I was hacked tonight

Posted: Thu May 20, 2004 10:53 pm

All they did was replace my opening message to this:

<h1> hahuahuahuha Admin Lammer !!!!!!!
hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!

contact sl4ck_w4r3@hotmail.com

Wow -- is it really easy to hack this program, or is there something I can do to prevent this happening again?

Raven, I have the hack script, right? I'm just a little perplexed, and want to keep the college students out on summer break from causing havoc to my site! What do I need to do?

Slightly panicked,

Posted: Thu May 20, 2004 11:57 pm

I've been reading here since my initial panic earlier, and it seems like others here have run into this hacker. I just realized he (guess that was sexist -- he or she) has made him/herself a GodAdmin along with me.

How do I ban this set of IPs? (I don't mind banning all 200.xxx.xx for now). How can I do it while the person is a God Admin?
How do I remove this person from BEING a God Admin?
How can I best protect myself from future intrusions, which could be more malicious?

It took a whopping 10 minutes for 5 files to be altered...that I know of.

Any help would be greatly appreciated!

Posted: Thu May 20, 2004 11:58 pm

Aside from the hack alert script what other security pack do you have? what add-ons do you use at your site? contact your webhost provider and have them send you the site's access.log

Posted: Fri May 21, 2004 12:20 am

Raven installed my phpNuke, along with his add-ons. I don't have anything other than that -- coppermine is there, but I've never activated it. The rest is the standard phpNuke. It's a fairly recent release -- 7.3, I think.

My technical know-how is limited (obviously!).

Do I have hacker alert? I'm not really sure. What will the access log tell me that I can't find out from the IP tracking? What am I looking for with the access log?

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

GG,

I replied to your email. email me your login stuff for your site, ftp, and phpmyadmin. Then, rename admin.php to somehting that only you know until I can get to this later this morning. Use phpmyadmin and edit the nuke_authors table to delete any names you do not recognize.

Posted: Fri May 21, 2004 8:10 am

I have added the admin.php fix and the mainfile.php fix, and my hackalert script. Those were not installed when you set up your site, otherwise you would never have been hacked. Later today I will add the http auth. addon for an extra level of admin security Smile

Posted: Sat May 22, 2004 9:24 pm

A huge thanks to you, Raven and chatserv, for all the work you do making things secure for us! Thank you!

Posted: Sat May 22, 2004 10:03 pm