- This topic is empty.
-
Posts
-
My forum at http://www.ladiesofholdem.com was hacked into last night, I can’t log into it, and the catergories are mixed up, but the messages all still seem to be there aside from that..
Anyone know if there is a way to take control of the forum back from the hacker?
Not feeling the best today. But are you sure you have been hacked, if so lock down your DB asap. Start doing some investigating, this can potentially destroy you site overnight, providing you are sure its a malicious hack. Phone up your ISP and ask for there opinion.
Wish I could help but I running a high grade fever. greek39
It looks like they may have just posted a message with a title or username that included a refresh tag that redirects to another forum.
It’s hard to be sure without spending more time on it. If you can get access to the messages and delete the offending message, all may be well.
hehe yeah im pretty sure, my forum no longer belongs to me… it redirects to another site, I cannot log in to either the site or the forum control panels and there is spam all over my forum.. if that wasn’t enough though.. it does say “hacked by shekill”
Sorry to hear your not feeling well, hope you get better very soon.
~ Lady H
Heres the whois info on the site that it now redirects to
Registrant:
erkan koksal sagopa_junier@hotmail.com +90.055548961
koksal
antalya kemer
antalya,kemer,TURKEY 00453Domain Name:sanalsabotaj.com
Record last updated at 2006-01-28 15:03:23
Record created on 2006/1/28
Record expired on 2007/1/28Domain servers in listed order:
ns1.cukurovahost.com ns2.cukurovahost.comAdministrator:
name: erkan koksal
mail: sagopa_junier@hotmail.com tel: +90.055548961
org: koksaladdress: antalya kemer
city: antalya
,province: kemer
,country: TURKEY
postcode: 00453Technical Contactor:
name: erkan koksal
mail: sagopa_junier@hotmail.com tel: +90.055548961
org: koksaladdress: antalya kemer
city: antalya
,province: kemer
,country: TURKEY
postcode: 00453Billing Contactor:
name: erkan koksal
mail: sagopa_junier@hotmail.com tel: +90.055548961
org: koksaladdress: antalya kemer
city: antalya
,province: kemer
,country: TURKEY
postcode: 00453Registration Service Provider:
name: HostPrizma Web Hizmetleri
tel: +90.5555114372
fax: +90.5555114372
web:http://www.hostprizma.comRegistry Status: ACTIVE
Registry Status: okI can get to the message, but I can’t delete it, because my password is changed, don’t suppose you know if i can re-change the password via the shell do ya? I’m truely about as clueless as they come hehe.. I tend to learn these things as they come.. I’m sure I made a record for the longest time taken to install a forum hehe.. they also changed a few titles .. but you are right, as far as damage done, its pretty minimal.. all ive noticed is a redirect, they deleted the topic catergories, and tried to delete the individual forums (they went about that wrong though, because when you delete them, it makes you put each message into a folder) so all of the forum msgs are still there. and obviously made it redirect to their forum.
Thanx !!!
~ LadyH
BlackjackInfo wrote:It looks like they may have just posted a message with a title or username that included a refresh tag that redirects to another forum.It’s hard to be sure without spending more time on it. If you can get access to the messages and delete the offending message, all may be well.
Yeah, once I turned off the refresh redirect I could see they had more access than just posting a message.
I expect there is a way to change the password directly in the database, so that would be the next step. Either your hosting company or vbulletin support should be able to help.
It sucks having to deal with this. Good luck!
I suggest no one go to the forum section of your site. It redirects to a malicious hackers forum. If you pay them a visit turn off your active scripting. If I am feeling better tonight I will join the redirected forum and knock some things over.
Eric a friend of mine is sending him a email right now.
Have you talked to the server company?
They did the redirect for a reason it may seem harmless but trust me it is not. DO NOT VISIT THAT FORUM REDIRECT!!!!
Yes dominique ty, I’m talking to them now, its godaddy… soooo.. you have to get through the ppl that know less than I do (and thats not alot lemmie tell ya!) to the ppl that know enough to pretend they know something .. and after they told me that the problem was with my vbulletin forum (the one in Turkish)
Not only did i tell them it would redirect.. I told them to what site, we did a whois on it … then they didnt even realize they were redirected
.. but im talking to a supervisor now, and going on 30 minz on holdI am finally off of the phone with the supervisor at godaddy.. they told me that the site was accessed through their server, with my password… now I really don’t belive that to be true.. honestly I think it was an IPB backdoor, being that I was using 1.3 (the last free version) rather then the updated version.. but be that as it may…
I asked Bill, the supervisor at godaddy, if there was someone there with actual website exp. I could talk to, he said that no there was not, they do not offer tech support in building webpages, I told him that I didn’t need help building the page, i needed help backing up the page.
Not a problem for $150, when I asked him why i would want to pay $150 to have the problem fixed if it was their fault.. he told me taht i must have given someone the password…
The only place i have that password, is on a printout from godaddy… soooo that guy musta came from turkey to get it! I don’t even know it, and thats all I use it for!
YAAAAAAAAAAAAAAAAaaaaaaaaaaaaaaaaaaaaaaaaAAAAAAAAY through no help of GoDaddy, and LOTS n LOTS of help from my friend 4flush, I am now the proud owner of MY forum again! ! ! ! Oh and the IP that took it over… search ur member lists for this one
68.87.77.185
Thnx
~ LadyH
pfffffffffffff
congratz Lady:)
Well I am glad to hear the problem was takin care of. Way to go 4flush! I would suggest every CAP member block this IP it might help.
Unfortunatley I think he/she will be back, if it was a malicious hack. They love the challenge. The redirect forum can be viewed in English, I signed up.Just a bunch of amateurs obviously, because good malicious hackers never get caught nor found.
I would remove the link provided so it does not compromise the CAP forum as a precaution.
greek39
Yet another example of bad things happening to good people. Sorry to hear about this, but glad that 4flush helped you out. I’ve been meaning to join your forum, do you think you have the forum under control now? Or do you have to implement more security before you use it again?
