EuroHarmony Community Forums
Archive => EuroHarmony VA => Old Forum => Ask EuroHarmony => Topic started by: EHM-1001 Robert on February 22, 2006, 04:37:05 pm
-
Congratulation to a super idiot and his team:
HOOFMAGOOF AND ALL THE GUYS AT #h4cky0u!
our website was hacked and 2 files were harmed, that causes strange behaviours of the forum for example. Soon the original state will be restored.
Sorry for the inconvenience.
-
I've replaced the front pages so the main website is working again for now, and replacing the forum's index page appears to have sorted the forum out to.
-
thanks Murray ma' man...Its people who call this fun that make me angry, and sad for them...
They find fun causing us trouble...its stupid...:@
-
thanks Murray ma' man...Its people who call this fun that make me angry, and sad for them...
They find fun causing us trouble...its stupid... :@
I think that everyone only can agree with you on that Razza. But perhaps we should be thankfull that it looks like only a few files where harmed, and we again can do what we think is fun.
-
I feel I must pass my regards to the MT once again. Obviously this attack took place yesterday and I was online pretty much all day and never noticed a major problem with the exception of a 15 minute period where the Forums were playing up. Many thanks to you for your hard work again.
-
Well it happened again. I would do a major check on your upload scripts like the screenshot library people!
Edit:
I took the liberty to check the forums these guys use to publish their hacks. Check http://www.h4cky0u.org/viewtopic.php?t=8253 for explanation on how they did the ehm site.
-
Well seems like they have great fun in this.....
Can't see the fun in this childish behavior
-
Originally posted by cyriel
I took the liberty to check the forums these guys use to publish their hacks. Check [url]http://www.h4cky0u.org/viewtopic.php?t=8253[/url] for explanation on how they did the ehm site.
Thanks for that Cyriel. Might just lock this tool and his criminal cronie friends out now... I think I got the "upload script" references from his latest "artwork" well enough to put a stop to them straight away, but going by what that page says it may be possible for them to get past my "fix".
Everyone, rest assured the MT team is taking this *very* seriously now (it was "fun" the first time only...). If any sort of prosecutions are possible in this sort of case, they will be considered. We believe we've gotten the initial vector that was used closed, and we are just waiting for new authentication accounts to be issued to the website control software by our hosting company. Then, hopefully, we'll be able to go through the entire site with a fine-toothed comb and clear up the rest of the mess that this idiot and his "friends" have left.
-
Uff....I couldn't imagine since 10 mins ago how many child can use nowadays the pc....do they get a lot of fun from this? :!
-
Well glad to see it's back up for now, lets hope they get bored and go and play elsewhere!
-
Target: www.h4cky0u.org
Date: 02/24/2006 (Friday), 03:15:05
Nodes: 3
Node Data
Node Net Reg IP Address Location Node Name
3 1 1 213.150.45.197 Unknown www.h4cky0u.org
Information related to '213.150.45.192 - 213.150.45.207'
inetnum: 213.150.45.192 - 213.150.45.207
netname: CUST005517
descr: InterXion Denmark ApS
country: DK
admin-c: WTC2-RIPE
tech-c: WTC2-RIPE
status: ASSIGNED PA
mnt-by: TJANTIK-MNT
source: RIPE Filtered
role: WEBPARTNER Technical Contact
address: WEBPARTNER A/S
address: Aarhusgade 88, 5.sal
address: DK-2100 Copenhagen Oe
phone: +45 70 26 23 00
fax-no: +45 70 26 23 01
admin-c: NSG
admin-c: RH128-RIPE
tech-c: NSG
tech-c: RH128-RIPE
mnt-by: TJANTIK-MNT
nic-hdl: WTC2-RIPE
abuse-mailbox: abuse@webpartner.dk
remarks: ************************************************************
remarks: *** In case of abuse, please contact abuse@webpartner.dk ***
remarks: ************************************************************
source: RIPE Filtered
Information related to '213.150.32.0/19AS9167'
route: 213.150.32.0/19
descr: WEBPARTNER A/S
origin: AS9167
mnt-by: TJANTIK-MNT
-
Contact their ISP, and tell them what tey did..
