Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5 website defaced

hi guys


the site was defaced probably due to really old openssl versions etc


heres the servers details


Apache/1.3.29 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.2 PHP/4.3.4 FrontPage/ mod_ssl/2.8.16 OpenSSL/0.9.6b


its more than likely rootkitted by now


ive put up a temp index.php page just to alert people that its down but below is a screenshot of the defaced page





<a class="ipsAttachLink ipsAttachLink_image" href="<fileStore.core_Attachment>/post-38-1072184360.png" data-fileid="12">[img]<fileStore.core_Attachment>/post-38-1072184360.png[/img]</a>

Attached Files
.png   Screenshot_1.png (Size: 91.38 KB / Downloads: 0)

from what i can see the website was hacked at 1:58AM


the hacker copied index.html (946 bytes) to every single folder in the website layout,


i am attempting to remove the offending file from all those folders, and im making a backup of the site right now (takes time over ftp)


however, if they got in, then the site/server is compromised and could have rootkits installed


the hacker... uses 'their' logo from this address


[/url][url=] which is in brazil channel #Ir4dex on


so thats where you can start to look for them,






Nice. At leas the deface wasn't anything explictive or anything. That's at least a positive side. Thanks for that info, this could be the start of something fun. :P


Sorry to hear about the defacing, but I like a challenge, and I feel like fighting back. Go go go....



478 index.html 's man these guys are assholes...
it looks like everything was up to date. My guess is they got someone's account and got in that way
Hacked? [img]<___base_url___>/uploads/emoticons/default_ohmy.png[/img] lol...... [img]<___base_url___>/uploads/emoticons/default_rolleyes.gif[/img]
Anyweb mate it's your forums you're the one that supposed to help others lol!

its NOT my forums dude, its the forums of a CLAN that i happen to be a member of,


the site that was hacked was [/url][url=]


their site was rooted, i'm just reporting it here and doing what i can to help


my site ( has nothing to do with the clan site,






i got the site back up by


ftping the entire content down locally,


deleting all index.htmls and index.php's that were created


taking a backup of the site from october and overwriting the current one with that and then ftp'ing that all back to the site


seems to work now at least, and the host says the server wasnt rooted, that the hackers exploted a vulnerability (which they wont tell) and all is updated and ok now


thats good for xmas






I meant that this linux n00b is your forums...


What can u and longbow do to secure HTAS' forums and prevent the bored hackers from hacking to our site again?



And thanks a lot to you and longbow for fixing the site :)


Forum Jump:

Users browsing this thread: 1 Guest(s)