We've Been Hacked !
Page 1 of 6 123 ... LastLast
Results 1 to 10 of 56

Thread: We've Been Hacked !

  1. #1

    Angry We've Been Hacked !

    Hi everyone

    Today our site has been hacked !!! All pages were deleted from our server and instead we got another index page of which i'll post the source file below.

    I thought the site was pretty "secure"...non of the folders are chmod 777 for instance, we have htaccess files and password protected files....so, other than reporting and showing the source of this EVIL attempt, i'd like to ask what we can do to prevent this ?

    <html>
    <head>
    <title>xfree team . defaces . c2r</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    </head>

    <body bgcolor="#C8C2C2" scroll="no" text="#CCCCCC" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
    <table width="100%" height="100%" border="0" cellpadding="0" cellspacing="0">
    <tr>
    <td><p align="center"><img src="http://www.albieri.net/xfree/xfree2.jpg" width="500" height="379" align="absmiddle"></p>
    <p align="center"><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#663300">Need Help ? </font><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FFFFFF">
    <font color="#0000FF">-</font> <font color="#F40606">c2r@xfree-defaces.net</font><br>
    <font color="#663300">Xfree Team .. Defaced By <font color="#010101"><strong>c2r</strong></font>!<br>
    We Are: <font color="#CC3300"><font color="#663300"><font color="#CC3300"><b><font color="#1B1213">c2r</font></b></font></font><font color="#0000FF">,</font> Mr_W4r<font color="#0000FF">,</font> ph0enix<font color="#0000FF">,</font>
    Silvertape <font color="#0000FF">and</font> Squid; <br>
    <font color="#663300">Contact:</font></font></font></font> <font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FFFFFF"><font color="#FF0000">irc.chatnet.com.br<font color="#0000FF">/</font>irc.brasnet.org - #XFREE
    </td>
    </tr>
    </table>
    </body>
    </html>

    thanks in advance

  2. #2
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038

    More Information

    metaliana,

    Can you give us some more information about the OS of the server?

    It might also be worth it to contact http://www.albieri.net/ because the graphic http://www.albieri.net/xfree/xfree2.jpg appeared on your website.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  3. #3
    Junior Member
    Join Date
    Oct 2002
    Posts
    7
    in order to stop them, you would first have to know how they did it. just making sure that no folders are chmod 777 isn't security. Do you own this box, or is it hosted by a company? Did you have any web apps running that might be vulnerable? Did you program any of those apps yourself? Maybe your code needs a little work. I could be any number of things.
    If this site is hosted by a company, I suggest you get a new company first (assuming it wasn't a bug in some web app)

  4. #4
    Yes , CXGJarrod

    i've already contacted the owner of the site the picture is stored on, maybe they dont know their site is being used for illegal practices...

    our servers' info :

    Server Software: Apache/1.3.27 (Unix)
    Operating System: Linux 2.4.20-grsec

  5. #5
    to khabi :

    running apps?.... well, i suppose we have plenty of those....

    a mailinglist, a BB, a gallery with send postcard function, a voting system ....

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Zone-h's web site indicates a dozen or so similar defacements by this group in the last 24 hours. (Zone-h's website seems to have ground to a halt right now), but I did notice the same graphic on one defacement and the fact that all the systems I looked at were Linux hosting with Apache which I see you say you are running. Looking at their "logo" it seems they are a Brazilian group which isn;t uncommon nowadays. Unfortunately there is no indication of their route inbound to these sites.... at least not during the short time I could get to zone-h.

    [Edit]

    Think you will have a job prosecuting..... This mob have been around for a while. Zone-h shows this for their activity.... and there's lots of it......

    [/Edit]

  7. #7
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    Get a copy of all your logs and start checking them. See if the attackers left their footprints or cleaned up after themselves. Before you change/touch anything get a dd copy of the entire machine. If you plan to prosecute you may want to contact someone who can properly handle the chain of evidence. Contact you ISP about providing you logs with recent connections to your IP.


    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  8. #8
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by Tiger Shark
    Zone-h's web site indicates a dozen or so similar defacements by this group in the last 24 hours. (Zone-h's website seems to have ground to a halt right now), but I did notice the same graphic on one defacement and the fact that all the systems I looked at were Linux hosting with Apache which I see you say you are running. Looking at their "logo" it seems they are a Brazilian group which isn;t uncommon nowadays. Unfortunately there is no indication of their route inbound to these sites.... at least not during the short time I could get to zone-h.
    I am not sure if this link is going to work, but here is a link @ Zone-H of all the attacks from this group.

    http://www.zone-h.org/en/defacements...e+Team/page=1/

    It looks (like tiger said) their hack of choice is Apache & Linux and they seem to do alot of mass defacements, which leads me to believe the are targeting web hosts.

    Cheers:
    DjM

  9. #9
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050
    Well if they are Brazilian i dont think there is much you can do. Correct me if i am wrong but i dont think Brazil has laws on breaking in to sytems please some one correct me if i am wrong
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  10. #10
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    You might want to upgrade your version of apache to the latest version. (2.0.48 and 1.3.29)
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •