personal website hacked

domi

The Living Force
FOTCM Member
Hi all,

My personal website was hacked by the same people that hacked experts.microsoft.fr recently:
http://news.com.com/French+Microsoft+Web+site+hacked/2100-7349_3-6085589.html

I was wondering if anybody else using this forum has had a website hacked and defaced?

Thanks,
Dominique
 
Ah sorry to hear that.

I suppose it was easy to fix the problem ?

I did not get hacked but I did receive weird spam email for a while from pseudo american military who asked me to help to remove gold and money from Irak.
 
Tigersoap said:
I did not get hacked but I did receive weird spam email for a while from pseudo american military who asked me to help to remove gold and money from Irak.
I hope you reported them to the 'authorities'. I can just imagine the problem psyops would have trying to explain how they were trying to trick you into doing something illegal. It makes them look a silly (not to mention psychopathic) when they get 'caught out'...
 
O i get that scam all the time, just delete them now. most often its the "Im so and so's distance relative who was in a terrible car accident in africa, your name is similiar to theirs and will allow us to move funds out to you totalling x million dollars" blah blah blah. Stupid scams.

My Livejournal and myspace seem fine... i don't have a personal website per se..
 
domivr said:
Hi all,

My personal website was hacked by the same people that hacked experts.microsoft.fr recently:
http://news.com.com/French+Microsoft+Web+site+hacked/2100-7349_3-6085589.html

I was wondering if anybody else using this forum has had a website hacked and defaced?

Thanks,
Dominique
Wow. Usually hackers like that don't bother unless they're being paid by someone or if it's a highly visible site or you piss them off. But pissing them off is hard to do, if you don't move in their circles.

What http server were you running? Apache? IIS? If you were running Microsoft, you were being naughty.
 
Ruth said:
Tigersoap said:
I did not get hacked but I did receive weird spam email for a while from pseudo american military who asked me to help to remove gold and money from Irak.
I hope you reported them to the 'authorities'. I can just imagine the problem psyops would have trying to explain how they were trying to trick you into doing something illegal. It makes them look a silly (not to mention psychopathic) when they get 'caught out'...
It can't hurt, I guess. But the FBI is going to want to see at least $5000 in losses before they'll even talk to you. The local authorities will say it's an interstate matter, and should be taken to the FBI.

For the little guy, we live in a state closer to anarchy than most people realize.
 
Tigersoap said:
Ah sorry to hear that.

I suppose it was easy to fix the problem ?
Yes, it was only a defacement. So basically I removed the bogus index.* and default.* files that were placed on the webserver.

John Chang said:
Wow. Usually hackers like that don't bother unless they're being paid by someone or if it's a highly visible site or you piss them off. But pissing them off is hard to do, if you don't move in their circles.
I really don't know what the reason is. I've only had this particular domain name for a short while and just recently moved to a new server since the old one was flaky and the ISP had no idea how to fix it.

After looking into it some more it does seem to be a sport for some hackers to deface websites.

This following link lists the work of the (supposed) hacker who did this:
http://www.zone-h.org/component/option,com_attacks/Itemid,43/filter,1/filter_defacer,Ejder/page,1

What http server were you running? Apache? IIS? If you were running Microsoft, you were being naughty.
I was being very naughty (W2003/IIS).
This is what my ISP had to say:
my ISP said:
These kinds of attacks are usually preplanned and come under the disguise of 'Turkish Hacker'
(such and such) however that part is hardly ever true. After examining log files (since we've
had two similar incidents in the past) we can determine the exact identity of the party
involved. Twice in the past it has been our competitors attempting to stain our brand name,
which they will obviously not succeed at with such childish scripted attacks. In this case
since the pattern is the same as last time we're assuming it's the same case however we will
be 100% sure after examining our log files.
 
domivr said:
Yes, it was only a defacement. So basically I removed the bogus index.* and default.* files that were placed on the webserver.
Is it your box or the ISP's box? Not to get too paranoid (although that's soo easy to do), but once a box is compromised, it should be wiped clean and reinstalled. You don't know whether any keystroke loggers or spam email servers or DDOS clients were installed on the sly.

If it's the ISP's box, well, it's their problem, as long as your data is backed up.

Yeah, I think the ISP has the right answer - it was some script kiddie trolling for easy targets. But you never know who might have been influencing the script kiddie, or feeding suggestions to him/her if you know what I mean.
 
Back
Top Bottom