HACKED BY Mr.Sh3ll - GoFuckYourself.com

Barefootsies · 07-31-2009, 10:05 PM

hacked by Mr.Sh3ll (Kurdish Hacker)

d-null · 07-31-2009, 10:08 PM

sorry to hear

I've been having some shit to clean up due to spam/hackers recently too

they need to

SmokeyTheBear · 07-31-2009, 10:23 PM

i like how he explains ( kurdsh hacker ) lol

CYF · 07-31-2009, 10:47 PM

Googled it and he has a lot that are still hacked.

http://www.google.com/search?q=hacke...ient=firefox-a

Sorry dude, that sucks.

ladida · 08-01-2009, 01:21 AM

Mass deface from some recently released public exploit. He did not even visit your site.

katharos · 08-01-2009, 01:49 AM

sorry man but as ladida said worst is that its just a kids playing some games. solve the problem and its nothing to be affraid of anymore, those kids are lamers who can read and not hackers

CunningStunt · 08-01-2009, 02:52 AM

Have you been playing with wordpress sites again?

papill0n · 08-01-2009, 03:02 AM

yeah whats he exploiting ?

Klen · 08-01-2009, 04:04 AM

Maybe bind exploit ?

Twig · 08-01-2009, 06:58 AM

Quote:

Originally Posted by papill0n

yeah whats he exploiting ?

Yea, really.

fris · 08-01-2009, 07:05 AM

user error

Twig · 08-01-2009, 08:19 AM

I'd really like to know what it is you had hacked.

seeandsee · 08-01-2009, 08:27 AM

can somebody explain me, when somebody hack you, what they do so you cant get back your site for hours?

~Ray · 08-01-2009, 09:03 AM

this thread does not deliver

directfiesta · 08-01-2009, 09:11 AM

Quote:

Originally Posted by seeandsee

can somebody explain me, when somebody hack you, what they do so you cant get back your site for hours?

maybe a whole new OS has to be loaded on the server.
MySQL must be cleaned of all injections
Backups must be scan and clear of any shit
and so on ....

directfiesta · 08-01-2009, 09:17 AM

.. and one of the most famous turkish hacker/defacer : iskorpitx

Has ben interviewed on TV, has many Youtube videos ...

As to see the upcoming defacement, I am not putting the link, but look for :

Zone - H dot ORG

DVTimes · 08-01-2009, 09:27 AM

Hacked by Mr.Sh3ll

Kurdish hacker

10010010010010010010010010010010010010010010010010 01001001001001
00100100100100100100100100100100100100100100100100 10010010010010
01001001001001001001001001001001001001001001001001 00100100100100
10010010010010010010010010010010010010010010010010 01001001001001
00100100100100100100100100100100100100100100100100 10010010010010
01001001001001001001001001001001001001001001001001 00100100100100
10010010010010010010010010010010010010010010010010 01001001001001
00100100100100100100100100100100100100100100100100 10010010010010
01001001001001001001001001001001001001001001001001 00100100100100
10010010010010010010010010010010010010010010010010 01001001001001
00100100100100100100100100100100100100100100100100 10010010010010
01001001001001001001001001001001001001001001001001 00100100100100
10010010010010010010010010010010010010010010010010 01001001001001
00100100100100100100100100100100100100100100100100 10010010010010
01001001001001001001001001001001001001001001001001 00100100100100
10010010010010010010010010010010010010010010010010 01001001001001
00100100100100100100100100100100100100100100100100 10010010010010
01001001001001001001001001001001001001001001001001 00100100100100
10010010010010010010010010010010010010010010010010 01001001001001
00100100100100100100100100100100100100100100100100 10010010010010
01001001001001001001001001001001001001001001001001 00100100100100
10010010010010010010010010010010010010010010010010 01001001001001
00100100100100100100100100100100100100100100100100 10010010010010
01001001001001001001001001001001001001001001001001 00100100100100
10010010010010010010010010010010010010010010010010 01001001001001
00100100100100100100100100100100100100100100100100 10010010010010
01001001001001001001001001001001001001001001001001 00100100100100

Mr.Sh3ll Is My Name And The Hacking Is My Game

[email protected]

peeperpimp · 08-01-2009, 09:38 AM

Sorry to hear you got hacked.

