So today I was working on a few websites, and when I went back to my main site, http://www.mindfuseproductions.com, I noticed that it had been hacked and taken over by some (most likely script kittie) that went by the name of “Alberto Karlos TKJ | Black Force Crew”. My site theme files were edited with the above tagline.. and it said something about “evaluate your security :).” Not that it’s relevant but some terrible emo song was also embedded on the page and played in the background.
ANYWAY.. I’ve never been hacked before, and trying to find the exploit they used is a bit beyond what I normally deal with. I did look at my access logs however, and found their ip address. They actually apparently come from indonesia..and I noticed that they accessed “favicon.ico” quite a bit.. and right before actually submitting an edited file through the theme editor (the log says POST.. so I’m assuming that’s when they submitted the change).
This is a copy of the log, if anyone is bored and would like to possibly help or give me feedback:
Their IP is the 111.* address. Along with changing my theme files they also changed my password. I hope this post is allowed, and I hope that someone can help.. as I’m fairly nervous that they’ll rehack me. I’ve changed all my passwords, but clearly they used some sort of exploit to get in, which either bypassed my password or stole it.
- The topic ‘Got hacked.. any way I can find out how? I have logs..’ is closed to new replies.