Submitt a complaint to InterPol, and also to FBI Hackerwatch, containg the above info
-
Some more info:
Target: www.h4cky0u.org.com
Date: 02/24/2006 (Friday), 03:27:54
Nodes: 3
Node Data
Node Net Reg IP Address Location Node Name
3 1 1 216.234.246.153 Unknown www.h4cky0u.org.com
Network Data
Network id#: 1
OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 1333 North Stemmons Freeway
Address: Suite 110
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US
NetRange: 216.234.224.0 - 216.234.255.255
CIDR: 216.234.224.0/19
NetName: THEPLANET-BLK-1
NetHandle: NET-216-234-224-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.THEPLANET.COM
NameServer: NS2.THEPLANET.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 1999-08-31
Updated: 2000-10-10
RTechHandle: PP46-ARIN
RTechName: Pathos, Peter
RTechPhone: +1-214-782-7800
RTechEmail: admins@theplanet.com
OrgAbuseHandle: ABUSE271-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-214-782-7802
OrgAbuseEmail: abuse@theplanet.com
OrgNOCHandle: TECHN33-ARIN
OrgNOCName: Technical Support
OrgNOCPhone: +1-214-782-7800
OrgNOCEmail: admins@theplanet.com
OrgTechHandle: TECHN33-ARIN
OrgTechName: Technical Support
OrgTechPhone: +1-214-782-7800
OrgTechEmail: admins@theplanet.com
-
Hi,
The site is up again. We discovered that they were also attacking us via a special file that we had on our servers. This file was removed, so let's hope that now everything is okay.
Also, the ISP provider had a security breach on their shell access (something that not even us have access!) and they are analysing it.
I also discovered how all of this could be possible:
1. The hacker discovered a way to upload files to our server via a special file on the server.
2. The hacker uploaded a C file that had run on the cgi-bin directory, then the file moved to another place that I discovered.
3. This C file opened a breach backdoor on the server via ports 8008 and 8001 for him to have access to the shell.
4. The guy injected some files saying that childish things that we saw, but the intention (yes, he wrote me an email) was not to harm us but to show that our site was vurnerable.
Ok, on the email he gave a link where I could see information on how they got inside our site, but I also got a strange message from a guy that says that he wants revenge on our company :o .
The link is: http://nostur.squareownz.net/index.php?n=modules/forum&a=3&d=10&o=24&q=12 (http://nostur.squareownz.net/index.php?n=modules/forum&a=3&d=10&o=24&q=12)
Regards, and let's hope all of this is solved out.
Bruno.
-
Well then I know whoo was trying to get into my computer to, my firewall detected 37 atempts to gain entrance from an ip within that range.
-
Hey Bruno, you must have fired him in the past! hehehe! Seriously though, it just shows how childish these people are! Although I don't expect he reads the forums, he may just to see what sort of reaction he was getting, so all I will say is "GET A LIFE!" Do something worth while, you may find it more fun!
-
;D It's true Phil. I wrote him an email saying what does he gain with this type of matters.
We know what we loose: A 200 pilot site that is blocked and no one can fly.
Well, now everybody can relax a bit and get back on our regular activity.
I would also thank you all for your true dedication and help to quickly solve this matter. I received dozens of emails from pilots trying to help us, and trying to inform me that we were having problems on the site. To all of you my greatest thank you.
About the hackers, let's give them what they deserve: Indiference.
Regards and thank you one more time.
-
Just as a side note Bruno, I guess the signature banners are down due to the site being hacked. (All the information is missing)
-
And the upload function for screenshots doesn't work either just so you know :)
-
Hmm!
Example I'm a hacker.
Founded security problem on website....
First step, to contact website or system administrator, and present problem.
Next step, after backup database and authorized hacking site demonstarted problem.
continued to... writing to sysadmin the security problem, solving tips and other.
Why not make ways? Why destructions alert security problem? Typical idiotism.
Contact Hacker or Police?
And: SQL database make weekly backup (Pirep, flight hours, etc )?
-
Regarding things not working, while I don't know for sure, I suspect that the passwords to the database have changed. Hence everything that relies on DB access (the sigs, and probably the gallery too) is broken at the moment.
On behalf of Bruno (who will no doubt make all these changes himself) and the rest of the MT, I thank you in advance for your patience while we clear up the mess...
-
Well it seems I'm the fault here and not the website concerning the screenshoots LOL.....
And I'm very patient
-
:@I dont understand y these ppl like to hack websites, especially a VA. On that day,i had just landed at Budapest and was about to send in pirep when this happened.Instead i had to wait 4 the next day.and like what philip said,these ppl need to get a life.