The Diesel Garage banner

1 - 19 of 19 Posts

·
Vendor
Joined
·
382 Posts
Discussion Starter #1
All,

If you run a web server...check your security again...you can't check enough. It's been quite a long time since I've had problems and I had gotten complacent about security apparently. Some douchebag deleted all the files from the main folder for my website and deposited his own index.html file complete with the BS listed below:

PROHacker---------->Except our MESSENGER!!!
Hacked by: PROHacker
A Hacker From EGYPT
Note : We will BURN USA soon enshaallah
The Reason that make me do that is because you are supporting the war in Iraq, palestine and Afghanistan & killing our kids
Luckily my server isn't configured to display index.html as the standard page when you visit www.itpdiesel.com.

I'm so pissed right now. Unfortunately I didn't have logging on so I can't even track an IP address. Trust me though, that has been changed....along with passwords, login names, folder permissions, etc. If only I could spend a few fist to face minutes with the #$$%*&@$ that do this kind of crap...

Anyway...just wanted to put a friendly warning out there for those that may have relaxed a bit...DON'T!!!!!
 

·
Senior Member
Joined
·
4,024 Posts
THAT SUCKS!! What a lousey inconvenence...
 

·
Registered
Joined
·
1,290 Posts
sorry that it came to this...This is Bullcrap...People juist cant leave chit alone that isnt theirs...this is just as bad as stealing a man's truck...they need ot be hung....this sickens me...hope you get the site up soon...
 

·
Vendor
Joined
·
382 Posts
Discussion Starter #4
Far more than just an inconvenience!!! I have no idea how long the site was down or how much money is has cost me.
 
F

·
Guest
Joined
·
0 Posts
Dennis, so sorry to hear that, if you need anything, you know where to find me.
 

·
Vendor
Joined
·
382 Posts
Discussion Starter #6
fordt said:
Dennis, so sorry to hear that, if you need anything, you know where to find me.
I need the ******* that did this to be dealt with in a manner that is sufficiently violent!
 

·
Got Diesel?
Joined
·
824 Posts
The same bastards got me last month. the situation has been delt with. and luckily I had backups of everything... but like you say, it can certianly cost an unknown ammount of money.

most of my attempts come in at 2-3-4am EST if that helps any.
 

·
Registered
Joined
·
88 Posts
That is just terrible. Sorry to hear this. I screwed our website up real bad one day playing with some features I shouldnt have. So I know how it feels to have everything gone. What it costs in man hours alone is enough to make you want to rip his still beating heart and show it to him so he can see its black. Good luck and thanks for the heads up.
 

·
Vendor
Joined
·
382 Posts
Discussion Starter #9
WNYPA said:
The same bastards got me last month. the situation has been delt with. and luckily I had backups of everything... but like you say, it can certianly cost an unknown ammount of money.

most of my attempts come in at 2-3-4am EST if that helps any.
WNYPA,

Do you know how they got you? I wish I had more logging enabled so I could tell how they got into my site. They only touched one folder, so I'm thinking that they somehow executed some malicious php code while looking at my site...a vulnerability that was pointed out by my shopping cart company just this morning. I've applied that patch as of this afternoon (maybe I should have done it when I got the e-mail this morning?) so hopefull that hole is fixed.

I've further locked down the folders, changed the admin username and password, changed FTP passwords, and turned on some additional logging. If you have any recommendations for what I should be watching for I would greatly appreciate it.

Some days I long for the days of the wild west...cuz I got a .45 hollowpoint with ProHackers name on it! I'm still so pissed!!!
 

·
Registered
Joined
·
218 Posts
You need to find this guy and string him up!!!!
 

·
Got Diesel?
Joined
·
824 Posts
Mine was an ASP script, but the uploaded both an ASP and a PHP script. Then executed. This is the second time it happened, I had a single folder with Write permissions enabled, with this they uploaded ther "File Management" script and started modifying pages, or deleting them all together.

Somehow it looks like they were able to modify permissions on some folders the first time, but the changes I made seem to have prevented this the second time.

Keep an eye out for ANY directories with write permissions, any upload scripts you have. Forums need to be looked at.

my forum had a script to upload images and such. they modified the database (.mdb) to allow different file types. and sizes. also re-set my admin account in the forum.

Some of these were different groups, but the one that we had in common seemed to be a directory with write permissions down in my photo gallery.

I got sloppy when bringing in a whole folder of images. it didn't replicate permissions properly.
 
4

·
Guest
Joined
·
0 Posts
Dennis...if there is anything we can help with...let us know.

I just googled the ProHacker...Uuff...this boy has been to many many places...basically doing what he did to your site.
 

·
Mafia Member
Joined
·
523 Posts
ITPDiesel said:
All,

If you run a web server...check your security again...you can't check enough. It's been quite a long time since I've had problems and I had gotten complacent about security apparently. Some douchebag deleted all the files from the main folder for my website and deposited his own index.html file complete with the BS listed below:



Luckily my server isn't configured to display index.html as the standard page when you visit www.itpdiesel.com.

I'm so pissed right now. Unfortunately I didn't have logging on so I can't even track an IP address. Trust me though, that has been changed....along with passwords, login names, folder permissions, etc. If only I could spend a few fist to face minutes with the #$$%*&@$ that do this kind of crap...

Anyway...just wanted to put a friendly warning out there for those that may have relaxed a bit...DON'T!!!!!
If you somehow do get the IP, or if it happens again, give me the ip. After that dont ask any questions. :smoke:
 

·
Got Diesel?
Joined
·
824 Posts
After googleing,

I see alot of forum member names comming up from various forums... My guess is he exploited the forums in some fasion.

without giving out too much info... does the main site, and forum share a server?
 

·
Vendor
Joined
·
382 Posts
Discussion Starter #16
A lot of forums run on PHP, so I'm guessing that is one of the common methods.

Yes, my forums and site share a server, but different folders. The folder that was hacked was not the forum, it was the main site. The main site runs on PHP too...and like I said, there was a vulnerability that the cart company e-mailed about this morning (which has been plugged with a patch).

Apparently PHP is often configured to allow remote execution, i.e. call a PHP file from another server and it will be run. It's my guess that's how this happened.
 

·
Registered
Joined
·
598 Posts
:nunu: :nunu: :agreed: :Axe_anim: :Axe_anim: :snipersmilie: :snipersmilie:
mother_goose said:
If you somehow do get the IP, or if it happens again, give me the ip. After that dont ask any questions. :smoke:

Sorry to hear this Dennis!!! I can't believe how much scum is out there!!!
 

·
Senior Member
Joined
·
963 Posts
mother_goose said:
If you somehow do get the IP, or if it happens again, give me the ip. After that dont ask any questions. :smoke:

Like Mother said above, if you get an IP or a string of IP's, or anything in your logs denoting hostnames of servers used to get to you...PM them my way...and Like Mother said...don't ask any questions.


:snipersmilie: :ninja: :bc
 

·
Registered
Joined
·
1,870 Posts
LokiWolf said:
Like Mother said above, if you get an IP or a string of IP's, or anything in your logs denoting hostnames of servers used to get to you...PM them my way...and Like Mother said...don't ask any questions.


:snipersmilie: :ninja: :bc
X3 :sofa :nunu:
 
1 - 19 of 19 Posts
Top