Barefootsies · 08-01-2009, 10:01 AM

In this particular case, apparently he just hacks into the site and swaps out the index file. So he is a nice hacker.

My client about shit his pants when this happened, and he apparently does not wanna pay for a back up service for his server. Luckily in this case it was not a complete site reinstall, or anything like that. Just a simple fix to get resolved.

Yeah, I ran the search as well. Seems he has hacked quite a few places. Almost like he's keeping score.

cybermike · 08-01-2009, 10:12 AM

well like the guy said.. hacking is his game

Twig · 08-01-2009, 10:35 AM

Quote:

Originally Posted by Barefootsies

In this particular case, apparently he just hacks into the site and swaps out the index file. So he is a nice hacker.

My client about shit his pants when this happened, and he apparently does not wanna pay for a back up service for his server. Luckily in this case it was not a complete site reinstall, or anything like that. Just a simple fix to get resolved.

Yeah, I ran the search as well. Seems he has hacked quite a few places. Almost like he's keeping score.

Was it hacked via the software being used on the site(wordpress,joomla,whatever) and if so what was it the client was using?

V_RocKs · 08-01-2009, 10:42 AM

Ruining it for all other hackers...

Barefootsies · 08-01-2009, 10:43 AM

Quote:

Originally Posted by Twig

Was it hacked via the software being used on the site(wordpress,joomla,whatever) and if so what was it the client was using?

That I do not know, and it has not been figured out yet. The host is supposedly running some kinda trace program to see what information they can find out.

My best guess based on the information provided is,.... the server was compromised either by my client, or one of the sites he is hosting for other people. He apparently is selling off some of his additional space, like a hosting company, and hosting his pard's.

So it could be an the client, or my guess is, one of his pard's could have compromised the server somehow. Either way, glad it was just an index swap.

I told him he either needs to pay for the back up, or RAID, or something to back shit up, and obviously do something else about passwords, and being easily compromised moving forward.

In the end, it could have been a lot worse for him and his pals on the server then it turned out to be.

fris · 08-01-2009, 11:13 AM

at least he only swapped out the index.html, some will remove everything

Klen · 08-01-2009, 11:16 AM

It was probably apache bug.

tony286 · 08-01-2009, 11:53 AM

clonebox is great and seamless

TidalWave · 08-01-2009, 12:14 PM

RAID will not help him if he gets hacked, RAID is not backups!!!

directfiesta · 08-01-2009, 12:24 PM

Quote:

Originally Posted by TidalWave

RAID will not help him if he gets hacked, RAID is not backups!!!

true ... and backup on 2nd drive will be good ONLY if unmounted after the backup is done.

I had that type of attack on a virtual box, and he wiped out all index.html as well as main.html and php to ( if my memory is right ).It wiped out also the backup drive.

The MAIN problem is that it also wiped out the Cpanel index files and deep into sub-folders.

A reinstall was required and most clients did not have their own backups ( naturally ... host fault ). Had to recreate the index files....

It came from a script that was nulled by a turkish group, installed by a client , and that had a huge backdoor to the server ( like giving root in ssh ). Those who know will recognize part of the names of the sripts : 57 and 99 with some letters before.

That is THE problem with virtual.

