Topic: Hacked again..

[goldshirt*9]

doesn't take alot these days to piss off Anonymous.
The standards of the hacker today have certainly dropped

[smokester]

These days it seems to be all about "phishing". We have never had a hack from a bored, probably spotty, teen trying to hone his skills, nor have WikiLeaks made any attempt to out us.  What does happen every time one of my sites are hacked, is that bogus phishing pages and files are added in an attempt to defraud someone.

It's pretty futile to as these files are almost immediately picked up and either quarantined or the site disabled.

[8ullfrog]

Have you ever considered kicking off a new week/month/year by completely firebombing the database and starting from scratch? I always thought the demonoid fora could be improved by a short exposure to a black hole.

[smokester]

The database is never touched.  What they seem to do is find a vulnerability that gets them FTP access and then they upload the files. 

There was one hack when all the index pages (SMF has a lot of them) had the code altered with a redirect script, but as some of the index pages were remote and only called back the main index, I presume this was also an automatic hack that just searched and altered all instances that it found.

[8ullfrog]

Any idea what makes them target this site specifically?

[smokester]

Any idea what makes them target this site specifically?

I would guess that in part it may be the SMF installation as few, if any, versions have been bulletproof. It could also be that on paper it looks like we have a lot of traffic so if you are going to go phishing, you will need the phish. Lastly, you have to consider that dweez is a hacker-magnet.  He had signed up to be a chick-magnet but the ink ran.

[dweez]

Dang!



It's probably an automated thing.  Hacker runs a script and plugs in a range of IP addresses then walks away.  Script checks each IP to see if it's vulnerable to any of a number of exploits.  Script reports back to hacker, either when the scan is complete or as each vulnerable IP/server is found to let him/her know what it's vulnerable to.

The smart hackers do what's called a "slow scan".  It takes much longer but can help avoid "threshold" security on the server (server locks out offending IP and/or alerts the server owner if too many malicious looking "hits" occur during a pre-set up timeframe).

[smokester]

I'm confused now: where's the twitching eye?

[smokester]

Sorry all. Had to work and then this one was difficult to remedy once I got home and started on it.

Must eat and bathe and will update later.

[6pairsofshoes]

encore une fois?

[bubu]

Happy you are back 

[brickbatz]

Happy you are back 

\o/

[tarascon]

Thank you for the good work smokester. >bows<

[Discover99]

Happy you are back 

word

[smokester]

encore une fois?

Yep, they were at it again.

Thank you for the good work smokester. >bows<

Thanks tarascon. 

I have taken some additional measures in an attempt to stop this happening again.  I'm not entirely sure why we have had such interest recently when we have gone years without a squeak. 

Keeps it interesting I suppose.