Hacked by Turkish Hacker

[Terillius]

One of my clients home page has been taken over by a hacker group. The title of the page is "Hacked by FEARLESSGROUP". It then says "Hacked by Turkish Hacker," and "TeaM MEMBERS : Vasili | Stalker | MetaLgear | WoLkanno".

I think I heard about this a few months ago, but I can't remeber what the story is. Does anyone remember this or know what the deal is? Unfortunately the server hosts many things for the city, so I don't want to shut it off until I can confirm whether this is a serious breach or just a vulnerability in the web server software.

 

[ndruw]

IIRC they mostly used script-kiddie techiniques on servers that missed a couple months worth of updates - make sure everything is all patched up next time and you shouldn't have problems with them.

Also, it might be a good idea to wipe that server clean because you can never really tell what files they may have dropped on there.

 

[TopGun]

Was your client using a cms?

 

[Terillius]

What's a cms?

 

[BigTy]

I also was hit by this group two days ago. I was using phpnuke 7.8.

 

[TopGun]

Yea i know that when someone i used to know used
php nuke for their clan site it was "hacked". So im guessing
that unless you use the security measures for nuke it isn't
too secure.

 

[BigTy]

I just updated to 8.0 and will be adding sentinal on it shortly.

 

[Terillius]

You guys are rad bad admins, let me tell you.

 

[BigTy]

You guys are rad bad admins, let me tell you.

What?

 

[CaseyBlackburn]

What?

I think he is making fun of you guys for thinking you are "big bad admins" because you run a website, let alone one on free CMS, while he is a systems admin. I think that's what he meant...

 

[sandmanx]

I think he is making fun of you guys for thinking you are "big bad admins" because you run a website, let alone one on free CMS, while he is a systems admin. I think that's what he meant...

An admin that got hacked, and then starts asking for help is making fun of others? Sounds like he's not going to get any help here.

 

[Leo`]

I was tripping off that too lol thats pretty funny.

 

[Terillius]

You hijack my thread asking for help to talk over my head about what YOU have done and when YOU have been hacked. Man, fuck you. You even ignored my question about cms. No one has offered jack shit in response to my original post. I am justifiably pissed off now.

 

[Imcompa]

You hijack my thread asking for help to talk over my head about what YOU have done and when YOU have been hacked. Man, fuck you. You even ignored my question about cms. No one has offered jack shit in response to my original post. I am justifiably pissed off now.

Settle. This it the interwebs, you can't ask for help then get pissed off when no one helps you.

This thread is confusing as hell.

 

[Haven]

How about some real information from the original poster.

• What OS?
• What Webserver?
• Are they running any Content Management Systems (CMS) on the server (PHPNuke? Slash? Something else?)
• Is there a Database on the server?
• What versions of the software is the server running?
• See all this information you didn't include, not including this information makes it hard for people to help you.

Some people mentioned that they had PHPNuke installed and had the same thing happen. Which could be a vulnerability in PHPNuke. Knowing how to ask a question can help in getting answers to what you need to know.

 

[NS80]

You hijack my thread asking for help to talk over my head about what YOU have done and when YOU have been hacked. Man, fuck you. You even ignored my question about cms. No one has offered jack shit in response to my original post. I am justifiably pissed off now.

I don't see anyone talking over your head, you didn't include crap for information in your first post so what do you expect? It sounds like you're over your head just hosting one little site, and now you've come across as a complete dick to everyone that might have tried to help you. You have zero reason to be pissed off, except for the fact that you have an inflated ego and are imagining attacks where none exist. GET OVER YOURSELF.

Also just to be helpful CMS is a content management system. It allows end users to easily update sites without having to know any coding or anything. If there is a login name with a password that isn't very secure then the "hackers" can login and post whatever they want on the site without even having to find a vulnerability.

 

[Xipher]

In most cases it doesn't even take guessing a password to pull this sort of stuff off. I have seen plenty of this crap happen simply because the application requires files to be writable by the web server and some one finds a vulnerability that allows them to run commands like wget, lwp-download, lynx,links, bash, etc., each of which can/is used to just wax any file the web server can write too.