Fucking Hacker Cunts
 

Some fucker hacked my website and deleted the whole fucking website, fucking hacker scumbags, This is total bullshit, so anybody who has links to my site, it will be back up within 24 hours

ouch.... nice directory :X

If people would secure their shit...

Lets start by setting

Options -Indexes

Ok so please help me out here with security issues as i am a noob at this game and any security help would really be apreciated

that sucks, hope you get it fixed!

yea how do you secure shit?

Thanks, I do regular backups and so does the server, its just so bloody annoying , and inconvenient

black hackers?

what do you mean by black hackers?

hackers suck. if you're a hacker reading this, I didn't mean that. please leave my shit alone.

1st thing upload and INDEX page to your site!

:1orglaugh:1orglaugh

that sucks man hopefully youll get everything up quick.

Thanks im doing that now

Ditch the virtual server and get a decent managed dedicated.

wish i could but i cant afford that I have only had the website on the net for just over 4 months and I have only just started making a few pennies out of it, then all this shit happens

Thanks, should all be up and running again within 24 hours , I have found all sorts of strange files in my public_hml directory, lol and they changed all the directory and file permissions

where are you hosting that site?

Hi its on hostgator..Why?

What was exploited in this "hack"?

They deleted the whole website, I have only uploaded the index at the moment, The server host is doing the reinstall as they have the most recent backup of the website

Bad times man...

Found some pretty weird files in my public html folder

these are some of the names

.zshrc
.canna

funny :)

one of them had all this funny chinese writing in them lol

You's g0t di h4x0r3d

[QUOTE=Spotter_03;13011354]You's g0t di h4x0r3d

:1orglaugh:1orglaugh

I cannot fault hostgator they have reinstalled evrey thing and done it real quick, really great support from them:thumbsup

Good to know :thumbsup!

Thought i would just say a thankyou to hostgator for their great support and change my sig..and maybe get other peeps to sign up :)

Dude, unless you have some bad cgi scripts you installed then it's totaly your hosting companies falut. The hackers most likely got in because you had a weak password or you have an old version of SSH installed on the server.

Your host should detect the attempts at your password and shut login down and they should have the lastest SSH installed.

I think a lot of it was my fault, I was messing about with some cgi scripts, one which was yours:) and i had changed some of the directory and file perrmissions, so I guess this made it much more easyier to hack the site

(not your scripts fault btw its was my stupidity i guess)

Damn dude, you never ran the script so it can't be hacked.:1orglaugh

Hackers can't do anything with bad file permissions unless they are actually on your server already.

File permissions stop other accounts on your server from writing to your files.
And if your server is partioned to private virtual account that shit don't even matter because nobody can even get a path to your account to even attempt to write.

FACT: If you have to chmod to keep others from writing to your files then your hosting is SHIT!!

But hey, you will not listen...so good luck.

Ok i also recieved this from the tech guys "but keep in mind if your scripts have SQL injection or other vulnerabilities this isn't something we can really actively scan for. You'll need to keep any scripts and/or CMS systems you have installed updated to the latest versions"
also I was playing with another script which i did install and ran what I said was it had nothing to do with your script..unless you cant read, I also said that it was most probally my stupidy for leaving the directories/files vunrable

They are right.
A lot of open source scripts ( Wordpress,joomla,etc...) have holes that hackers use to either change your front page or delete your site.
Keep your scipts up-to-date and lower as much as possible the permission of your folders.

man that sucks.

Thank you. The script which i installed was nothing to do with the cgi tube, it was a topsite script, and as sortie stated i could not install his script as it gave me an internal server error and because i was mesing about with scripts I was changing directory perrmissions and did not put them back so this just makes it all the more easeir for some one to do what they did

Haha do you want to know what is funny about this, because pornpf69 sugested i upload my index page before the website was reinstalled I got a signup from my index page, :1orglaugh nothing big, but it was a signup, suppose it was because the users had nowhere else to go on the website but the index page, so after all this crap it actually turned out not so bad, maybe this is the way to go a one page website.....:)

Thanks guys for your help

hey man what about to leave internet and bake some cookies? ;)

Clueless. Refrain from giving advices on these matters.

Hackers can do plenty if you are publicly serving world writable directories and files through your webserver. No shell access needed.

Note to self: stay the fuck away from TubeCGI... the guy who made it knows absolutely nothing about computers.

Ok, please explain how a hacker who cannot get in thru SSH or a script or a server port can write to any directory.

I would like to know this.

Didn't the wordpress hacks etc... all involve the script accepting data from an html page and then executing it, which is a no-no. They fixed that issue as soon as they realized the mistake.

I'm serious, please explain. I'm not being sarcastic. If you have this information then please share it so people can protect themselves.

Yeah, they can do plenty without shell access but doesn't it mostly involve feeding something to a script that executed it and they gain access that way.

They could flood the old version of SSH and cause integer overflow which allowed them server access without a password.

What have you seen that was different then that?

I mean, if you know then don't keep it a secret and let us all get hacked.

http://resources.bravenet.com/articl...php_script s/


Have a good day.

Hi just an update on what has happened The tech guys sent me this

This appears to be telnet script which allows the user to remove files. I have disabled these scripts from the cgi-bin and blocked the connecting IP. I am also showing that this user connected to the toplist scripts,
If this script is not being used, I would recommend removing the toplist scripts from your account.

I had an idea it was this stupid topsite script that caused it, the name of the toplist is "Best Top List" so stay away from it it is bad news

BTW The IP address is showing up from Mauritius
Africa but whois is to know that this is their real IP but glad they sorted it :thumbsup

that shit hurts! sucks

It's all about maximum security.

The reason you always set permissions as low as possible is so that, for example, you have some added security against badly written scripts.

Every programmer knows, or should know, that mistakes can and will slip through. By using security at every level, you can prevent those mistakes from becoming disasters.

You use low permissions for the same reason you don't keep unencrypted user passwords in your database: to make sure that if someone manages to slip through, he can do as little as possible.

From your own damn link:

Yeah its a pain in the arse but most of it was my own fault for installing a crappy script in the first place, it has taught me not to use free scripts and from what i saw of the script that was deleteing my pages it was actually looking for files, it had commands like this

'find suid files'
'find config* files'
'find all writable files'
'find all writable directories'
'find all service.pwd files'
'show opened ports'

and a load more, Im not gonna post them all here

Pretty mad but I have learned a good lesson from this, like i would never get hacked, its always somebody else, and anyway why would someone hack a small site like mine so just watch what scripts you install