PDA

View Full Version : My website was hacked!!

tporter
03-06-2003, 04:44 AM
I went to my website today and found a different index.html page titled 'Defaced by Udung'. This was the source code;<html>



<head>

<meta http-equiv="Content-Language" content="en-us">

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">

<meta name="GENERATOR" content="Microsoft FrontPage 4.0">

<meta name="ProgId" content="FrontPage.Editor.Document">

<title>Deface by Udung !</title>

<style>

<!--
a { text-decoration: none; font-family: Verdana; font-size: 8pt; color: #FF6600; margin-top: 0;

margin-bottom: 0 }

BODY {

text-decoration: none; font-family: Verdana; font-size: 8pt; font-weight: bold; margin-top: 0; margin-bottom: 0

SCROLLBAR-FACE-COLOR: #000000;

SCROLLBAR-HIGHLIGHT-COLOR: #000000;

SCROLLBAR-SHADOW-COLOR: #0000000;

SCROLLBAR-3DLIGHT-COLOR:#c0c0c0;

SCROLLBAR-ARROW-COLOR: #c0c0c0;

SCROLLBAR-TRACK-COLOR: #000000;

SCROLLBAR-DARKSHADOW-COLOR: #c0c0c0;

}

-->

</style>

<style fprolloverstyle>A:hover {color: #808080; font-family: Verdana; font-size: 8pt}

</style>
<script language="JavaScript">

<!--

var popup="Ooopss...!! by udung";

function noway(go) {

if (document.all) {

if (event.button == 2) {

alert(popup);

return false;

}

}

if (document.layers) {

if (go.which == 3) {

alert(popup);

return false;

}

}

}

if (document.layers) {

document.captureEvents(Event.MOUSEDOWN);

}

document.onmousedown=noway;

// --> </script>

</head>



<body BGcolor="black">
<center>
<br><br>
<font color="red" size="10">Udung Was Here !!</font><br><br>
<font color="white">[get another job admin ! or fix this web !!]</font><br><br>
<font color="grey" size="2">
-/- znet crew -/-<br>
-/- Bondil -/- Nthunk -/- Obenk -/- Odong -/- Gin2 -/- Tile -/- kamal -/- <br><br>
-/- maz|kod -|- ce_from_saturn -/- abioez -/- BASI`ABIS -/<br>
-/- Arcoon -/- Icanx -/- Windy (happy honeymoon ! :P lolz) -/- <br>
-/- Rhiaw -/- Ikaw -/- Tinceu -/- s3nd4lj3p1t -/- BeAsTie_BoYs -/-<br>
-/- Robby -/- Onyeet^__^ -/- OzOw -/- Mali -/- IGGO -/- etc -/-<br>
-/- All My Friends Who Know Me !! -/-<br>
-/- #wew -/- #dago34 -/-</font><br><br><br>
<font color="gray">support by : warung nasi bu may and warung pak Djawa !!</font>
<br><br><br><font color="red" size="10">
<b>Missed My Son !!</b>
</font><br><br><br>
<font color="gray">by udung</font>
</center>
</body>

</html><!-- text below generated by server. PLEASE REMOVE --><!-- Counter/Statistics data collection code --><script language="JavaScript" src="http://domainpending.com/js_source/geov2.js"></script><script language="javascript">geovisit();</script><noscript><img src="http://visit.webhosting.yahoo.com/visit.gif?us1046794863" alt="setstats" border="0" width="1" height="1"></noscript>
<IMG SRC="http://geo.yahoo.com/serv?s=46709683&t=1046794863" ALT=1 WIDTH=1 HEIGHT=1>


How could this happen!!?? I am not very impressed. I would like to know what will be done to stop it from happening again - and yes I have re-uploaded my index page and submitted a trouble ticket.

Troy
don5408
03-06-2003, 06:30 AM
"My website was hacked!! I went to my website today and found a different index.html page titled 'Defaced by Udung'."

Hi, Troy. Unfortunately you are not alone, a number of HR customers on host42 had their index pages 'Deface by Udung' or otherwize hacked. For more see this thread (http://forums.hostrocket.com/showthread.php?s=&threadid=10999).

"How could this happen!!??"

As is explained in that thread apparently someone was able to briefly exploit a flaw in the guestbook script which is included with the cPanel package HR uses for their Control Panel and as a result the individual was able to change the index pages on a few accounts. According to HR they have plugged the security hole which made this unfortunate occurrance possible.

Don
vanselus
12-30-2003, 04:25 AM
Yeah, but what a fun story! I bet that was an exciting day for you.

Disclaimer: Bite Footwear does not condone hacking nor hackers or hackerz. Eat hot dogs.
rguill
12-30-2003, 09:59 AM
I was suspended a couple weeks ago for having an unauthorized file (a psybnc to be exact) which I did not upload. I bet this hacker is who put it there!!
uhsites
01-01-2004, 02:56 AM
Geez, what does HR do to prevent that from happening?
And is there any way to tell if you're at risk from being hacked?
KLH
01-01-2004, 03:54 AM
One good way to prevent hacking is to use a secure password.

As I was once taught in a Cisco class, the best passwords are non alpha numeric passwords.

An example would be %(!#~=>.%)#>@#%) just because it would be almost impossible to crack.


Also stuff like not using the same password for more than one thing. I use to run a game server, and people would always use the same password for everything, and if I wasn't so nice, I could hijack just about anything I wanted from them (e-mail, ICQ, game account, web accounts) just becuase so many people used the same password for everything..
uhsites
01-01-2004, 04:05 AM
Yeah, I always use different passwords for different things.... so much that I sometimes forget them. :-)

Do many places allow non-alpha numeric passwords?


Oh, and where did you get that big brother sig?
KLH
01-01-2004, 04:36 AM
Originally posted by uhsites

Do many places allow non-alpha numeric passwords?
I really don't know. I do know that Cisco Routers allow them to secure the settings of the router, and they recommend that you use them.

Originally posted by uhsites

Oh, and where did you get that big brother sig?

http://www.danasoft.com
But their service has changed since I signed up.
y6y6y6
01-01-2004, 01:02 PM
Unfortunately, even if your password is secure there is a good chance another user on the server will have a weak one. That doesn't mean a hacker would automatically be able to mess with everyone's account. But it would have to make it easier.