So, on topic , do your OWN backups, and save them to another server or locally.

directfiesta · 08-01-2009, 12:25 PM

Quote:

Originally Posted by KlenTelaris

It was probably apache bug.

nope.......

directfiesta · 08-01-2009, 12:37 PM

and sometimes, you are not hacked on the main page, but just in a folder ( script folder, content folder ) :

example : marksfoods.co.uk/ ( clean )
marksfoods.co.uk/recipes/pictures/ ( hacked )

CYF · 08-01-2009, 02:00 PM

Quote:

Originally Posted by KlenTelaris

Maybe bind exploit ?

the bind exploit is a denial of service.

ladida · 08-01-2009, 06:32 PM

Lol, so many people talking out of their ass in here it's too funny

"bind exploit" "apache bug" "OS reinstall after index.htm hijjack" "you are hacked in a folder" and shit like that are very funny

I hope noone pays you people for that

brassmonkey · 08-01-2009, 06:38 PM

damn thats fucked up i got a royal screw on 3 copies of at3 iframe hell

CYF · 08-01-2009, 06:46 PM

Quote:

Originally Posted by ladida

Lol, so many people talking out of their ass in here it's too funny

"bind exploit" "apache bug" "OS reinstall after index.htm hijjack" "you are hacked in a folder" and shit like that are very funny

I hope noone pays you people for that

Would you like me to post the bind DoS code? You want the perl or C version?

Reinstalling from a known good copy is pretty standard advice after being compromised. I assume you have a CISSP or some other qualifications to state "Mass deface from some recently released public exploit. He did not even visit your site. "

What recently released public exploit do you think this was?

CYF · 08-01-2009, 07:00 PM

Quote:

Originally Posted by ladida

Mass deface from some recently released public exploit. He did not even visit your site.

How do you hack a computer if you don't access it?

Mr. Billy · 08-01-2009, 07:05 PM

Man that's too bad. What a pain to have to deal with.

dav3 · 08-01-2009, 07:37 PM

that sucks man, hopefully you got it all cleaned up

07-31-2009, 10:05 PM	#1
Barefootsies Choice is an Illusion Industry Role: Join Date: Feb 2005 Location: Land of Obama Posts: 42,635	HACKED BY Mr.Sh3ll hacked by Mr.Sh3ll (Kurdish Hacker) __________________ Should You Email Your Members? Link1 \| Link2 \| Link3 Enough Said. "Would you rather live like a king for a year or like a prince forever?"

07-31-2009, 10:08 PM	#2
d-null . . . Industry Role: Join Date: Apr 2007 Location: NY Posts: 13,724	sorry to hear I've been having some shit to clean up due to spam/hackers recently too they need to __________________ __________________ Looking for a custom TUBE SCRIPT that supports massive traffic, load balancing, billing support, and h264 encoding? Hit up Konrad! Looking for designs for your websites or custom tubesite design? Hit up Zuzana Designs Check out the #1 WordPress SEO Plugin: CyberSEO Suite

07-31-2009, 10:23 PM	#3
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	i like how he explains ( kurdsh hacker ) lol __________________ hatisblack at yahoo.com

07-31-2009, 10:47 PM	#4
CYF Coupon Guru Industry Role: Join Date: Mar 2009 Location: Minneapolis Posts: 10,973	Googled it and he has a lot that are still hacked. http://www.google.com/search?q=hacke...ient=firefox-a Sorry dude, that sucks. __________________ Webmaster Coupons Coupons and discounts for hosting, domains, SSL Certs, and more! AmeriNOC Coupons \| Certified Hosting Coupons \| Hosting Coupons \| Domain Name Coupons

08-01-2009, 01:21 AM	#5
ladida Confirmed User Join Date: Nov 2005 Posts: 2,167	Mass deface from some recently released public exploit. He did not even visit your site. __________________ agentGFY at gmail.com

08-01-2009, 01:49 AM	#6
katharos So Fucking Banned Join Date: Nov 2005 Posts: 1,515	sorry man but as ladida said worst is that its just a kids playing some games. solve the problem and its nothing to be affraid of anymore, those kids are lamers who can read and not hackers

08-01-2009, 02:52 AM	#7
CunningStunt Confirmed User Industry Role: Join Date: Aug 2006 Posts: 5,594	Have you been playing with wordpress sites again?

08-01-2009, 03:02 AM	#8
papill0n Unregistered Abuser Industry Role: Join Date: Oct 2007 Posts: 15,547	yeah whats he exploiting ?

08-01-2009, 04:04 AM	#9
Klen Industry Role: Join Date: Aug 2006 Location: Little Vienna Posts: 32,235	Maybe bind exploit ?

08-01-2009, 07:05 AM	#11
fris Too lazy to set a custom title Industry Role: Join Date: Aug 2002 Posts: 55,359	user error __________________ Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence. WP Stuff

08-01-2009, 08:19 AM	#12
Twig Confirmed User Join Date: Nov 2005 Location: ICQ - 703894 Posts: 1,949	I'd really like to know what it is you had hacked. __________________

08-01-2009, 08:27 AM	#13
seeandsee Check SIG! Industry Role: Join Date: Mar 2006 Location: Europe (Skype: gojkoas) Posts: 50,945	can somebody explain me, when somebody hack you, what they do so you cant get back your site for hours? __________________ BUY MY SIG - 50$/Year Contact here

08-01-2009, 09:03 AM	#14
~Ray visit hardlinks.org Industry Role: Join Date: Jun 2003 Location: Las Vegas , Nv >>> [email protected] or icq 94994627 anytime Posts: 18,362	this thread does not deliver __________________ Adult Backlinks for Adult Websites - Testimonials Available

08-01-2009, 09:17 AM	#16
directfiesta Too lazy to set a custom title Industry Role: Join Date: Oct 2002 Location: Punta Cana, DR Posts: 29,591	.. and one of the most famous turkish hacker/defacer : iskorpitx Has ben interviewed on TV, has many Youtube videos ... As to see the upcoming defacement, I am not putting the link, but look for : Zone - H dot ORG __________________ I know that Asspimple is stoopid ... As he says, it is a FACT ! But I can't figure out how he can breathe or type , at the same time ....

08-01-2009, 09:27 AM	#17
DVTimes xxx Industry Role: Join Date: Jun 2003 Location: UK Posts: 31,544	Hacked by Mr.Sh3ll Kurdish hacker 10010010010010010010010010010010010010010010010010 01001001001001 00100100100100100100100100100100100100100100100100 10010010010010 01001001001001001001001001001001001001001001001001 00100100100100 10010010010010010010010010010010010010010010010010 01001001001001 00100100100100100100100100100100100100100100100100 10010010010010 01001001001001001001001001001001001001001001001001 00100100100100 10010010010010010010010010010010010010010010010010 01001001001001 00100100100100100100100100100100100100100100100100 10010010010010 01001001001001001001001001001001001001001001001001 00100100100100 10010010010010010010010010010010010010010010010010 01001001001001 00100100100100100100100100100100100100100100100100 10010010010010 01001001001001001001001001001001001001001001001001 00100100100100 10010010010010010010010010010010010010010010010010 01001001001001 00100100100100100100100100100100100100100100100100 10010010010010 01001001001001001001001001001001001001001001001001 00100100100100 10010010010010010010010010010010010010010010010010 01001001001001 00100100100100100100100100100100100100100100100100 10010010010010 01001001001001001001001001001001001001001001001001 00100100100100 10010010010010010010010010010010010010010010010010 01001001001001 00100100100100100100100100100100100100100100100100 10010010010010 01001001001001001001001001001001001001001001001001 00100100100100 10010010010010010010010010010010010010010010010010 01001001001001 00100100100100100100100100100100100100100100100100 10010010010010 01001001001001001001001001001001001001001001001001 00100100100100 10010010010010010010010010010010010010010010010010 01001001001001 00100100100100100100100100100100100100100100100100 10010010010010 01001001001001001001001001001001001001001001001001 00100100100100 Mr.Sh3ll Is My Name And The Hacking Is My Game [email protected] __________________ The Affiliate Program

