Greenguy's Board

Greenguy's Board (http://www.greenguysboard.com/board/index.php)
-   Newbie Questions (http://www.greenguysboard.com/board/forumdisplay.php?f=5)
-   -   Been hacked warning (http://www.greenguysboard.com/board/showthread.php?t=33484)

samandian 2006-08-07 12:34 AM
Been hacked warning
 
I have just been to look at my traffic and had an entry from the following page:

http://www.zone-h.net/defaced/2006/0...exyethnic.com/ when i click on this i get the message:

Your Security 0wnz By K@YV@NIR@N.

Please Try Again!!
We Will Return Soon
If You Have a Problem Contact Us AnyWhere.

We Are: Black Dragon (DragonDVB) - Red Dragon - Honnibal - Labyrinth
dragondvb AT yahoo DOT com


K@YV@NIR@N IT Security Team!

What should we do about this? Is this for real and if so how do we protect against it?

the ip is from U.A.E.

virgohippy 2006-08-07 03:36 PM
You mean your stats say this is a page you are hosting? Or that this page sent you hits?

If it sent you hits, just ignore it.

I don't think I can help, but if you answer these questions someone else might be able to:

Is "zone-h.net" your domain?
What's your stats program?
Are you running any scripts on your domain? If so, which?

cd34 2006-08-07 04:05 PM
There are two types of exploits where there are defacements like this.

One is an exploit through ftp, so, change your FTP password, etc. This one usually occurs when someone has spyware or a keylogger on their machine that sends this data elsewhere, or has shared the username/password/hostname combo with a software vendor and didn't change it after software was installed.

The other exploit is a web exploit which can come through numerous pieces of software depending on what you were running. Some of the exploits allow remote shell, and if your hosting runs apache in setuid mode (which is an abhorrent security nightmare), files could have been compromised that way.

http://www.greenguysboard.com/board/...ad.php?t=31508

In either case, you need to find out where the exploit happened so that once you do change passwords, etc, it doesn't happen again.

You will need to spend time going over system logs, etc to see where things got changed and then adjust/fix whatever so that it doesn't happen again.

samandian 2006-08-07 11:11 PM
Thanks CD34. I checked with the host, they said there had been a few reports of hacks today. Doesn't look like any damage was done - but a good wake up call as to the importance of changing passwords regularly and backing up all those hours of work elsewhere.


All times are GMT -4. The time now is 07:24 AM.

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
© Greenguy Marketing Inc