Post Reply 
Hacked
Jul. 16, 2006, 07:06 AM
Post: #1
Hacked
Apparently we were hacked by an individual who goes by the title "NeEeO_HaCk".

I've checked all files on the server, and the only one modified was "config.php", which was modified to:

Code:
this site hacked by NeEeO_HaCk                            :)          >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

At this time, I would like everyone to, as a precaution, change the password any accounts (email, IM, etc) which are identical to the ones you use to log into these forums. (However, I believe that this was just a "tagging drive-by" hacking, if you search for his/her identity, you will see they have a large presence on the Internet)

Regardless, I did not intend this to happen, and I was caught off-guard. I apologize to all members, and I realize that soon, we will have to migrate to a more secure forum software, which means I will have to soon have to find a job and get the money to do so.

Yours,

Andy

EDIT: I have reason we were not targeted deliberately.

This was an email I got:

Quote:this site hacked by NeEeO_HaCk

backup for you all
http://www.hostingzero.com/forum/modules...ip>.sql


see you admin

NeEeO_HaCk

The headers:

Quote:Delivered-To: ME
Received:
by 10.65.155.2
with SMTP id h2cs20921qbo;
Sat, 15 Jul 2006 15:55:32 -0700 (PDT)
Received:
by 10.54.119.17
with SMTP id r17mr804577wrc;
Sat, 15 Jul 2006 15:55:32 -0700 (PDT)
Return-Path: <[email protected]>
Received: from orbit.serverz.org (core-04-gig-hz-146.hostingzero.com [70.85.209.146])
by mx.gmail.com
with ESMTP id 26si4652660wrl.2006.07.15.15.55.32;
Sat, 15 Jul 2006 15:55:32 -0700 (PDT)
Received-SPF: neutral (gmail.com: 70.85.209.146 is neither permitted nor denied by best guess record for domain of [email protected])
Received: from nobody
by orbit.serverz.org
with local (Exim 4.52) id 1G1t2v-0004es-HU for ME;
Sat, 15 Jul 2006 17:55:37 -0500
To: ME
Subject: hi
From: "[email protected]" <[email protected]>
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-Mailer: vBulletin Mail via PHP
Date: Sat, 15 Jul 2006 17:55:37 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - orbit.serverz.org
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [99 501] / [47 12]
X-AntiAbuse: Sender Address Domain - orbit.serverz.org
X-Source:
X-Source-Args: /usr/local/apache/bin/httpd -DSSL
X-Source-Dir: hostingzero.com:/public_html/forum

I believe the entire Hosting Zero server got hacked. Perhaps that's why I did not see anything suspicious in the Access Logs. (Any SQL Injection, backdoor entries, etc)

I'm guessing the hacker got root access of the Hosting Zero server, and did the GREP for "config.php" files, "tagging" them.

vBulletin is looking good, $160 USD for an Owned License, and $30 USD annually for updates. (And no, do not even think about paying it for me Wink)

I predict that I will be able to purchase vBulletin (and hopefully a host) after I graduate from University. (Note that I will be participating in a Information Technology-related co-op program, so I will be getting paid, and hopefully, I'll be offered a job after I graduate)

I did make that promise I would keep these forums alive for as long as I live, right? Wink (Well, as long as I don't end up living in a box downtown...)

Just hang in tight, I expect we'd see more of these in the near future. This one can be seen as a warning.
Visit this user's website
Add Thank You Quote this message in a reply
Jul. 16, 2006, 05:24 PM
Post: #2
RE: Hacked
It was a mass hacking of the hosting zero IP range. No specific targets.

http://www.zone-h.org/index.php?option=c...NeEeO_HaCk

Good thing he didn't put that epileptic page up for us like he did some other pages.

�{=(~�::[Shea]::��~)=}�
How 'bout you sideburns, you want some of this milk?
This fading text is pretty cool, eh? I bet you wish you had some.
Add Thank You Quote this message in a reply
Jul. 16, 2006, 05:59 PM
Post: #3
RE: Hacked
Ah, that makes me feel better Smile!

Haha, seems like I was fast to recover: we're not listed there Smile!
Visit this user's website
Add Thank You Quote this message in a reply
Jun. 20, 2008, 06:11 PM
Post: #4
RE: Hacked
Kye-U Wrote:Apparently we were hacked by an individual who goes by the title "NeEeO_HaCk".

I've checked all files on the server, and the only one modified was "config.php", which was modified to:

Code:
this site hacked by NeEeO_HaCk                            :)          >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

At this time, I would like everyone to, as a precaution, change the password any accounts (email, IM, etc) which are identical to the ones you use to log into these forums. (However, I believe that this was just a "tagging drive-by" hacking, if you search for his/her identity, you will see they have a large presence on the Internet)

Regardless, I did not intend this to happen, and I was caught off-guard. I apologize to all members, and I realize that soon, we will have to migrate to a more secure forum software, which means I will have to soon have to find a job and get the money to do so.

Yours,

Andy

EDIT: I have reason we were not targeted deliberately.

This was an email I got:

Quote:this site hacked by NeEeO_HaCk

backup for you all
http://www.hostingzero.com/forum/modules...ip>.sql


see you admin

NeEeO_HaCk

The headers:

Quote:Delivered-To: ME
Received:
by 10.65.155.2
with SMTP id h2cs20921qbo;
Sat, 15 Jul 2006 15:55:32 -0700 (PDT)
Received:
by 10.54.119.17
with SMTP id r17mr804577wrc;
Sat, 15 Jul 2006 15:55:32 -0700 (PDT)
Return-Path: <[email protected]>
Received: from orbit.serverz.org (core-04-gig-hz-146.hostingzero.com [70.85.209.146])
by mx.gmail.com
with ESMTP id 26si4652660wrl.2006.07.15.15.55.32;
Sat, 15 Jul 2006 15:55:32 -0700 (PDT)
Received-SPF: neutral (gmail.com: 70.85.209.146 is neither permitted nor denied by best guess record for domain of [email protected])
Received: from nobody
by orbit.serverz.org
with local (Exim 4.52) id 1G1t2v-0004es-HU for ME;
Sat, 15 Jul 2006 17:55:37 -0500
To: ME
Subject: hi
From: "[email protected]" <[email protected]>
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-Mailer: vBulletin Mail via PHP
Date: Sat, 15 Jul 2006 17:55:37 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - orbit.serverz.org
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [99 501] / [47 12]
X-AntiAbuse: Sender Address Domain - orbit.serverz.org
X-Source:
X-Source-Args: /usr/local/apache/bin/httpd -DSSL
X-Source-Dir: hostingzero.com:/public_html/forum

I believe the entire Hosting Zero server got hacked. Perhaps that's why I did not see anything suspicious in the Access Logs. (Any SQL Injection, backdoor entries, etc)

I'm guessing the hacker got root access of the Hosting Zero server, and did the GREP for "config.php" files, "tagging" them.

vBulletin is looking good, $160 USD for an Owned License, and $30 USD annually for updates. (And no, do not even think about paying it for me Wink)

I predict that I will be able to purchase vBulletin (and hopefully a host) after I graduate from University. (Note that I will be participating in a Information Technology-related co-op program, so I will be getting paid, and hopefully, I'll be offered a job after I graduate)

I did make that promise I would keep these forums alive for as long as I live, right? Wink (Well, as long as I don't end up living in a box downtown...)

Just hang in tight, I expect we'd see more of these in the near future. This one can be seen as a warning.

i'm NeEeO_HaCk
what are you tallk about ???
tallk about hackeing ??

will i hacked web but this web i dont remember
Quote this message in a reply
Post Reply 


Forum Jump: