HACKED BY Mr.Sh3ll
 

hacked by Mr.Sh3ll (Kurdish Hacker)

:Oh crap

sorry to hear

I've been having some shit to clean up due to spam/hackers recently too

they need to :boid

i like how he explains ( kurdsh hacker ) lol

http://img139.imageshack.us/img139/492/88412482.png

Googled it and he has a lot that are still hacked.

http://www.google.com/search?q=hacke...ient=firefox-a

Sorry dude, that sucks.

Mass deface from some recently released public exploit. He did not even visit your site.

sorry man but as ladida said worst is that its just a kids playing some games. solve the problem and its nothing to be affraid of anymore, those kids are lamers who can read and not hackers

Have you been playing with wordpress sites again?

yeah whats he exploiting ?

Maybe bind exploit ?

Yea, really.

:error:Oh crap

user error

I'd really like to know what it is you had hacked.

can somebody explain me, when somebody hack you, what they do so you cant get back your site for hours?

this thread does not deliver

maybe a whole new OS has to be loaded on the server.
MySQL must be cleaned of all injections
Backups must be scan and clear of any shit
and so on ....

.. and one of the most famous turkish hacker/defacer : iskorpitx

Has ben interviewed on TV, has many Youtube videos ...

As to see the upcoming defacement, I am not putting the link, but look for :

Zone - H dot ORG

Hacked by Mr.Sh3ll

Kurdish hacker

10010010010010010010010010010010010010010010010010 01001001001001
00100100100100100100100100100100100100100100100100 10010010010010
01001001001001001001001001001001001001001001001001 00100100100100
10010010010010010010010010010010010010010010010010 01001001001001
00100100100100100100100100100100100100100100100100 10010010010010
01001001001001001001001001001001001001001001001001 00100100100100
10010010010010010010010010010010010010010010010010 01001001001001
00100100100100100100100100100100100100100100100100 10010010010010
01001001001001001001001001001001001001001001001001 00100100100100
10010010010010010010010010010010010010010010010010 01001001001001
00100100100100100100100100100100100100100100100100 10010010010010
01001001001001001001001001001001001001001001001001 00100100100100
10010010010010010010010010010010010010010010010010 01001001001001
00100100100100100100100100100100100100100100100100 10010010010010
01001001001001001001001001001001001001001001001001 00100100100100
10010010010010010010010010010010010010010010010010 01001001001001
00100100100100100100100100100100100100100100100100 10010010010010
01001001001001001001001001001001001001001001001001 00100100100100
10010010010010010010010010010010010010010010010010 01001001001001
00100100100100100100100100100100100100100100100100 10010010010010
01001001001001001001001001001001001001001001001001 00100100100100
10010010010010010010010010010010010010010010010010 01001001001001
00100100100100100100100100100100100100100100100100 10010010010010
01001001001001001001001001001001001001001001001001 00100100100100
10010010010010010010010010010010010010010010010010 01001001001001
00100100100100100100100100100100100100100100100100 10010010010010
01001001001001001001001001001001001001001001001001 00100100100100



Mr.Sh3ll Is My Name And The Hacking Is My Game



[email protected]

Sorry to hear you got hacked.

In this particular case, apparently he just hacks into the site and swaps out the index file. So he is a nice hacker.

My client about shit his pants when this happened, and he apparently does not wanna pay for a back up service for his server. Luckily in this case it was not a complete site reinstall, or anything like that. Just a simple fix to get resolved.

Yeah, I ran the search as well. Seems he has hacked quite a few places. Almost like he's keeping score.

well like the guy said.. hacking is his game

Was it hacked via the software being used on the site(wordpress,joomla,whatever) and if so what was it the client was using?

Ruining it for all other hackers...

That I do not know, and it has not been figured out yet. The host is supposedly running some kinda trace program to see what information they can find out.

My best guess based on the information provided is,.... the server was compromised either by my client, or one of the sites he is hosting for other people. He apparently is selling off some of his additional space, like a hosting company, and hosting his pard's.

So it could be an the client, or my guess is, one of his pard's could have compromised the server somehow. Either way, glad it was just an index swap.

I told him he either needs to pay for the back up, or RAID, or something to back shit up, and obviously do something else about passwords, and being easily compromised moving forward.

In the end, it could have been a lot worse for him and his pals on the server then it turned out to be.

at least he only swapped out the index.html, some will remove everything

It was probably apache bug.

clonebox is great and seamless

RAID will not help him if he gets hacked, RAID is not backups!!!

true ... and backup on 2nd drive will be good ONLY if unmounted after the backup is done.

I had that type of attack on a virtual box, and he wiped out all index.html as well as main.html and php to ( if my memory is right ).It wiped out also the backup drive.

The MAIN problem is that it also wiped out the Cpanel index files and deep into sub-folders.

A reinstall was required and most clients did not have their own backups ( naturally ... host fault ). Had to recreate the index files....

It came from a script that was nulled by a turkish group, installed by a client , and that had a huge backdoor to the server ( like giving root in ssh ). Those who know will recognize part of the names of the sripts : 57 and 99 with some letters before.

That is THE problem with virtual.

So, on topic , do your OWN backups, and save them to another server or locally. :2 cents:

nope.......

and sometimes, you are not hacked on the main page, but just in a folder ( script folder, content folder ) :

example : marksfoods.co.uk/ ( clean )
marksfoods.co.uk/recipes/pictures/ ( hacked )

the bind exploit is a denial of service.

Lol, so many people talking out of their ass in here it's too funny :)

"bind exploit" "apache bug" "OS reinstall after index.htm hijjack" "you are hacked in a folder" and shit like that are very funny :) I hope noone pays you people for that :)

damn thats fucked up i got a royal screw on 3 copies of at3 iframe hell

Would you like me to post the bind DoS code? You want the perl or C version?

Reinstalling from a known good copy is pretty standard advice after being compromised. I assume you have a CISSP or some other qualifications to state "Mass deface from some recently released public exploit. He did not even visit your site. "

What recently released public exploit do you think this was?

How do you hack a computer if you don't access it? :1orglaugh

Man that's too bad. What a pain to have to deal with.

that sucks man, hopefully you got it all cleaned up