08-01-2009, 09:38 AM	#18
peeperpimp Confirmed User Join Date: Aug 2006 Location: Pimpin On The NET!!! Posts: 5,105	Sorry to hear you got hacked. __________________ ICQ: 377517467 peeperpimp (at) yahoo (dot) com

08-01-2009, 10:01 AM	#19
Barefootsies Choice is an Illusion Industry Role: Join Date: Feb 2005 Location: Land of Obama Posts: 42,635	In this particular case, apparently he just hacks into the site and swaps out the index file. So he is a nice hacker. My client about shit his pants when this happened, and he apparently does not wanna pay for a back up service for his server. Luckily in this case it was not a complete site reinstall, or anything like that. Just a simple fix to get resolved. Yeah, I ran the search as well. Seems he has hacked quite a few places. Almost like he's keeping score. __________________ Should You Email Your Members? Link1 \| Link2 \| Link3 Enough Said. "Would you rather live like a king for a year or like a prince forever?"

08-01-2009, 10:12 AM	#20
cybermike Confirmed User Join Date: Jan 2002 Location: Ny Posts: 4,111	well like the guy said.. hacking is his game __________________ Hey surfers how about some The Best Porn Sites

08-01-2009, 10:42 AM	#22
V_RocKs Damn Right I Kiss Ass! Industry Role: Join Date: Dec 2003 Location: Cowtown, USA Posts: 32,409	Ruining it for all other hackers...

08-01-2009, 11:13 AM	#24
fris Too lazy to set a custom title Industry Role: Join Date: Aug 2002 Posts: 55,359	at least he only swapped out the index.html, some will remove everything __________________ Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence. WP Stuff

08-01-2009, 11:16 AM	#25
Klen Industry Role: Join Date: Aug 2006 Location: Little Vienna Posts: 32,235	It was probably apache bug.

08-01-2009, 11:53 AM	#26
tony286 lurker Industry Role: Join Date: Aug 2002 Location: atlanta Posts: 57,021	clonebox is great and seamless

08-01-2009, 12:14 PM	#27
TidalWave Confirmed User Industry Role: Join Date: Sep 2007 Location: Los Angeles Posts: 2,706	RAID will not help him if he gets hacked, RAID is not backups!!! __________________ www.SwiftNode.com

08-01-2009, 12:37 PM	#30
directfiesta Too lazy to set a custom title Industry Role: Join Date: Oct 2002 Location: Punta Cana, DR Posts: 29,591	and sometimes, you are not hacked on the main page, but just in a folder ( script folder, content folder ) : example : marksfoods.co.uk/ ( clean ) marksfoods.co.uk/recipes/pictures/ ( hacked ) __________________ I know that Asspimple is stoopid ... As he says, it is a FACT ! But I can't figure out how he can breathe or type , at the same time ....

08-01-2009, 06:32 PM	#32
ladida Confirmed User Join Date: Nov 2005 Posts: 2,167	Lol, so many people talking out of their ass in here it's too funny "bind exploit" "apache bug" "OS reinstall after index.htm hijjack" "you are hacked in a folder" and shit like that are very funny I hope noone pays you people for that __________________ agentGFY at gmail.com

08-01-2009, 06:38 PM	#33
brassmonkey Pay It Forward Industry Role: Join Date: Sep 2005 Location: Yo Mama House Posts: 77,156	damn thats fucked up i got a royal screw on 3 copies of at3 iframe hell __________________ TRUMP 2025 KEKAW!!! - The Laken Riley Act Is Law! DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com

08-01-2009, 07:05 PM	#36
Mr. Billy Confirmed User Join Date: Feb 2005 Posts: 467	Man that's too bad. What a pain to have to deal with.

08-01-2009, 07:37 PM	#37
dav3 Confirmed User Industry Role: Join Date: May 2007 Posts: 7,348	that sucks man, hopefully you got it all cleaned up __________________ Webmasters :: Juicy Ads :: ACWM :: Crak Revenue :: Money Tree