+- The Un-Official Proxomitron Forum (https://www.prxbx.com/forums)
+-- Forum: Forum Related (/forumdisplay.php?fid=37)
+--- Forum: News (/forumdisplay.php?fid=1)
+--- Thread: Hacked (/showthread.php?tid=834)
Hacked - Kye-U - Jul. 16, 2006 07:06 AM
Apparently we were hacked by an individual who goes by the title "NeEeO_HaCk".
I've checked all files on the server, and the only one modified was "config.php", which was modified to:
Code:
this site hacked by NeEeO_HaCk :) >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>At this time, I would like everyone to, as a precaution, change the password any accounts (email, IM, etc) which are identical to the ones you use to log into these forums. (However, I believe that this was just a "tagging drive-by" hacking, if you search for his/her identity, you will see they have a large presence on the Internet)
Regardless, I did not intend this to happen, and I was caught off-guard. I apologize to all members, and I realize that soon, we will have to migrate to a more secure forum software, which means I will have to soon have to find a job and get the money to do so.
Yours,
Andy
EDIT: I have reason we were not targeted deliberately.
This was an email I got:
Quote:this site hacked by NeEeO_HaCk
backup for you all
http://www.hostingzero.com/forum/modules/<snip>.sql
see you admin
NeEeO_HaCk
The headers:
Quote:Delivered-To: ME
Received:
by 10.65.155.2
with SMTP id h2cs20921qbo;
Sat, 15 Jul 2006 15:55:32 -0700 (PDT)
Received:
by 10.54.119.17
with SMTP id r17mr804577wrc;
Sat, 15 Jul 2006 15:55:32 -0700 (PDT)
Return-Path: <nobody@orbit.serverz.org>
Received: from orbit.serverz.org (core-04-gig-hz-146.hostingzero.com [70.85.209.146])
by mx.gmail.com
with ESMTP id 26si4652660wrl.2006.07.15.15.55.32;
Sat, 15 Jul 2006 15:55:32 -0700 (PDT)
Received-SPF: neutral (gmail.com: 70.85.209.146 is neither permitted nor denied by best guess record for domain of nobody@orbit.serverz.org)
Received: from nobody
by orbit.serverz.org
with local (Exim 4.52) id 1G1t2v-0004es-HU for ME;
Sat, 15 Jul 2006 17:55:37 -0500
To: ME
Subject: hi
From: "webmaster@hostingzero.com" <webmaster@hostingzero.com>
Message-ID: <200607152237.7a43da422982@www.hostingzero.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-Mailer: vBulletin Mail via PHP
Date: Sat, 15 Jul 2006 17:55:37 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - orbit.serverz.org
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [99 501] / [47 12]
X-AntiAbuse: Sender Address Domain - orbit.serverz.org
X-Source:
X-Source-Args: /usr/local/apache/bin/httpd -DSSL
X-Source-Dir: hostingzero.com:/public_html/forum
I believe the entire Hosting Zero server got hacked. Perhaps that's why I did not see anything suspicious in the Access Logs. (Any SQL Injection, backdoor entries, etc)
I'm guessing the hacker got root access of the Hosting Zero server, and did the GREP for "config.php" files, "tagging" them.
vBulletin is looking good, $160 USD for an Owned License, and $30 USD annually for updates. (And no, do not even think about paying it for me
)I predict that I will be able to purchase vBulletin (and hopefully a host) after I graduate from University. (Note that I will be participating in a Information Technology-related co-op program, so I will be getting paid, and hopefully, I'll be offered a job after I graduate)
I did make that promise I would keep these forums alive for as long as I live, right?
(Well, as long as I don't end up living in a box downtown...)Just hang in tight, I expect we'd see more of these in the near future. This one can be seen as a warning.
RE: Hacked - Shea - Jul. 16, 2006 05:24 PM
It was a mass hacking of the hosting zero IP range. No specific targets.
http://www.zone-h.org/index.php?option=com_attacks&Itemid=43&filter=1&filter_defacer=NeEeO_HaCk
Good thing he didn't put that epileptic page up for us like he did some other pages.
RE: Hacked - Kye-U - Jul. 16, 2006 05:59 PM
Ah, that makes me feel better
Haha, seems like I was fast to recover: we're not listed there
RE: Hacked - Guest - Jun. 20, 2008 06:11 PM
Kye-U Wrote:Apparently we were hacked by an individual who goes by the title "NeEeO_HaCk".
I've checked all files on the server, and the only one modified was "config.php", which was modified to:
Code:
this site hacked by NeEeO_HaCk :) >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
At this time, I would like everyone to, as a precaution, change the password any accounts (email, IM, etc) which are identical to the ones you use to log into these forums. (However, I believe that this was just a "tagging drive-by" hacking, if you search for his/her identity, you will see they have a large presence on the Internet)
Regardless, I did not intend this to happen, and I was caught off-guard. I apologize to all members, and I realize that soon, we will have to migrate to a more secure forum software, which means I will have to soon have to find a job and get the money to do so.
Yours,
Andy
EDIT: I have reason we were not targeted deliberately.
This was an email I got:
Quote:this site hacked by NeEeO_HaCk
backup for you all
http://www.hostingzero.com/forum/modules/<snip>.sql
see you admin
NeEeO_HaCk
The headers:
Quote:Delivered-To: ME
Received:
by 10.65.155.2
with SMTP id h2cs20921qbo;
Sat, 15 Jul 2006 15:55:32 -0700 (PDT)
Received:
by 10.54.119.17
with SMTP id r17mr804577wrc;
Sat, 15 Jul 2006 15:55:32 -0700 (PDT)
Return-Path: <nobody@orbit.serverz.org>
Received: from orbit.serverz.org (core-04-gig-hz-146.hostingzero.com [70.85.209.146])
by mx.gmail.com
with ESMTP id 26si4652660wrl.2006.07.15.15.55.32;
Sat, 15 Jul 2006 15:55:32 -0700 (PDT)
Received-SPF: neutral (gmail.com: 70.85.209.146 is neither permitted nor denied by best guess record for domain of nobody@orbit.serverz.org)
Received: from nobody
by orbit.serverz.org
with local (Exim 4.52) id 1G1t2v-0004es-HU for ME;
Sat, 15 Jul 2006 17:55:37 -0500
To: ME
Subject: hi
From: "webmaster@hostingzero.com" <webmaster@hostingzero.com>
Message-ID: <200607152237.7a43da422982@www.hostingzero.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-Mailer: vBulletin Mail via PHP
Date: Sat, 15 Jul 2006 17:55:37 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - orbit.serverz.org
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [99 501] / [47 12]
X-AntiAbuse: Sender Address Domain - orbit.serverz.org
X-Source:
X-Source-Args: /usr/local/apache/bin/httpd -DSSL
X-Source-Dir: hostingzero.com:/public_html/forum
I believe the entire Hosting Zero server got hacked. Perhaps that's why I did not see anything suspicious in the Access Logs. (Any SQL Injection, backdoor entries, etc)
I'm guessing the hacker got root access of the Hosting Zero server, and did the GREP for "config.php" files, "tagging" them.
vBulletin is looking good, $160 USD for an Owned License, and $30 USD annually for updates. (And no, do not even think about paying it for me
I predict that I will be able to purchase vBulletin (and hopefully a host) after I graduate from University. (Note that I will be participating in a Information Technology-related co-op program, so I will be getting paid, and hopefully, I'll be offered a job after I graduate)
I did make that promise I would keep these forums alive for as long as I live, right?
Just hang in tight, I expect we'd see more of these in the near future. This one can be seen as a warning.
i'm NeEeO_HaCk
what are you tallk about ???
tallk about hackeing ??
will i hacked web but this web i dont remember