| Author |
 Topic Search  Topic Options
|
ROLAIDS 
Newbie
Joined: 07 June 2005
Location: United States
Status: Offline
Points: 11
|
 Post Options
 Thanks(0)
 Quote  Reply
 Posted: 15 August 2005 at 11:50am |
I was hacked by this guy yesterday morning, while posting myself, I noticed that the Admin menu was gone and that I no longer had access to the forum. I refresh the screen and saw him hacking the forum right before my eyes, with his pro-Islamic jargon.
I simply moved the database out of the folder, so he no longer had access to it, he would have to find it first, then I took other security measures.
Interestingly, I did some googling and found his e-mail address or at least one he uses. I asked him how do I get control of my forum back and he replied:
 From: eno7 eno7 [mailto:eno7@mail.com]
Sent: Sunday, August 14, 2005 12:02 PM
Subject: RE: HACKED BY ENO7
Dont worry i didnt erase any thing only i renamed topics name...
Forum Database is in my Harddisk and i have all passwords
i may send you new password or all database..
But there is a condition for backing your forum...
You wont say any bad words for islam and you wont do any insult about islam...
if you accept this rules i will give you admin password...
i am white hat hacker ENO7 |
|
 |
JJLatWebWiz
Groupie
Joined: 02 March 2005
Location: United States
Status: Offline
Points: 136
|
Post Options
Thanks(0)
Quote Reply
Posted: 15 August 2005 at 4:10pm |
ROLAIDS, more than likely, the loser has planted a hacker tool like ASP.Ace on your server. Using that hacker tool, you could put your MDB anywhere you want, and as long as you don't change folder and file permissions, that son of a orospu will always be able get to your data. The anonymous web user (IUSR_<servername>) is a member of the special "Everyone" group in Windows and by default, the Everyone group can do just about anything on the server. The only folder(s) on your site that anonymous users should have write permissions on are (the) "upload" folder(s). All other folders should have read-only permissions. Make sure the upload folder does not give the anonymous account permission to execute, script, or browse.
By the way, people like ENO7 have no honor. They are among the least trustworthy people on earth. If you agree to his terms, he will still hack your site any time he gets the urge. He has already dishonored himself, his family, his culture, his country, his religion, and his god. If he is in fact a Muslim, he has misinterpretted the Quran in such a way that it tells him to lie to disbelievers in order to advance the cause of Allah. Such people can not be trusted at their word, and they will take advantage of you at every turn.
|
|
Pros
Newbie
Joined: 15 August 2005
Status: Offline
Points: 4
|
Post Options
Thanks(0)
Quote Reply
Posted: 15 August 2005 at 4:36pm |
^ thats really wierd because a "turkish" guy has hacked my forum twice today, the thing is my forum is an islamic forum.
He has deleted all our posts and now he has deleted all our members.
I'm only an admin on the forum not the owner of the site so i cant move the directory and i don't know how to disable write permission or even if i can.
|
|
JJLatWebWiz
Groupie
Joined: 02 March 2005
Location: United States
Status: Offline
Points: 136
|
Post Options
Thanks(0)
Quote Reply
Posted: 15 August 2005 at 5:09pm |
Pros, if you can't protect the files, then you can't protect the forum.
Do you have FTP permissions on the site? If you do, you can at least move the mdb and make regular backups. But, if the owner won't do anything to secure the site, the forum will continue to be hacked.
|
|
sfd19
Senior Member
Joined: 20 December 2004
Status: Offline
Points: 263
|
Post Options
Thanks(0)
Quote Reply
Posted: 15 August 2005 at 6:20pm |
|
Pros is using WWF 7.6 what might also have been the reason that he was hacked. It looks like most (or even all?) hacked websites have been using outdated WWF versions.
|
|
|
|
Pros
Newbie
Joined: 15 August 2005
Status: Offline
Points: 4
|
Post Options
Thanks(0)
Quote Reply
Posted: 15 August 2005 at 8:53pm |
No i dont have FTP permissions but im trying to get in touch with someone who does.
Thanx for the advice.
|
|
ROLAIDS
Newbie
Joined: 07 June 2005
Location: United States
Status: Offline
Points: 11
|
Post Options
Thanks(0)
Quote Reply
Posted: 15 August 2005 at 11:36pm |
|
I have noticed one thing about the various WWForums that have been hacked it states that the last members was mesta, thus apparently this guy joins the forum to see what happenes after he hacks into them
|
|
psycotik
Groupie
Joined: 27 November 2003
Status: Offline
Points: 73
|
Post Options
Thanks(0)
Quote Reply
Posted: 16 August 2005 at 6:44am |
|
If the hacker replaced the index/default pages on your site, he could be using an automated hack.
It gets in using the MDAC exploit.
You can see that this is being used by looking at your server logs, you will see an entry like:
[22:22:22] 111.111.11.111 222.22.22.22 PUT /file.asp Microsoft+Data+Access+Components
I cant remember the exact string off the top of my head but it
has a "PUT" instead of the normal "GET" and has m.d.a.c just after it.
If you find this in your logs, do a search for disabling mdac in your
registry and restart IIS (thats if you dont need this service).
|
|
