Hacked!


#1

Some Algerian n0ob hacker just "hacked" my website. Dunno how it really happened but the only thing the incompetent n0ob did was to replace the index.php file with index.mht file. S/he is probably just some random script kiddie.

Even if the hacker had deleted all the files, I could have easily restored it all from backups.

The MHT file didn't even display in the Ffx window. Instead, I got a standard error about contacting the site owner - some 4xx error page which I remember making a couple years back. Anyway, an image of the hacked website as it should had appeared but didn't: :rolleyes:

hackedex2.jpg

The Pakistani flag is clearly displayed on my website. I don't know what relation I or my site has to the US or Israel.

I just restored the deleted file and saved the raw access logs. Will go through the logs tomorrow to see if something useful catches my eye. I am just too tired right now to care too much about it... *yawns*

However, this has definitely eroded my trust in Nucleus CMS. I might shift to some other blogging software if I can put aside the time required to transition to the new software.


#2

[quote=", post:, topic:"]

However, this has definitely eroded my trust in Nucleus CMS. I might shift to some other blogging software if I can put aside the time required to transition to the new software.
[/quote]

why dont u try joomla or mambo they are also pretty good CMS’s


#3

I don't understand the hacker mentality. Why go to all that trouble to deface a website, especially a small blog. You could put all that effort into doing something constructive! Maybe even come up with the next big thing!


#4

You dont use wordpress???


#5

Its the satisifaction one gets from being able to 0wn someone

[quote=", post:, topic:"]
I don't understand the hacker mentality. Why go to all that trouble to deface a website, especially a small blog. You could put all that effort into doing something constructive! Maybe even come up with the next big thing!
[/quote]

#6

Was that a latest version? Access logs might reveal something. You need to be worried if it wasn't a CMS software exploit.


#7

ofcouse only noob hackers go after lowprofile sites... wht else did u expect :P silverlords.. geforce ? FBh or even Ndsa :P

@sah its mainly about braging rites and stats... script kiddies at the end of the day have only the no of sites they have hacked to show.. they dont even spare geopages and guestbooks... if u were to look at zone-h.org ur likely to find asad's website mirrored by this script kiddie and u might also find some other sites he has defaced.. much different from the elite groups who only go afer .gov or high profile sites such as sony.com , hp.com etc

ps ur not going to find anything in the logs.. even if u do it wont do u any good.. and u might want to fix it now or ur going to see ur site getin defaced again and again over the course of next few months:$


#8

[quote=", post:, topic:"]

Some Algerian n0ob hacker just “hacked” my website. Dunno how it really happened but the only thing the incompetent n0ob did was to replace the index.php file with index.mht file. S/he is probably just some random script kiddie.

Even if the hacker had deleted all the files, I could have easily restored it all from backups.

The MHT file didn’t even display in the Ffx window. Instead, I got a standard error about contacting the site owner - some 4xx error page which I remember making a couple years back. Anyway, an image of the hacked website as it should had appeared but didn’t: :rolleyes:

http://img149.imageshack.us/img149/2461/hackedex2.jpg

The Pakistani flag is clearly displayed on my website. I don’t know what relation I or my site has to the US or Israel.

I just restored the deleted file and saved the raw access logs. Will go through the logs tomorrow to see if something useful catches my eye. I am just too tired right now to care too much about it… yawns

However, this has definitely eroded my trust in Nucleus CMS. I might shift to some other blogging software if I can put aside the time required to transition to the new software.

[/quote]

Oh its just because of mushy thats all… that lil bugger didn’t know that. cut him/her some slack will ya ? :D


#9

#10

[quote=", post:, topic:"]

You dont use wordpress???
[/quote]

When I started my blog a couple years back, Wordpress was very very average. Nucleus CMS was far better.


#11

[quote=", post:, topic:"]

I don’t understand the hacker mentality. Why go to all that trouble to deface a website, especially a small blog. You could put all that effort into doing something constructive! Maybe even come up with the next big thing!
[/quote]

Satisfaction + ego boosting + feeing of having power over something. <= Hallmark of script kiddies.


#12

[quote=", post:, topic:"]

Was that a latest version? Access logs might reveal something. You need to be worried if it wasn’t a CMS software exploit.
[/quote]

Yeah, latest version.

I haven’t had a chance to look at the logs. I might be off line for a couple days before I get some time to look at the stuff.


#13

[quote=", post:, topic:"]

if u were to look at zone-h.org ur likely to find asad’s website mirrored by this script kiddie and u might also find some other sites he has defaced.
[/quote]

Not there. That guy’s mht file didn’t even display properly. What was displayed was one of my customized 4xx pages.

It was heartening to see more attacks and successful defacements on Linux servers than on Windows based servers. :D

[quote=", post:, topic:"]
ps ur not going to find anything in the logs… even if u do it wont do u any good… and u might want to fix it now or ur going to see ur site getin defaced again and again over the course of next few months:$
[/quote]

I am not too worried. I do regular backups and it will be very easy to restore everything. in fact, it might just act as an impetus for me to move to some other software.


#14

[quote=", post:, topic:"]

Oh its just because of mushy thats all… that lil bugger didn’t know that. cut him/her some slack will ya ? :D
[/quote]

I doubt it, but hey, I still support Mush. The attack was unsuccessful if that was the intention. ;)


#15

Hacked again... Someone is really after the site... Losers.

Text:

[quote=", post:, topic:"]
تم الإختراق من طرف علي سعيداني

تم الإختراق بطلب من اخونا طارق من الجلفة

هذا الاختراق مهدى اليك يا أخي

[/quote]

Translated text:

[quote=", post:, topic:"]
Was the penetration by Ali Saeed

Penetration was the request of the brother of Tariq Djelfa

This breakthrough Mahdi you, my brother

[/quote]

#16

Wow, two times in a week! Someone's out to get you, Asad! :P

Was it through your CMS again? Could they have found an exploit and made your site a testing ground?


#17

I think it might be due to some plug-in. Again, it was only the replacement of the index.php file.


#18

its time to shift to wordpress or typepad


#19

Not yet... I like the current template/theme too much to shift to Wordpress. I like the Pakistani green theme.


#20

Hacked again!

asadasifcomqo1.th.png