Our sites hacked/attacked?? - Web Sites for Christmas and building them. Read Only. No more posting. - PlanetChristmas! Forums. Read Only. We've moved to http://talk.planetchristmas.com - The Forums of PlanetChristmas have moved to http://talk.PlanetChristmas.com
I just now see that Donald Landru's new Christmas website has been hacked/attacked so it may be a good idea for everyone to check their site(s). Yikes!!!
Callie aka Snow`Star
Last edited on Friday June 16th, 2006 05:53 am by Snow`Star
It could be any of the things you mention. It's all just part of the "Silent War" being perpetrated behind the scenes in cyberspace with hacks/cracks, DDOS attacks, trojans, worms, virii, malware, exploits, etc.
It gets more malicious and frightening with each passing day. Just see what recently happened to the PC blogs server.
Callie aka Snow`Star
Last edited on Saturday June 17th, 2006 12:47 pm by Snow`Star
Looks like he programmed his site using a free utility called PHP Nuke. It's a content management system that allows people to quickly build and maintain a web site.
I don't use it, so I can't speak to the security of it. It's possible he's using an older version with a flaw that has been corrected in older versions. Maybe he didn't change a default password. It could also be a bug in PHP or MySQL, and his host provider hasn't updated to a newer version.
I took a quick look, and it doesn't strike me as something that was targeted at him, per se. Just anyone running a particular configuration that has shown to be venerable to hacks.
I would think it is a case of unpatched apache server and probably used some thing simple like a buffer overflow exploit or a secondary app like webdav that was outdated
Snow`Star wrote: I just now see that Donald Landru's new Christmas website has been hacked/attacked so it may be a good idea for everyone to check their site(s). Yikes!!!
I didn't see the "hacked" site or anything but it should be very simple to fix. Just delete all the files and then FTP the original files again. Obviously the password should be changed.
TED
Last edited on Saturday June 24th, 2006 08:37 am by TED
Ted wrote: I didn't see the "hacked" site or anything but it should be very simple to fix. Just delete all the files and then FTP the original files again. Obviously the password should be changed.
Donald uses a content management system to run his web site. It's a mix of PHP and MySQL technologies. He would have to do more than FTP the files online.
Tere are so many ways. Oviously free portal software will leave you open as well as a feedback form not written for local devlivery commands. Make sure you always have the most recent update of any open source code.
The company I work for had one of our sites hacked through our banner software.
Also a GOOD ISP should have apache set-up so that it's not part of any public groups. Not much you can do about this one. But it provides the best security beyond normal updates.
I just seen this thread for the first time and figured I would pipe in and explain exactly what happened to my site.
It was actually a series of events that allowed this to happen.
1) Never use scripts unless you install them yourself I had never used PHP Nuke before (UBB guy myself) but I wanted to take a shortcut and get it setup quick and the webhost offered an automatic install of PHP Nuke. The issue here is their version was out of date and did have a couple of bugs.
end result: Shame on me for not doing research (very rare this happens but it does)
2) Change those passwords regularly. When i signed up for service they had a button that says "Generate Random Password" (I always hit it like 3 or 4 times to get a "well generated" one Well since part of this attack was done by FTP I started looking into how they got in.. Well i went back to the generator page and clicked the button 20 - 30 times copying the password every time coming to find out it was a "random" password but just cycled though a list of 6 - 7 passwords randomly
end result: Shame on me
3) The attack originated from a group in Turkey Unfortunatley from talking to a few other people that have had their sites attacked as well. There are people out there that are Anti-Christmas / Anti-Holiday that pride themselves with this for their "Cause" Sadly enough it is realized that our website can be targets of these groups and individuals.
All is well they were actually able to restore it from a backup and the lead tech actually went back through (database was corrupt) and actually recreated all blog posts which I thought was going the extra mile.. right now I am going to ditch the CMS and go back to my UltraEdit Text editor and either dreamweaver or frontpage.
Lesson learned sometimes its nice to be quick but in the long run in can end up costing you a lot more of a hastle.
I hosted christmasdisplays.net with them about 2 years ago, and had the php nuke installed. Site ran fine for about a month and then it was hacked by russian, anyways.
I belive that php-nuke is easily attacked, due to its wide user base. Anyone can download it and look at the source files for it.
No I was/am using a very secure webhost that I know a co-owner of (gem3.com) and it was mostly lacks on my part making sure everything was updated... You figure I do networking as a side job and have set up a couple 250 - 300 workstation offices and I am always about security... Guess I should follow my own advice.
Donald.Landru wrote: 2) Change those passwords regularly. When i signed up for service they had a button that says "Generate Random Password" (I always hit it like 3 or 4 times to get a "well generated" one Well since part of this attack was done by FTP I started looking into how they got in.. Well i went back to the generator page and clicked the button 20 - 30 times copying the password every time coming to find out it was a "random" password but just cycled though a list of 6 - 7 passwords randomly
end result: Shame on me
If you know one of the owners of this site I hope you let him know how faulty the password generator is! It sounds like this was not so much an issue of changing the password but rather an issue of making sure you use a good password to begin with... In any case it's good to hear that you got it all straitened out. I had wondered about that.
![:]](/images/emoticons/big_grin.gif)