Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
clanhtas.net website defaced
#1

hi guys

 

the site was defaced probably due to really old openssl versions etc

 

heres the servers details

 

Apache/1.3.29 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.2 PHP/4.3.4 FrontPage/5.0.2.2634 mod_ssl/2.8.16 OpenSSL/0.9.6b

 

its more than likely rootkitted by now

 

ive put up a temp index.php page just to alert people that its down but below is a screenshot of the defaced page

 

cheers

 

anyweb

<a class="ipsAttachLink ipsAttachLink_image" href="<fileStore.core_Attachment>/post-38-1072184360.png" data-fileid="12">[img]<fileStore.core_Attachment>/post-38-1072184360.png[/img]</a>



Attached Files
.png   Screenshot_1.png (Size: 91.38 KB / Downloads: 0)
Reply
#2

from what i can see the website was hacked at 1:58AM

 

the hacker copied index.html (946 bytes) to every single folder in the website layout,

 

i am attempting to remove the offending file from all those folders, and im making a backup of the site right now (takes time over ftp)

 

however, if they got in, then the site/server is compromised and could have rootkits installed

 

the hacker... uses 'their' logo from this address

 

[/url][url=http://www.tr0yck.blogger.com.br/]http://www.tr0yck.blogger.com.br/ which is in brazil channel #Ir4dex on irc.brasnet.org

 

so thats where you can start to look for them,

 

cheers

 

anyweb

Reply
#3

Nice. At leas the deface wasn't anything explictive or anything. That's at least a positive side. Thanks for that info, this could be the start of something fun. :P

 

Sorry to hear about the defacing, but I like a challenge, and I feel like fighting back. Go go go....

 

[img]<___base_url___>/uploads/emoticons/default_ph34r.png[/img][img]<___base_url___>/uploads/emoticons/default_ph34r.png[/img][img]<___base_url___>/uploads/emoticons/default_ph34r.png[/img][img]<___base_url___>/uploads/emoticons/default_ph34r.png[/img][img]<___base_url___>/uploads/emoticons/default_ph34r.png[/img]

Reply
#4
478 index.html 's man these guys are assholes...
Reply
#5
it looks like everything was up to date. My guess is they got someone's account and got in that way
Reply
#6
Hacked? [img]<___base_url___>/uploads/emoticons/default_ohmy.png[/img] lol...... [img]<___base_url___>/uploads/emoticons/default_rolleyes.gif[/img]
Reply
#7
Anyweb mate it's your forums you're the one that supposed to help others lol!
Reply
#8

its NOT my forums dude, its the forums of a CLAN that i happen to be a member of,

 

the site that was hacked was [/url][url=http://www.clanhtas.net]http://www.clanhtas.net

 

their site was rooted, i'm just reporting it here and doing what i can to help

 

my site (https://www.linux-noob.com) has nothing to do with the clan site,

 

cheers

 

anyweb

Reply
#9

i got the site back up by

 

ftping the entire content down locally,

 

deleting all index.htmls and index.php's that were created

 

taking a backup of the site from october and overwriting the current one with that and then ftp'ing that all back to the site

 

seems to work now at least, and the host says the server wasnt rooted, that the hackers exploted a vulnerability (which they wont tell) and all is updated and ok now

 

thats good for xmas

 

cheers

 

anyweb

Reply
#10

I meant that this linux n00b is your forums...

 

What can u and longbow do to secure HTAS' forums and prevent the bored hackers from hacking to our site again?

 

 

And thanks a lot to you and longbow for fixing the site :)

Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)