Our website has been hacked...
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Our website has been hacked...

  1. #1
    Junior Member
    Join Date
    Jan 2005
    Posts
    4

    Our website has been hacked...

    Hey. This is Ian from www.watermanstudios.com.

    Waterman is an online flash cartoon which has been around for a while now. But recently, it seems hackers have gotten into the website. At first, it was brazilian hackers who came in and defaced the main page, and deleted the content pages. Now however, they have damaged our administration over the blog, and have posted 99 comments flaming waterman. We have no idea why we were attacked, and I would like to know if there would be any way to either STOP them, or report them for this.... we're thinking of overhauling the website, as there is a lot of old php sitting around... any suggestions on what to do?

  2. #2
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171
    If you've been hacked...and if you know who hacked you...and it sounds like you do...report them to their ISP and the local police agency that investigates internet crimes. And if your website is old as you say...it would be wise to update it and fill those holes that let hackers in.

    I'm sure other people here could help you more than me...but that's the best advice I can give at this point.

  3. #3
    Senior Member
    Join Date
    Jan 2005
    Posts
    128
    Could you post us some information about the services your running ?

    If your running prebundled software (phpnuke/bb/etc) and not keeping it up to date, then your as good as dead.

    If you've coded the website yourself, perhaps a security check of the code you used ? if its in php, then theres some GREAT tutorials on how to fix php security flaws

    Also, it COULD just be because your server was hacked, and as a result, they got access to your website. In that case, there was nothing you could do
    http://sfx-images.mozilla.org/affili...88x31/take.gif
    If You\'ve Done Something Right. People Wont Know You\'ve Done Anything At All - God (futurama)

  4. #4
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103

    Re: Our website has been hacked...

    Originally posted here by SuburbanNinja
    (...) We have no idea why we were attacked (...)
    Probably just because someone found a way. Most hacks don't have an explisit reason to hack any one particular site - they try to hack a site to leave a mark, just to show off. If you're interested in motivation: there is an old (but still valid) paper by JP (founder of AntiOnline) that goes in depth of the motivations of hackers. I'm unable to find it right now. Link, someone?

    Originally posted here by SuburbanNinja
    (...) I would like to know if there would be any way to either STOP them (...)
    There's not just one good advice that someone can give you, other than check the code you use. Check your own code and third party code for vulnerabilities. I'm not very familiar with Movable Type, but you seem to be running an older version (3.121) when a newer version (3.15) is available. That version is a bugfix release. I'm not sure what bugs though. You might find other products you use out of date as well. Start securing your site by updating those packages.

    <edit>I found that link I mentioned. It's here</edit>
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  5. #5
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    A quick glance at the Movable Type homepage shows that version 3.14 fixes some spamrelated issues, something that seems to be part of your problem as well. Might be worth to look into.
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  6. #6
    Junior Member
    Join Date
    Jan 2005
    Posts
    4
    Okay...well thing is, I wouldn't be having so much trouble, but there have been many webmasters in the past... messy ones. The first thing that got hacked were the message boards, which are invision power board.. and then they continued to delete/deface etc.. but it seems as if they haven't gone outside of the public html folder. Is it possible that his webmail etc that is outside of that folder are safe? Again, sorry for not giving too much information.. and thanks a lot for the help so far.

  7. #7
    Senior Member
    Join Date
    Mar 2003
    Posts
    452

    Re: Our website has been hacked...

    Originally posted here by SuburbanNinja
    At first, it was brazilian hackers who came in and defaced the main page, and deleted the content pages.
    By any chance, were the Brazilian hackers part of Data Chaos?


    PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  8. #8
    Junior Member
    Join Date
    Jan 2005
    Posts
    4
    Ahm.. not sure about that, didn't write down their manifesto. But it seems that they are claiming this guy who used to post on the forums as responsable.. but it seems really obvious and I'm thinking it might be a frameup. Also, those links in the comment spam link to other flash toon sites... it's really hard to tell what's going on. But.. say they got in through the forums... what would I have to do to replace the damage? I trashed the forums, and just replaced them with Phpbb2..

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Ninja:

    Looking at this thread I have to say that you don't have an "approach" to this situation do you?

    Determining what happened, when, where and how is called computer forensics. Like forensics in the real world it is a very disciplined science. In fact, it is a more disciplined science than traditional forensics because the legal "specifications" have not been determined and, more importantly, by the nature of current operating systems, the slightest action or lack of pre-planning, can reduce your chance of finding out those details impossible.

    It seems to me that in this situation there was no pre-planning leaving you with no, or limited, log files.... There may have been no policy to update the software in a timely fashion and, certainly, no effort to preserve any evidence that might help you determine what happened.

    While you seem to 'feel' that nothing occured outside the public folder you have no idea of that really. The painful truth is that the box needs to be brought down, formatted and recreated from trusted media.

    That's the truth of the situation..... As an aside.... that might be relevant to you deciding what really happened I will say the following.....

    You claim that the start of the problems was the Brazilians.... Hardly a stretch, they get into everything.... However, since in some way, you seem to have had some kind of contact with them where they are claiming it was someone "who used to post" is beyond belief.... The person who cracked your site is someone who posted to your site and was pissed about something. When they exploited it they used copied defacements to place the blame somewhere else _or_ the brazilians did the original deed and this user found and exploited their back door. The person who is "claiming" that it's another user is most probably the attacker....

    Since you clearly have a situation that is now beyond your control my advice above stands.... Failing that, get another host for your site.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    ********** |ceWriterguy
    Join Date
    Aug 2004
    Posts
    1,608

    2+2

    But it seems that they are claiming this guy who used to post on the forums as responsable..
    Originally posted by SuburbanNinja

    You claim that the start of the problems was the Brazilians.... Hardly a stretch, they get into everything.... However, since in some way, you seem to have had some kind of contact with them where they are claiming it was someone "who used to post" is beyond belief.... The person who cracked your site is someone who posted to your site and was pissed about something.
    Originally posted by Tiger Shark

    Ok, let's do a bit of elementary checking based on the typical forums.

    1. To post to a forum, you have to register - at the very least name and email address.

    2. Usually the forum verifies the email address by sending a link to it - given you've stated that your site has had several webmasters, some quite messy, we'll assume yours didn't so that's out.

    3. You have their IP address.

    Ok, let's add all that together - you have an IP which by using a whois will tell you what ISP the guy's using (unless he's in a proxy, which somehow I doubt he did each and every time he posted to your forum), you have his 'handle' from your forum, and with it somewhere in your logs a copy of each IP address he used, you may or may not have a good name and email address for him (assuming that he didn't intend to hack your site when he first registered, at least one of these is probably correct info).

    Nail his Ass to the wall! Contact his ISP, tell them what he's done and how you found him.

    Hope that helped.
    Even a broken watch is correct twice a day.

    Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •