My website's been hacked
02-04-2005, 05:02 PM
#1
A Philanthropical Fruit
Thread Starter
Join Date: Sep 2004
Location: Ann Arbor Michigan Aim: nickbeier
Posts: 756
Likes: 0
Received 0 Likes
on
0 Posts
My website's been hacked
For those of you who don't know, I'm into computers. In fact right now, I posting from my brothers old laptop which I recently converted into a webserver. Before I made this server, I rented space from another company, and started the website www.drastic-creations.com . It's nothing special, but it allowed my friend and to have a webserver, program in php, and make many websites. One of the seven (7) websites I made was about a sailboat. All the old people around the web that searched for Ghost13 would end up at my website, it's all over google and such.
Well recently, the guestbook on the that server has been hacked by some attention whore freakin idiot.
You see, the guestbook was filled with about 50 anecdotes, questions and advice from ghost13 owners all around the web. It was working really well untill some idiot came, hacked the server somehow, and deleted most of the posts. I'm not sure how he did it, but I'm not impressed. The javascript he left on the page dosn't even work and has a bunch of syntax errors.
Well, I'm making this post to complain, and start a hunt for those computer inclinded HAN members. It'll be fun
So, he made this post on the guestbook:
(http://ghost13.drastic-creations.com/ghostguest/)
Yea, whatever, I don't even care what that yibberish means, he's stupid. So. The image file was this: http://www.mavideniz.org/isko/atam.gif
Seeing as it was a unique image, I went to the directory and looked around. Apparently this is his own server, with a website dedicated to silly things like hacking. In that directory, he has all sorts of screen-shot images of websites he's hacked in the past. It's somewhat impressive - or rather pitiful. For those who don't know, it dosn't take much to hack, but it takes some rare stupidity to throw around evidence like that.
After looking around that website, I decided to do a whois search about it. Returning the information:
So, now I have lots of interesting evidence on this guy. The city, phone, servername (yahoo - what an idiot), IP address, etc, etc all seem to be very helpful for a hunt for this guy. Not to mention the various IP address' logged by the guestbook and the server POST logs.
Well, now what do we do? I'm sure I could email him somehow and insult him, his family, and everything he stands for - but that might be a little low.
You see, I don't mind much about the guestbook. It's the fact that he was so obnoxious and arrogant about his hacking "ability", and the fact that he actually carried through and DELTED INFORMATION that gets me. I can do some hacking myself, but I chose not to pursue it and make a fool of myself.
What do you think? No sympathy please, just plans of attack.
ok fine not plans of attack, we shouldn't do anything drastic or mean really, just feekback would be nice
[/end-long-post-rant]
Well recently, the guestbook on the that server has been hacked by some attention whore freakin idiot.
You see, the guestbook was filled with about 50 anecdotes, questions and advice from ghost13 owners all around the web. It was working really well untill some idiot came, hacked the server somehow, and deleted most of the posts. I'm not sure how he did it, but I'm not impressed. The javascript he left on the page dosn't even work and has a bunch of syntax errors.
Well, I'm making this post to complain, and start a hunt for those computer inclinded HAN members. It'll be fun
So, he made this post on the guestbook:
(http://ghost13.drastic-creations.com/ghostguest/)
Code:
(wierd image) Hacked By McQeey "DUR YOLCU!!! BİLMEDEN GELİP BASTIĞIN BU TOPRAK BİR DEVRİN BATTIĞI YERDİR !"
Seeing as it was a unique image, I went to the directory and looked around. Apparently this is his own server, with a website dedicated to silly things like hacking. In that directory, he has all sorts of screen-shot images of websites he's hacked in the past. It's somewhat impressive - or rather pitiful. For those who don't know, it dosn't take much to hack, but it takes some rare stupidity to throw around evidence like that.
After looking around that website, I decided to do a whois search about it. Returning the information:
Code:
Domain ID:D85796334-LROR Domain Name:MAVIDENIZ.ORG Created On:20-Apr-2002 14:00:03 UTC Last Updated On:23-Mar-2004 05:32:37 UTC Expiration Date:20-Apr-2005 14:00:03 UTC Sponsoring Registrar:Melbourne IT, Ltd. dba Internet Names Worldwide (R52-LROR) Status:OK Registrant ID:10687298410550 Registrant Name:Finans Registrant Organization: Registrant Street1:haciahmetcadd.mehmetefendi.sok. no.87beylerbeyi/istanbul Registrant City:istanbul Registrant State/Province:MARMARA Registrant Postal Code:34545 Registrant Country:TR Registrant Phone:+90.902122573000 Registrant Email:mavideniz@mavideniz.org Admin ID:10687298413700 Admin Name:mehmetefendi kocabiyik Admin Street1:haciahmetcadd.mehmetefendi.sok. no.87beylerbeyi/istanbul Admin City:Canakkale Admin State/Province:MARMARA Admin Postal Code:34545 Admin Country:TR Admin Phone:+90.902122573000 Admin Phone Ext.: Admin FAX:+90.902122573000 Admin Email:mavideniz@mavideniz.org Tech ID:10687298420310 Tech Name:YahooDomains Techcontact Tech Street1:701 First Ave. Tech City:Sunnyvale Tech State/Province:CA Tech Postal Code:94089 Tech Country:US Tech Phone:+1.6198813096 Tech Email:domain.tech@YAHOO-INC.COM Name Server:NS8.SAN.YAHOO.COM Name Server:NS9.SAN.YAHOO.COM IP Address: 66.218.88.126 (ARIN & RIPE IP search) IP Location: US(UNITED STATES)-CALIFORNIA-SUNNYVALE Record Type: Domain Name Server Type: Apache 1 Web Site Status: Active DMOZ 1 listings Y! Directory: see listings Secure: No E-commerce: No Traffic Ranking: 2 Data as of: 26-May-2004
So, now I have lots of interesting evidence on this guy. The city, phone, servername (yahoo - what an idiot), IP address, etc, etc all seem to be very helpful for a hunt for this guy. Not to mention the various IP address' logged by the guestbook and the server POST logs.
Well, now what do we do? I'm sure I could email him somehow and insult him, his family, and everything he stands for - but that might be a little low.
You see, I don't mind much about the guestbook. It's the fact that he was so obnoxious and arrogant about his hacking "ability", and the fact that he actually carried through and DELTED INFORMATION that gets me. I can do some hacking myself, but I chose not to pursue it and make a fool of myself.
What do you think? No sympathy please, just plans of attack.
ok fine not plans of attack, we shouldn't do anything drastic or mean really, just feekback would be nice
[/end-long-post-rant]
02-04-2005, 05:05 PM
#2
A Philanthropical Fruit
Thread Starter
Join Date: Sep 2004
Location: Ann Arbor Michigan Aim: nickbeier
Posts: 756
Likes: 0
Received 0 Likes
on
0 Posts
Hmm now after looking around and blowing the dust off that old ghost13 site, it seems the guestbook has also changed colors. Maybe he's done more than just mess with posts
02-04-2005, 05:10 PM
#3
Floppy Death! noES!!!
Join Date: Oct 2002
Location: Scranton, PA
Posts: 21,218
Likes: 0
Received 0 Likes
on
0 Posts
unless your heavy into security (obvisouly not) I'd leave the security up to a webhost site that knows how to secure things and just make pretty webpages
02-04-2005, 05:19 PM
#5
A Philanthropical Fruit
Thread Starter
Join Date: Sep 2004
Location: Ann Arbor Michigan Aim: nickbeier
Posts: 756
Likes: 0
Received 0 Likes
on
0 Posts
ahahhahha nice. If what you're refering to is simply posting, that's open to the public. What matters is that he got into the admin acount and deleted shit. The name and pass are probably pretty easy to guess. But I'll look into the server logs and see how he did it. brb
02-04-2005, 05:22 PM
#7
Floppy Death! noES!!!
Join Date: Oct 2002
Location: Scranton, PA
Posts: 21,218
Likes: 0
Received 0 Likes
on
0 Posts
on second look, this guestbook script was easy to get into... getting a professional host would only help if they didn't allow this software.
I'd look into getting something a bit more popular as far as software goes. PHPBB for example would be a lot more secure than that.
I'd look into getting something a bit more popular as far as software goes. PHPBB for example would be a lot more secure than that.
02-04-2005, 05:38 PM
#10
A Philanthropical Fruit
Thread Starter
Join Date: Sep 2004
Location: Ann Arbor Michigan Aim: nickbeier
Posts: 756
Likes: 0
Received 0 Likes
on
0 Posts
Wow. You are correct sir, well done. I had no clue that "advanced guestbook 2.2" was so vulnerable. thanks for showing me the easy exploit. Here's a funny quote from the explanation I was reading:
You'll get results that are extremely similar, in the titles and what not. Some pages are already defaced by 'Kuwaiti Hacker Gro00pz" or other lame groups that hack guestbooks to bitch and whine about the US.
^kinda silly. anyway, that was anti-climactic. Maybe I'll call him anyway and "bitch and whine" about how he sucks. Eh, whatever. Good day, all.
You'll get results that are extremely similar, in the titles and what not. Some pages are already defaced by 'Kuwaiti Hacker Gro00pz" or other lame groups that hack guestbooks to bitch and whine about the US.
^kinda silly. anyway, that was anti-climactic. Maybe I'll call him anyway and "bitch and whine" about how he sucks. Eh, whatever. Good day, all.