1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Sites Hacked by Cyber Raider

Discussion in 'Black Hat SEO' started by teguh123, Jan 18, 2010.

  1. teguh123

    teguh123 BANNED BANNED Premium Member

    Joined:
    Sep 23, 2008
    Messages:
    703
    Likes Received:
    105
    I spend a great amount of time setting up autoblog for my customer. Then

    Poof all pages on all domain change into

    Hacked by
    cyber-raider.com

    Man....

    What the hell is going on? Is this only worpress site or all site? What happen?

    Here is a sample.
    http://coffeetop.info/

    I am very frustated.
     
  2. RamChaturvedi

    RamChaturvedi Supreme Member

    Joined:
    Apr 7, 2009
    Messages:
    1,359
    Likes Received:
    436
    Occupation:
    Internet Marketing
    Location:
    Undetected
  3. c0nan

    c0nan Junior Member

    Joined:
    Oct 29, 2009
    Messages:
    176
    Likes Received:
    139
    Occupation:
    Java J2EE Programmer
    Location:
    South Africa
    Can you still log into your hosting account?
    Change your passwords, and then check
    if only the index file was overwriten. and replace it again.
    Start checking your AWSTATS (if you have it installed)
    and check what was the last pages viewed before your got hacked...
    This might give you a general idea where the entry point was...

    The MP3 file sourced from

    Code:
    http://whois.net/whois/ulkuocaklarimuzik.com.com



    Good Luck

    C
     
    Last edited: Jan 18, 2010
  4. virus_1720

    virus_1720 Jr. VIP Jr. VIP Premium Member

    Joined:
    May 9, 2008
    Messages:
    1,686
    Likes Received:
    1,197
    Location:
    BHW
    that looks pretty but bad for you.
    What can be done? Please help this guys coz maybe we will be in his postion if we do not take steps
     
  5. mikeyy_

    mikeyy_ Registered Member

    Joined:
    Oct 17, 2009
    Messages:
    59
    Likes Received:
    50
    Occupation:
    Self-employed, entreprenuer.
    Location:
    Underground
    Home Page:
    Security analyst here, with not much information I can only grasp that your "autoblog" was vulnerable to a certain exploit or some other scripts/plugins you were hosting. Most "Turkish hackers" don't have targeted attacks, usually they use Google dorks or just randomly come up on a website and scan it for vulnerabilities. As of now, your best bet is to hope you have backups and if so, do not automatically restore the files. If you need someone to look around the scripts you are using and patch them up, I will be glad to help, though since it is a "job" for me... I'm not willing to just do it for free, but I am willing to help.

    Also, make sure all your applications are upto date and scan your box for backdoors/rootkits, if you don't know how to do such, I'll do all of the above.

    Just leave me a private message.

    Also, don't waste your time trying to seek revenge. You have better things to worry about and have something going for you, which they obviously don't and need to ruin it for others who are doing it better than them.
     
    Last edited: Jan 18, 2010
  6. teguh123

    teguh123 BANNED BANNED Premium Member

    Joined:
    Sep 23, 2008
    Messages:
    703
    Likes Received:
    105
    Man I can't make tons of it. Also what can I know that my other autoblogs are not treated the same way. Even sites that I haven't fixed get whacked too.
     
  7. mikeyy_

    mikeyy_ Registered Member

    Joined:
    Oct 17, 2009
    Messages:
    59
    Likes Received:
    50
    Occupation:
    Self-employed, entreprenuer.
    Location:
    Underground
    Home Page:
    Check your access logs, see if there is anything suspicious. It could help you track what file or destination is/was vulnerable. Once located, you'll need to know how it is vulnerable e.g. RFI, LFI, SQLi. Have a fair understanding of coding to know what you are looking for, understand about escaping quotes, etc. As there are many factors that could play in to part and I have no idea what your autoblog is, what plugins you are using, what files you have hosted, or any sort I can not do anything but take wise guesses or from past experiences with other customers.
     
  8. websicosys

    websicosys Newbie

    Joined:
    Jan 17, 2010
    Messages:
    39
    Likes Received:
    40
    Home Page:
    As the previous poster said, these Turkish hackers are never a big threat. An annoyance, at most.

    To minimize the potential for future attacks, 3 simple steps:
    1. Consider installing mod_security for Apache
    2. Always *ALWAYS* keep your WordPress up to date
    3. Monitor any WordPress plugins for updates. 90% of WordPress attacks are the result of plugins that are vulnerable and have not been updated.

    In some cases, if you're using a shared host and the permissions are configured incorrectly (usually in a shared cPanel environment) then you may not have been vulnerable at all. Contact your host and see if they received any other defacement reports. If that's the case, I *highly* recommend buying your own VPS. It's only a bit more than a shared hosting environment ($30 a month, give or take) and it provides immunity to the shared hosting attacks that I mentioned above. You'll also have wayyy more control of your server. I use and recommend http://www.namecheap.com?aff=6037 as a VPS host.
     
  9. mikeyy_

    mikeyy_ Registered Member

    Joined:
    Oct 17, 2009
    Messages:
    59
    Likes Received:
    50
    Occupation:
    Self-employed, entreprenuer.
    Location:
    Underground
    Home Page:
    The website or server would have to be vulnerable to have a PHP shell uploaded/saved onto the server. The/A PHP shell itself isn't a backdoor, it just gives you information and automated scripts which help you backdoor the server.
     
  10. Gradimir Stankovic

    Gradimir Stankovic Power Member

    Joined:
    Jan 10, 2010
    Messages:
    737
    Likes Received:
    845
    Location:
    404 not found
    I can suggest you to contact their hosting company, notify them about your sites.
    here is email from WhoIs:

    gumussoft@gmail.com
     
  11. migcosta

    migcosta Registered Member

    Joined:
    Jan 6, 2009
    Messages:
    55
    Likes Received:
    8
    Probably you should discuss this matter with your hosting provider...
    Last time one of my sites was hacked, I discovered that all other site on that server had been hack as well. It was a hosting problem... not a security problem in my site!
    But if you want to be sure just look at your site's stats and pay special attention to traffic coming from search engines.. look for strange keywords :)

    Regards and good luck resolving the problem