Blog Documentation Book a Demo
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

[Non-Vanilla-Related] I was hacked today :(

strawberriesstrawberries New
edited August 2006 in Vanilla 1.0 Help
I sadly found 3 hours ago that my site had been hacked. Guess there is a first time for everything (I have been a webmaster for 7 or 8 years). The hacker put up some black page, with his hacker's group name etc....some lot from Turkey.. Anyways, i have uploaded all my vanilla directory again. The main chat page looks fine again - www.love2escape.com But when you go to click on any individual thread page, there is an error...........eg if I click on say: http://www.love2escape.com/chat/discussion/60/cats-of-the-world/ I get: Not Found The requested URL /chat/discussion/60/cats-of-the-world/ was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Any ideas?
«1

Comments

  • JoeJoe
    Not 100% sure but it looks like something to do with mod_rewrite (ie friendly urls mod). Try installing it again (you will probably just have to copy the .htaccess file again.).

    - Joe
  • strawberriesstrawberries New
    Joe, thanks for the reply. I got the threads working. It was a case of downlaoding Mark's friendlyurls extension and uploading the htaaccess file to my root directory again. For some reason, on my last backup, i don't appear to have downloaded this file. Anyways, thanks for the help. I now have to go through my extensions, one by one, and get them up and running eg the image attachment one is not working, coz my images are not showing in threads (ie uplaoded photos). But at least I am up and running again!
  • DinoboffDinoboff
    Can you find out how they could hack your site?
  • alnoktaalnokta
    They ain't hackers they are crackers... You should go through the logs and change the password if you haven't already done that...
  • nottestnottest
    wow i was never been hacked
  • BergamotBergamot
    /me hacks test
  • a_ja_j
    Yeah, I'd be interested in knowing how they got access.. Are you hosted on a shared server? Host yourself? Logs say anything? XSS?

    Sorry to hear you have to deal with this, but it'd be appreciated if you could share some info (if you can) about what happened to help the rest of us protect ourselves.

    Thanks.
  • strawberriesstrawberries New
    edited August 2006
    hi folks. Thanks for the responses. I am slowly get my overall site up again. Basically what they did was, put up a single page on my main .com homepage and took everything else down. I have two other main sections of my site - a blogging section and my vanilla chat section. These three areas all have their own databases. So it was only my main .com homepage that had a page added. But whatever robot they used, they cleaned out all files in directories and sub-directories. The directories and sub-directories themselves were still there, just no files in them. I have uplaoded my blog section there now; and vanilla was uploaded earlier. I will upload overnight my main dot com section (a big section built on joomla) As for who did it - I don't want to give these types of folks too much promotion - but if you google for 'sniperteam' you will find that they have hacked a lot of sites. They say they are Turkish. I am on a shared server. I have now changed my main password via cpanel. I must work out how to change my blog and vanilla passwords too. I have the logs file open here, and I know roughly when they broke in (around 2.30pm GMT) But no doubt they will have used several proxies.
  • MarkMark Vanilla Staff
    Hey Strawberries - I changed your discussion title to "Non-Vanilla-Related" at the beginning so people don't see the topic and think there's a Vanilla-related security hole. I've had friends get hacked like that before - it's never fun. It sounds like it was a brute-force spambot that did it. They just keep hammering different servers with sets of usernames and passwords until something works. When it does, they go through and tear everything up. I think I'm going to go do a server backup right now :)
  • strawberriesstrawberries New
    thanks Mark - good idea to change the thread title. Thanks for the guidance re how such people might have carried out such an attack. This is my first ever time being attacked in all my years being a webmaster. Pretty depressing. It's the hassle of uploading everything and tweaking it again, to ensure everything is working as it should be. Yes, this has really opened my eyes and Iam gonna back up far more often. Luckily enough I had backed up about a week ago (usually it's only every 6 months!)
  • bugsmi0bugsmi0
    edited August 2006
    just create passwords 12+ characters long with lots of *)#.] lol it will take them years to figure it out E$R>G!{T3rdef1\vO<}A+gKD``FW_] -> hack proof
  • strawberriesstrawberries New
    thanks, bugs! i had fun trying to change my password today......my host now won't any longer take names/regular words. So I had to make up something bizarre, yet memorable. I think the key thing is using numbers as well as letters.
  • MarkMark Vanilla Staff
    edited August 2006
    Talking about your personal password philosophy is always something that should be avoided. I knew one hacker a few years ago who did nothing but read through discussion forums looking for information about people and profiling them. Based on that info he would break into their online email accounts and get all kinds of sensitive information (receipts from online transactions, secrets shared between friends, passwords to other sites from password retrieval emails, naked pictures, etc). True story.

    I'm going to share my philosophy anyway:

    My passwords almost always include numbers, letters (both cases), and punctuation of some kind. Normally inspired by something sitting on my desk. I never use the same password at more than one place. I always retire a password when I stop using that site or after a certain amount of time.

    For example, the root password on my old server was jU!c3B0xer1No.
    An old work server's admin password was Lucky57@R.

    :)
  • KrakKrak New
    I work for an alarm company, installing security alarms. Let me tell you, guessing someones alarm code is usually pretty freaking easy. Seriously, so easy its scary.

    There are times when the customer is not around or can not be contacted and I need the code to do something (and I don't want to default it), most times I can guess it, I'd give it a 65% chance, maybe even higher than that.

    The default code after I program it is 1234. If they are an elderly customer, chances are it will still be 1234, or maybe 4321. Most of the time, a hint is in plain site. Example, when I need the code - just look around. If you see a normal middle class home with pictures on the wall of their children, that look to have been born in the 80's, start with 1981 and work up, I will usually hit it in about 5 minutes. If you see a nice classic 67 Chevy, 6767 or 1967 usually pegs it. I see stuff like this everyday. The users address, last 4 digits of their phone, etc...

    My favorite is the post-it note above the keypad reading "Code is 3568". That one kills me every time. Also, when the numbers and letters on the keys wear off, it is time to change the code.
  • MarkMark Vanilla Staff
    edited August 2006
    bwahahahahahahahahaha

    I once had someone's account get hacked on my forum. It turned out that this person had been using the same password everywhere. I mean EVERYWHERE. They used it for my forum, their hotmail account, their gmail account, their yahoo account (yes, he/she had three email accounts), a myriad of other forums, and one forum in particular - a very popular one which I'm not going to name - where it had been stored as plain text - the place where the hacker found it.

    This password was, I'm totally serious, the person's bank-card pin number.
  • WallPhoneWallPhone
    Now this is a very serious security breach--Every body's pin number revealed
  • bugsmi0bugsmi0
    I'd bet $$ that nobody could evver guess this one E$R>G!{T3rdef1\vO<}A+gKD``FW_] - not in a 100 years he he I also think the key is to make use of the fake passwords you can get these days, fake emails etc there are some programs that can hook you up but some cost money. Using different password schemes for different things the more complexed the password is the less chance of guessing it
  • chiskopchiskop
    I had porn-spam left on in a guestbook used on a site I admin - next day headline "Website hit by Hardcore Hackers" in national newspaper.
  • WandererWanderer
    My guestbook is a manual one, the entries come to me for approval before they get posted for that very reason.
    I also have a lot of young kids visit the site and don't want their parents to chuck a fit.
  • MinisweeperMinisweeper New
    Mark, do you really think it's appropriate to leave your old boxer shorts laying around your desk? Get a grip man...
This discussion has been closed.