just as easy to open up a port if you close it by mistake.

                          Best of luck - and check your logs to find out who these fuckers are so you can fry 'em.

                          Comment

                          • cherrylula
                            lol
                            • Jan 2002
                            • 15969

                            #14
                            hey maybe you need to report that somewhere? to some authority?

                            maybe you can get some free publicity = traffic

                            Comment

                            • Va2k
                              I’m still alive barley.
                              • Oct 2001
                              • 10060

                              #15
                              Originally posted by Carrie
                              Are you prepared to wipe that box and re-load it?
                              Most likely they left themselves a backdoor. Hunting down that backdoor could take days, while simply reloading could take a few hours.
                              When your sysadmin reappears, tell him you want IPChains set up on the box immediately with Logcheck emailing you every 15 minutes (at least) and all non-essential ports closed down.
                              If you've got telnet on the box, install SSH2 and disable telnet. If you've got anonymous FTP turned on, turn it off.
                              Change all of your passwords - and then do it again at *least* once a month from here on out.
                              If you still can't get a hold of your sysadmin, install this until you can: http://www.pointman.org/PMFirewall/
                              It's got easy instructions and is just as easy to open up a port if you close it by mistake.

                              Best of luck - and check your logs to find out who these fuckers are so you can fry 'em.
                              I allready have the firewall ill go do the ipchan prolly blow up my damn server now

                              Comment

                              • trailboss
                                Registered User
                                • Oct 2002
                                • 54

                                #16
                                Va2k,

                                There are some security holes in Cobalt. I'm not familiar with them. We run FreeBSD. Sure hope you got backups.

                                I wear belt and suspenders. Have a complete backup of everything on all three of our PC's.

                                The site www.fuckingmature.com is running
                                Apache/1.3.12 Cobalt (Unix) mod_ssl/2.6.4 OpenSSL/0.9.5a PHP/4.1.2 mod_auth_pam/1.0a FrontPage/4.0.4.3 mod_perl/1.24

                                We had an NT box get hacked last summer. After we moved all the sitesof it we got a box of shells took it out in the desert and had some fun target practice.

                                Blew the living shit out of it.
                                BTW you can have Full Auto in Nevada. Rock n' Roll.

                                Comment

                                • Va2k
                                  I’m still alive barley.
                                  • Oct 2001
                                  • 10060

                                  #17
                                  Originally posted by trailboss
                                  Va2k,

                                  There are some security holes in Cobalt. I'm not familiar with them. We run FreeBSD. Sure hope you got backups.

                                  I wear belt and suspenders. Have a complete backup of everything on all three of our PC's.

                                  The site www.fuckingmature.com is running
                                  Apache/1.3.12 Cobalt (Unix) mod_ssl/2.6.4 OpenSSL/0.9.5a PHP/4.1.2 mod_auth_pam/1.0a FrontPage/4.0.4.3 mod_perl/1.24

                                  We had an NT box get hacked last summer. After we moved all the sitesof it we got a box of shells took it out in the desert and had some fun target practice.

                                  Blew the living shit out of it.
                                  BTW you can have Full Auto in Nevada. Rock n' Roll.
                                  HOW the hell did you get that info?????? CAN you help me fix these holes???? Pwease pretty pwease with a cherry on top or a tittie

                                  Comment

                                  • trailboss
                                    Registered User
                                    • Oct 2002
                                    • 54

                                    #18
                                    Va2k,

                                    my icq is 64074953.

                                    I can try to help.

                                    Comment

                                    • AcidMax
                                      Confirmed User
                                      • May 2002
                                      • 1827

                                      #19
                                      That information is easy to get...just peep this URL:

                                      Check out www.netcraft.com for more information (Click on "Whats that site running")

                                      It will show you information about your webserver and even start keeping tabs about your uptime .

                                      Let me just add that the URL above shows nothing that anyone can use OTHER than the information. Hackers are smart, upgrade your packages on your cobalt and get everything up to date.

                                      Otherwise upgrade your sites to a newer box, Cobalt RaQ's are notorious for intrusions. Also, the newer version of the cobalt software has ways to notify you of port scans and hack attempts.


                                      AJ
                                      Last edited by AcidMax; 10-07-2002, 06:14 PM.
                                      Latest MMA news. http://www.mmawrapup.com

                                      Comment

                                      • Cogitator
                                        Confirmed User
                                        • Feb 2002
                                        • 672

                                        #20
                                        Encrypt your damn password file!
                                        - this space intentionally left blank -

                                        Comment

                                        • foe
                                          Confirmed User
                                          • May 2002
                                          • 5246

                                          #21
                                          That sucks man, seriously get some one who knows what hes doing to take a look at your servers and make sure to stay current with patches

                                          Comment

                                          • Va2k
                                            I’m still alive barley.
                                            • Oct 2001
                                            • 10060

                                            #22
                                            Ok I need an admin anyone want some $$$ hit me up asap

                                            Comment

                                            • HQ
                                              Confirmed User
                                              • Jan 2001
                                              • 3539

                                              #23
                                              Originally posted by va2k
                                              WTF how can this happen anyone know how or what they did to get in?
                                              Many ways!!! Let's start with making sure all your passwords are not the same!

                                              Comment

                                              • faytl
                                                Confirmed User
                                                • Jul 2002
                                                • 121

                                                #24
                                                24449990, might be able to help...

                                                Comment

                                                • cosis
                                                  Confirmed User
                                                  • Aug 2001
                                                  • 5292

                                                  #25
                                                  if your server is new make sure the root password is changed from the default

                                                  Comment

                                                  • pr0
                                                    rockin tha trailerpark
                                                    • May 2001
                                                    • 23088

                                                    #26
                                                    man thats some terrorism right there
                                                    __________
                                                    Loadedca$h - get sum! - Revengebucks - mmm rebills! - webair (gotz sErVrz)

                                                    Comment

                                                    • trailboss
                                                      Registered User
                                                      • Oct 2002
                                                      • 54

                                                      #27
                                                      HiYa AcidMax,

                                                      I thought everbody and their dog knew about www.netcraft.com


                                                      Here are a couple other usefull tools:

                                                      Dns Traversal http://www.squish.net/dnscheck/

                                                      ARIN http://www.arin.net/whois/index.html

                                                      CyTech http://www.cytechconsult.com/

                                                      So Tell your dogs.

                                                      Trailboss

                                                      Comment

                                                      • Va2k
                                                        I’m still alive barley.
                                                        • Oct 2001
                                                        • 10060

                                                        #28
                                                        I found who was behind this attack
                                                        http://news.bbc.co.uk/1/hi/sci/tech/2052320.stm wtf woudl they pick on someone as little as me

                                                        Comment

                                                        • Va2k
                                                          I’m still alive barley.
                                                          • Oct 2001
                                                          • 10060

                                                          #29
                                                          here they are on tech tv http://www.techtv.com/news/security/...392443,00.html http://www.spitcum.com i still havevt gotten all my sites fixed

                                                          Comment

                                                          • pr0
                                                            rockin tha trailerpark
                                                            • May 2001
                                                            • 23088

                                                            #30
                                                            Originally posted by va2k
                                                            I found who was behind this attack
                                                            http://news.bbc.co.uk/1/hi/sci/tech/2052320.stm wtf woudl they pick on someone as little as me
                                                            Mail bomb em

                                                            Didn't they leave a mail box addy?
                                                            __________
                                                            Loadedca$h - get sum! - Revengebucks - mmm rebills! - webair (gotz sErVrz)

                                                            Comment

                                                            • Va2k
                                                              I’m still alive barley.
                                                              • Oct 2001
                                                              • 10060

                                                              #31
                                                              Originally posted by pr0


                                                              Mail bomb em

                                                              Didn't they leave a mail box addy?
                                                              yea hackermail.com FUCK THAT I aint pissing no one off..... Maybe they will never return to my little site lmao good nite this was a bitch of a night

                                                              Comment

                                                              • redshift
                                                                Confirmed User
                                                                • Jan 2002
                                                                • 1044

                                                                #32
                                                                here's some hints:
                                                                turn off all services that are not needed
                                                                update - update - update - update
                                                                do not use telnet - use ssh

                                                                just for example

                                                                if you need any help
                                                                icq me at 576 1 0 2 1

                                                                I've been running several linux servers for 5 years now
                                                                have never been hacked (KNOCK ON WOOD HAHA)

                                                                now that I have said this I will wake up in the morning with every damn one em hacked
                                                                Last edited by redshift; 10-07-2002, 09:10 PM.

                                                                Comment

                                                                • [Dan]
                                                                  Confirmed User
                                                                  • Oct 2001
                                                                  • 143

                                                                  #33
                                                                  Wow your server is full of security holes:

                                                                  Server: Apache/1.3.12 Cobalt (Unix) mod_ssl/2.6.4 OpenSSL/0.9.5a PHP/4.1.2 mod_auth_pam/1.0a FrontPage/4.0.4.3 mod_perl/1.24


                                                                  Apache: versions < 1.3.27 are unsafe
                                                                  PHP: you need to upgrade to 4.2.3
                                                                  OpenSSL: you need to upgrade (the library) to 0.9.6e


                                                                  And it's only what can be seen really fast. Your sshd is probably vulnerable too, judging by the date of the software you run... From what I know they could very well change the pages through the PHP hole, without having shell access to your server..
                                                                  Last edited by [Dan]; 10-07-2002, 09:44 PM.

                                                                  Comment

                                                                  • chaze
                                                                    Confirmed User
                                                                    • Aug 2002
                                                                    • 9774

                                                                    #34
                                                                    Most hackers use port scanning make sure you get a good firewall and block every port you can, this might scare them off. They roll out onto thousands of servers and wait for a reply from there scans.

                                                                    It's kinda like how a thief passes a car when they see the blinking alarm on the dash. If they see your firewall it will lead them to the next box that's showing a up front weakness.

                                                                    Basically any intense hacker can break a box you just to try and detour them before they get to interested.

                                                                    I would do a format they could of left another route anywhere on your box.

                                                                    Good luck,

                                                                    Charles
                                                                    Like the desert needs the rain
                                                                    We do fully manged WordPress, VPS, and Servers. Adult Host Pro https://adulthostpro.com/ Since 2001

                                                                    Comment

                                                                    • Ace-Ace
                                                                      Confirmed User
                                                                      • May 2002
                                                                      • 1863

                                                                      #35
                                                                      Usama hitting at the heart of America; porn.
                                                                      JamPlay.com - Online, video-based guitar lessons

                                                                      Comment

                                                                      • Acolyte
                                                                        Registered User
                                                                        • Oct 2002
                                                                        • 22

                                                                        #36
                                                                        I would do a format they could of left another route anywhere on your box.
                                                                        You might consider using tripwire on your new install, or one of the opensource lookalikes. It makes it a little bit easier to spot new or changed files.
                                                                        Last edited by Acolyte; 10-08-2002, 09:24 AM.
                                                                        ... just a thought ...

                                                                        Comment

                                                                        Working...