We've Been Hacked !

Printable View

Show 40 post(s) from this thread on one page

November 24th, 2003, 09:35 PM
khabi

A few things you might want to consider. I noticed you sold merchindise on the site that has you pay by transfering money into that account number specified. Double check that number to be safe, make sure it hasn't been changed. Also when looking at the other sites that group has defaced many of them seem to be running the same kind of services you do. IE forum, postcard. Make sure you have the latest version of that software and apply any patches you might need. I look at the version of phpbb you're running and it currently has exploits available. I didn't go indepth to see what they were, but there are there. Wether or not its relevent to this defacement, you should update them anyways =)
November 24th, 2003, 09:40 PM
metaliana

Quote:

Originally posted here by DjM
Then I suggest you look into possibly bring a contractor to help you secure your systems.

We aren't suggesting you move away from apache, only that you install / upgrade to the latest version. As new versions come out, problems in the old versions are addressed & fixed.

I think you may have mentioned it, but what version of Linux are you running?

Cheers:

"I", am NOT running any Linux or Apache, my SERVER is running Linux 2.4.20-grsec / Apache/1.3.27 (Unix)

so, i'll ask again, how can "I" upgrade it then? can i just upload a newer version to our webspace and the server will take over?
November 24th, 2003, 09:43 PM
metaliana

Quote:

Originally posted here by khabi
A few things you might want to consider. I noticed you sold merchindise on the site that has you pay by transfering money into that account number specified. Double check that number to be safe, make sure it hasn't been changed. Also when looking at the other sites that group has defaced many of them seem to be running the same kind of services you do. IE forum, postcard. Make sure you have the latest version of that software and apply any patches you might need. I look at the version of phpbb you're running and it currently has exploits available. I didn't go indepth to see what they were, but there are there. Wether or not its relevent to this defacement, you should update them anyways =)

Okay, this is useful information, THANK YOU ! :)
November 24th, 2003, 09:44 PM
jenjen

Re: More Information

Quote:

Originally posted here by CXGJarrod
metaliana,

It might also be worth it to contact http://www.albieri.net/ because the graphic http://www.albieri.net/xfree/xfree2.jpg appeared on your website.

Just from my observation, contacting albieri.net is only likely to get a chuckle out of them.
I think it's their site.. [email protected] is just one of the gang.. see this(hacked) site..
http://www.directoryofezines.com/tycoon/

Quote:

Xfree Team OwnZ y0u - We Are: Anderson, Mr_W4r, ph0enix, Silvertape and Squid;
;
Contact us #xfree at irc.chatnet.com.br

There's not much anyone can do to them unless you know someone in high places in Brazil.

If someone you know understands portuguese, then maybe sitting in on their IRC channel would reveal a bit more info on what they're up to.

(also on the other irc channel.. irc.brasnet.org - #XFREE)

edit : another hacked site shows a few more members of the team and another IRC channel http://www.blue-eagle.nl/getaforum/
We Are: Anderson, Bobx, boy, Ph0eNiX, Silvertape and Squid..#xfree at irc.warweb.net
November 24th, 2003, 09:47 PM
Tiger Shark

Metal: Sorry, I misread your question as a statement..... My bad......

You need to check every log you have looking for something out of the ordinary, it's not something we can say "look for this" or "look for that" because we don't know what you have and what you log.

In future I would recommend turning on logging for everything that is accessible from the net.

As far as "upgrading" is concerned what we are recommending is that if you are running say Apache 1.0 and you go to the official Apache website and it says the newest version is 2.3.2 then download it and install it. Also, on thier site they may have a place security updates/patches, (it'll probably be under support). Download and install all of these patches after you upgrade the system itself. Do the same for all software you use to provide services to the internet. Then make a point of checking for updates regularly or, better yet, get on a mailing list from the vendor that warns you of new updates and patches and implement them as soon as you are made aware of them. That's just a good security practice.

Remember: Computer security is a daily changing beast.... What is good today may not be good by the time you wake up tomorrow......
November 24th, 2003, 09:49 PM
khabi

Quote:

Originally posted here by metaliana
"I", am NOT running any Linux or Apache, my SERVER is running Linux 2.4.20-grsec / Apache/1.3.27 (Unix)

so, i'll ask again, how can "I" upgrade it then? can i just upload a newer version to our webspace and the server will take over?

most likely you wouldn't be able to do it. You would have to have the server admin do it. Also, I would ask him for the output from a vulurability scanner such as retina or nessus. Especially, if you're paying him money to host your site. He SHOULD be up to date on all of this stuff. if he isn't its time for a new hosting company.
November 24th, 2003, 09:58 PM
Tiger Shark

As a Wild Assed Guess this might be the answer to your problem..... Funny how they come out with a new release just as there are so many Linux/Apache combinations being defaced.....

And now it is clear that someone else owns the server other than you I would call them up and have them upgrade their systems regularly otherwise I would take my business elsewhere - regardless of the cost. It does your reputation no good at all if your pages start becoming filled with fukz and gr33tz every time I visit.... And that will cost you more in the long run.
November 24th, 2003, 09:59 PM
metaliana

Quote:

Originally posted here by khabi
most likely you wouldn't be able to do it. You would have to have the server admin do it. Also, I would ask him for the output from a vulurability scanner such as retina or nessus. Especially, if you're paying him money to host your site. He SHOULD be up to date on all of this stuff. if he isn't its time for a new hosting company.

THANK YOU ! now the "host", is one of the biggest companies in Germany, and yes, we're paying enough for it... we reported the "hack" attempt, and i hope they'll take action and do what's needed.

I on my end, will surely check out those exploits someone mentioned earlier... i hope they come with some instruction on what i gotta do with it, cuz i have no idea what it is really :confused:
November 24th, 2003, 10:00 PM
DjM

Tiger, I think you and I are running down the wrong path here, I don't think this guy has very much control over this server I think his website is being hosted, if that's the case then khabi has hit the nail on the head.

Quote:

He SHOULD be up to date on all of this stuff. if he isn't its time for a new hosting company.

Cheers:
November 24th, 2003, 10:02 PM
Tiger Shark

DjM: Yeah.... I got it now..... The old brain cell is under pressure..... ;)

Show 40 post(s) from this thread on one page