Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

Hacked By Dengesiz Team Foreve Turkey.

That's all my site says right now.
index.php contains only that text.......
How did that happen with 6.01.3??

Something that should have been upgraded to 6.01.4??
Thought that was minor bugs that was not security issued.

www.mit-sted.dk
Nothing to see in SQL
Never used the same password at any other sites but my own.
Noone else knows my PW for FTP or SQL but me...

A case to solve here...site were in maintenance mode, only i have access, only one member but me, trusted one...

UPDATE: No files except index.php has been changed, and nothing in sql has been changed - just looked at my backup from last night.
Hmm, nasty :( - that definately needs further investigation and from what you've said, you were secure.

Is Maintenance mode a possible weakness? Seems strange that all your sites were in that mode when it happened
Was your FTP password an easily bruteforced password?
Have you checked avatars and image attachments using the approriate infusion for the image checks?
Hey, you should feel honored (joking, joking)! Go here.

The Dengesiz Team is #27 on the overall list of website attackers as listed on that site with over 5K attacks.
Hmm, when you know of a vulnerability in a often used CMS it will not be that difficult to get a lot of hacks done, certainly if you are working in a team. Little honour in that, IMAO.
you are server hack ;)

http://www.mit-sted.dk/ server hacked owned

Quote

SySt3Mc1x wrote:
you are server hack ;)

http://www.mit-sted.dk/ server hacked owned


Wtf is up with you...
For every negative, there's a positive... As much as it is extremely annoying and time-consuming for those involved when a site is hacked, weaknesses/vulnerabilities are exposed and can be dealt with, thus making systems even more secure.

With the latest exploit (involving old messages.php) it has highlighted the necessity to stay up to date file-wise - obvious to most, but there are still many old-version sites running and just waiting to be exploited... and let's not forget the password issue "lesson".

Let's hope that Danish1977 finds out how his site was attacked (more involvement/suggestions needed) and we might find another little security hole that can be blocked - or maybe just learn another security lesson. ;)

Quote

muscapaul wrote:
Have you checked avatars and image attachments using the approriate infusion for the image checks?


No. Only i have an avatar, and only one other member but me. A friend through 20 years.
Noone has access to my site except the 2 of us.
Nothing's been changed in SQL, nothing's been changed in any files except index.php.
My password was not an easy one to trick. contains 12 chars, lower and upper case, 4 digits...
I'm lost.
Did you find the IP? How did they access your site? Did you use the same pw as you did on other sites?

When the Swedish site was "hacked" last week, the guy used your name and pass from a totally different site, could that have been the case here?

Check out which IP and if you find it, send it to me, I have some list of IP's...
KEFF wrote:
Did you find the IP?
- No, i have NO tracks of anything, i got the list of IP's, but won't help, no marks are left, only a changed index.php

How did they access your site?
- No clue at all :(

Did you use the same pw as you did on other sites?
- Nope, using a strong password for my site, not used anywhere else, and different to my profile password.

When the Swedish site was "hacked" last week, the guy used your name and pass from a totally different site, could that have been the case here?

Check out which IP and if you find it, send it to me, I have some list of IP's...

I'm lost :(
- 6.01.3
- Maintenance mode
- Nothing changed in Database
- Noone been logged in since i backed it up
- Only file changed is index.php
- Noone but me knows that password, not used anywhere else.

Could someone get read access to my config through maintenance.php somehow, an unrewealed bug?
Packetsniffing through application session maybe?
Does your config.php has the correct attributes? 644
Yes
Would you like to give me admin/ftp access mate? I'll gladly try to help resolve your prob. ;)
For now i've heard that there should be a possible security whole in TUFAT Chat, so i upgraded that.
Uploaded my old index.php again so they could have a 2nd shot if they'd like LOL
Changed all passwords all over again as well, so i'll see if anything comes up yet again...hope not. If so, i'll send you my details Digi, for now there's nothing else to see but a changed file, index.php, looked through all other files with winmerge, nothing changed, no timestamps either, and sql, nothing inthere changed as well...weird.
I'll get back to you Digi, if any new attack comes up. Just made a backup of database and all files. Noone enters my site till n eventually 2nd attack, then i'll backup everything again, without logging in.
Btw does your host have register globals and/or magic_quotes_gpc set to off? if so, update to 6.01.5.
Register Globals set to on
magic_quotes_gpc On
magic_quotes_runtime Off
magic_quotes_sybase Off
Thread Information
Author
Replies
19 posts
Views
3860 times
Last Post
Last updated on 14 years ago
You can view all discussion threads in this forum.
You cannot start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You cannot download attachments in this forum.