1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I Got Hacked... How?

Discussion in 'BlackHat Lounge' started by gimme4free, Dec 29, 2008.

  1. gimme4free

    gimme4free Executive VIP Jr. VIP Premium Member

    Joined:
    Oct 22, 2008
    Messages:
    1,884
    Likes Received:
    1,932
    Ive had someone get into my server and upload a load of phishing files, they left the ZIP's on my server and I managed to get 2 emails out of the phishing files:
    mr.edu.ola01@gmail.com
    aaronw.244@gmail.com

    No idea how to report to Google as they are so hard to get into contact with.

    Also found:
    Quick Google search showed me a site that gives away these scam pages!?! How is that site still up and running? 1 WebPage with loads of phishing pages available to freely download.

    Also, how are hackers catching peoples passwords nowadays? Im really careful and hardly signup anywhere yet it happened to me?
     
  2. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,227
    Occupation:
    Retired
    Location:
    Old Peoples Home
    Easiest way in is an out of date insecure script on your server.
    Failing that brute forcing their way on or even a trojan on your PC that leaks the FTP username / password to them.

    Can you see anything in the logs at all - sounds like they just uploaded stuff so the logs may show how they got in.

    Feel free to give me a shout if you need a hand.
     
  3. BlackBeret

    BlackBeret Regular Member

    Joined:
    Jul 12, 2008
    Messages:
    257
    Likes Received:
    61
    Location:
    Transexual, Transylvania
    Find the hosting provider for the site and report the site. If it's in a country that enforces and kind of laws it might get removed.
     
  4. stealthisblog

    stealthisblog Regular Member

    Joined:
    May 26, 2008
    Messages:
    289
    Likes Received:
    238
    Location:
    New York City
    There are a couple of ways they could have gotten into your server.

    1)Gotten you to run a trojan/keylogger and got your passwords through it.
    2)Hacked a forum/website you registered on, got your password, and using it got into your email and eventually your hosting account.
    3)Found an insecure script running on your website and exploited it.
    4)Hacked another website on your server and used it to get into your directory and upload files.
    5)Hacked your webhost and got into your hosting account

    ....the list goes on and on. You can report them to their host and get their sites dropped, but I doubt anything you can do will land them behind bars. Stay secure :)
     
  5. justone

    justone Elite Member

    Joined:
    Oct 12, 2008
    Messages:
    1,516
    Likes Received:
    1,037
    Occupation:
    -
    Location:
    Europe
    Is it a linux or windows server?
     
  6. booman

    booman Regular Member

    Joined:
    Mar 6, 2007
    Messages:
    478
    Likes Received:
    87
    Location:
    USA
    Is this hack on the same server you are running your incentive site built with project RAFS?
     
  7. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    788
    Likes Received:
    3,129
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    someone in the ukraine got into my c-panel on two occasions.
    i've since switched to another hosting comp.
     
  8. justone

    justone Elite Member

    Joined:
    Oct 12, 2008
    Messages:
    1,516
    Likes Received:
    1,037
    Occupation:
    -
    Location:
    Europe
    The solution is get knowledge and run your own server, be your own master.
     
  9. blackhat50

    blackhat50 Regular Member

    Joined:
    Oct 22, 2008
    Messages:
    336
    Likes Received:
    103
    you are honestly, to be blunt, never protected online. simple as that.

    it's not the always the user, its flaws in the daily programs we use and sites we use, firewalls & anti-virus programs are just a step in protecting you anyways,

    simply put, if you haven't been hacked it's because you haven't been targeted and the flaw wasn't there at the same time. your bound to get hit sooner or later as time goes on with a varable degree of how bad of a 'hit'

    the best flaws back in the day were in the 90's and early 2000's with AOL screen saver PassWordStealers , and active x flaws , tell me whos browser doesn't run A-X? myspace allowed flash in comments which allowed people to take over even if it was private or not plus phishing and social eng, piss enough people off that know what they are doing and you'll get hit (from ddos'in to rootkits). only way not to get hit is not be connected to the internet. anti-virus programs are pure junk if its not always up2date and those are still crap compared to custom code. i've seen custom code that would disable and uninstall your firewalls and anti virus programs . firewalls and anti virus programs are only good for the newbie hackers

    i've been hit with everything, from kids ddos'ing our isp gateway of a city of 100,000 to rootkits. i've started early early 90's and started programming when i was 13 with qbasic to vb to c++ etc and had a scholarship for cisco networking (ccna) ,

    regardless of all that.

    you are never protected online. its knowledge VS knowledge online.
     
  10. blackhat50

    blackhat50 Regular Member

    Joined:
    Oct 22, 2008
    Messages:
    336
    Likes Received:
    103
    ^i was fixing the gramar then blackhatworld went to fixing the database issue so i couldn't fix it in time.

    which was A GREAT IDEA thank you harro for that fix! fuck ***** fuck them one of there post i saw on there was

    "Why isn't obama changing anything since bush left, why is it the same."etc and bashing on blacks and why america is faggs they have iq of -2
     
    Last edited: Dec 29, 2008
  11. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    788
    Likes Received:
    3,129
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    no the web is never 100% safe, but don't rule out carelessness... many people use simple
    passwords, or they use the same password over and over. some people actually store their
    passwords and ftp info online in text files!

    also a lot of servers are not secure. i know of one hosting company that has one of the
    worst security problems i've ever seen. every account they host can be accessed, and the
    company even knows about it but they don't care!
     
  12. blackhat50

    blackhat50 Regular Member

    Joined:
    Oct 22, 2008
    Messages:
    336
    Likes Received:
    103
    lol yea thats funny, majority of all problems on the computer is the user but i know gimmie4free
     
  13. Donnie Darko

    Donnie Darko Regular Member

    Joined:
    Aug 22, 2007
    Messages:
    229
    Likes Received:
    356
    Location:
    USA
    My guess is they found an exploit in your script and executed a shell such as r57 or c99.
     
  14. gimme4free

    gimme4free Executive VIP Jr. VIP Premium Member

    Joined:
    Oct 22, 2008
    Messages:
    1,884
    Likes Received:
    1,932
    Deleted the scripts I guess were insecure, still have no idea how they work their way in though lol. Even with a bruteforcer the password I used I dont use for anything else and I doubt it would be in a brute force dictionary or whatever they use to lookup passwords. 100% no trojans on my laptop unless some new undetectable trojan is about but I dont know much about them anyway lol.
     
  15. plut0

    plut0 Regular Member

    Joined:
    Aug 2, 2008
    Messages:
    259
    Likes Received:
    59
    Some simple step to do when yo got hacked.

    1. Report to the host admin.
    2. ask the admin syslogd file copy.
    3. Find out whats has been done on your site due to syslogd.
    4. Fight back if you have enough power (war just beginning!) to do remote exploit :)
    5. Always shut the service you don't need down.
    6. Try to get the updated and safest script you have installed on your web server.