Hackers are busy again!!

spencerp
(@spencerp)

18 years, 2 months ago

Well, since I haven’t really been online the past day or so, I hadn’t noticed my blog’s and gallery were hacked until today.

NSFW post title

This same shit happened to me a few years ago, but was on my http://www.twisted-society.com name, and had different content at that time. (Which content doesn’t really matter persay.)

Also, the ones or “group” doing the hacking before, were called a different name or whatever. But this one calls himself the “Destroyer”! I’m sure he (or they) didn’t make entry through WordPress because I have been getting alot of hits to the gallery, with ppl using Arabian, Turkish or whatever usernames and always was trying to upload files or file types with odd endings.

I haven’t been over there in the gallery maybe the past month or so, but just from this months incoming hits, here are some links that had many hits.

(Please note: The following files and directories are deleted now.)

34 hits:
http://www.vindictivebastard.net/loverzlane/albums/userpics/tools.php.rar

32 hits:
http://www.vindictivebastard.net/loverzlane/forgot_passwd.php

5 hits:
http://www.twisted-society.com/loverzlane/db_input.php

60 hits:
http://www.vindictivebastard.net/loverzlane/upload.php

133 hits:
http://www.vindictivebastard.net/mainsite/images/tools.php.rar

I’m not sure what the (tools.php.rar) crap is all about, but either way..I was hacked. And just forwarning you ppls to make COMPLETE BACKUPS OF EVERYTHING DAILY!

They might not enter or target the WP blogs persay, but will might another way…my site was the last listed as hacked for 02/06/2006 and just on the 7th, he has hacked 14 other sites.

http://www.zone-h.org/defacements/filter/filter_defacer=Destroyer
http://www.zone-h.org/en/defacements/view/id=3314643/
http://www.zone-h.org/defacements/mirror/id=3314643/

spencerp

Viewing 6 replies - 1 through 6 (of 6 total)

waraxe
(@waraxe)

18 years, 2 months ago

Wow. He’s a busy boy. He even got Charisma Carpenter… that dog! 🙂 He’s gotta have a bot spidering to find directories with vulnerable permission settings… where he can upload some nasty code and execute it right on your system.

Do you remember what your loverzlane folders were set at for Unix permissions?

Thread Starter spencerp
(@spencerp)

18 years, 2 months ago

WarAxe, my host has the folders automatically set for 755 I think, well…all the main folders on an install. And I don’t think I changed them since. I even did an upgrade on that coppermine probably a month or so ago…but my luck they released a newer version after that.

Which really I was even thinking of trashing that gallery anyways, to help save on bandwidth and stuff. I haven’t been uploading “pern” there lately anyways…so maybe this “hacker” bastard helped me speed up the process of getting rid of it all together LOL!

I told my host before about this same issue, and didn’t reply to that email. But they did about normal support issues on the fly..so they must know of it and about it, just don’t know what to do.. :/

I’m also not going to be using Coppermine no more and any other gallery either…it’s sad. But, what can ya do lol..

spencerp

Michael Bishop
(@miklb)

18 years, 2 months ago

you can use flickr

Thread Starter spencerp
(@spencerp)

18 years, 2 months ago

True.. miklb. =) I guess I could then, just at this time, I have a number of things going on however, and just don’t have the time for “gallerys” really. But when I do I have time, I’ll use flickr. =)

Also, forgot to mention in the first thread, that they deleted almost all the “guts” of every WP directory.

The whole inside of wp-admin was gone totally. The wp-content folder was pretty much just gone! The wp-includes folder only had a few folders and files, like they just deleted the main files within the “includes” folder, smilie image folder as well as most of the tinymce stuff.

They left all the main files within the root directory there..so really it was just like doing a basic UPGRADE of WP all over again…and like I said, thank God I had kept a backup of all the wp-content folders, like the plugins, themes and things…and other folders of WP. =) Wheew!

spencerp

fruitfly
(@fruitfly)

18 years, 2 months ago

Had almost the same experience on a site that was running e107 recently (which was partially my fault as I hadn’t kept up with the security patches, though e107 is kinda known for being vulnerable)… and I was therefore quite glad that I keep backups. I keep multiple backups on multiple computers even, and that’s in addition to any backups my host keeps. I’m a paranoid girl.

It only took me about 15 minutes to repair all the damage.

I wish these kiddies would find something more productive to do with their “skillz”. Like creating useful applications. Sheesh.

Thread Starter spencerp
(@spencerp)

18 years, 2 months ago

“I wish these kiddies would find something more productive to do with their “skillz”. Like creating useful applications. Sheesh.”

I feel the same way FruitFly. =) It’s sad really, alot of people out there including those just starting out. Learning this stuff on their own, as well as putting all their time and what not into their sites, because frankly that’s their whole world. And to have someone like a hacker prick bastard go and screw it all up, that’s just out right sickening. =(

I know my site isn’t a productive site, but shit, it’s still something I put my “time” into everyday…as well as tweaking themes, or trying to make stuff so I can learn more indepth WP functions and what not..pisses me off!

Anyway, I guess I better hit the sack..yawwnnn! Just hope by the time I get up and check the site again, it’s not flucked with haha..damn hacker bastards!

spencerp

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Hackers are busy again!!’ is closed to new replies.

Hackers are busy again!!

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics