all Right Dammit...

Bi-Polar Bear · Posts: 14476 Location: Raleigh NC

which one of you guys hacked my website? Evil or Very Mad

dadpad · Posted: Sun Apr 27, 2008 4:14 pm Post: 3213031 -

Muj3zef.

A saudi E-terroist by the looks. Just be glad he didnt fly a plane into it.

Bi-Polar Bear · Posts: 14476 Location: Raleigh NC

that's my business lifeline... I guess my webmaster can fix it...I hope...

roger · Posts: 14389 Location: Farmington, NM, USA

Oh, not again!

edgarblythe · Posts: 37472 Location: Houston

Sucks!!

TTH · Posts: 15946

That is so mean. I read the message the jerk left. What an ass!

Eva · Posted: Sun Apr 27, 2008 8:58 pm Post: 3213223 -

Grrrrrrr!

Saudi hacker, huh?

I'd be sorely tempted to send porn to his e-mail address.

Robert Gentel · Posts: 680

Most of the time this kind of hacking (it's called a "defacement" in the hacking world) can be undone merely by deleting the index page they uploaded finding the old home page (they often back it up for you like "OLDindex.php" or "indexOLD.php") and renaming it or re-uploading it so that it is the site's index page again.

Since your other pages are still there (see: http://www.stevepartys.com/dates.html) I strongly suspect you can fix this easily.

But here's the real problem: how did they get in?

Most of the time, it's through an installed script like a guestbook, forum, stat processor etc. Other times it's through a bug in the server software. Other times it's due to a dictionary attack.

Whatever it is, the server needs to be hardened and patched.

Make sure that:

- your username (for ftp and all other stuff) is changed
- the root password for the server is changed
- the server admin updates all relevant software and audits the server for the entry point.

Your webmaster should be told the first part, where I describe how to restore your site. Your host should be contacted for the second part (about securing the server) as it may have been another client on the server that had the security breach.

TTH · Posts: 15946

I hope it is okay to post this. This is the source of that page
<DOCTYPE>
<saved>
<saved><saved><saved><saved></SCRIPT><saved><saved><HTML><HEAD><TITLE>
[ تم الاختراق مجـــازف ]</TITLE><BeginEditable><EndEditable>
<META>
<META></HEAD>
<BODY>
<STYLE>.layermensaje {
FONT-SIZE: 10pt; COLOR: #ff0000; LINE-HEIGHT: 10pt; FONT-FAMILY: "Courier New"
}
</STYLE>
<FONT>
<P> </FONT><FONT>Owned By Muj3zef</FONT><FONT>
</FONT>
<FONT>
<SCRIPT>
<!--
// mensaje elite
mensaje=

'<p><font>Connecting , Please Wait . . . . . . . . . . . . . </font></p>'+' <br>'+' <br>'+
' <br> '+
'<br> '+
'Ho Ho ... H3cker By Muj3zef !!!!<br>'+
' <br>'+
' <br> '+
' '+
' <br>'+
'Sorry : This Is Not Game . It,s My Work <br>'+
'<br>'+

'your security got bypassed .. see more security next time......!! <br>'+

'<br>'+
' <br>'+
'Contact Me : Mujazef-vip@hotmail.com<br>'+
' <br>'+
'process complete ...... <br>'+
' <br>'+
'**** Admin .......... Bye Bye (^_*) <br>'+
' <br>'+
' <br>'+
' <br>'+
' <br>'+
' <br>'+
' E x i t <br>'+
'<p> <font> "..:: Saudi Arabia Hacker ::.." </font> <br>'
line=0
cursor='_'
function teclear(){
if(line==mensaje.length) cursor=''
ttecleado.innerHTML=mensaje.substring(0,line)+cursor
if(line++<mensaje>
</SCRIPT>
</FONT>
<DIV>
<P></P></DIV>
<P><FONT>
<OBJECT><PARAM><PARAM>
<PARAM><PARAM><PARAM><PARAM><PARAM><PARAM><PARAM><PARAM><PARAM><PARAM><PARAM></OBJECT></FONT></FONT></P>
<P></P><FONT>
<SCRIPT></SCRIPT>

<SCRIPT>
<if>
</SCRIPT>
</FONT></BODY></HTML>

Bi-Polar Bear · Posts: 14476 Location: Raleigh NC

thanks guys... I sent these posts to my webmaster... who also takes care of several other sites we have.... apparently they hacked every one.... my drummer (aka the webmaster) takes care of these... he works on campus at Microsoft and is pretty knowledgeable... me... I can tell you how to get directly to most any specialized porn site and that's the extent of my internet talents pretty much Laughing

thanks again..