Icy Phoenix

     
 


Post new topic  Reply to topic 
Page 1 of 1
 
 
Reply with quote Download Post 
Post Hacking From Www.turkhackgrup.com 
 
Using version 1.1.10.25

My Icy Phoenix board was hacked this morning from the jerks at turkhackgrup.com. Is there a security problem with this version that allows these pieces of sh** to get in and replace files at will? Is there something I am missing in a configuration somewhere? Any help to eliminate this from happening again would be appreciated. Thanks!

CTracker saw nothing but there was an entry from their web site recorded in the http referrers list.

I was left with a 0 byte file in the root of the forum called zehir4.asp as well as the entire index.php file that was replaced with:

Spoiler: [ Show ]

 



 
Edited by KasLimon, Wed 20 Feb, 2008 21:16: Place big codes in spoiler please
babbmanSend private message  
Back to topPage bottom
Icy Phoenix is an open source project, you can show your appreciation and support future development by donating to the project.

Support us
 
Reply with quote Download Post 
Post Re: Hacking From Www.turkhackgrup.com 
 
OMG    ...
i m sorry    that this happend
 




____________
We are the phpBBorg. Lower your Crackers. Your phpological and forumological distinctivness will be added to our own. Resistance if futile!
 
LimunSend private messageVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Hacking From Www.turkhackgrup.com 
 
OMG.  I hope you have your backup.
 



 
xmenfileSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Hacking From Www.turkhackgrup.com 
 
Did you apply all patches I have posted for that version?

Can you provide me a server log with all your HTTP requests in a time range around the time your site has been hacked please?
 




____________
Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
 
Mighty GorgonSend private messageSend e-mail to userVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Hacking From Www.turkhackgrup.com 
 
as the first lines of the HTML script shows, it appears to had defaced with the microsoft frompage. Ask your hosting prvider to disable he frontpage extensions.
 



 
novice programmerSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Hacking From Www.turkhackgrup.com 
 
I had a backup so things are back to normal there.

Frontpage extensions are not installed on my website host...

I'm in CA for a kite party and will send the logs when I get home...

On the patches, I thought I had them all... what's the latest patch for my version?

Thanks everyone..
 



 
babbmanSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Hacking From Www.turkhackgrup.com 
 
babbman wrote: [View Post]
I had a backup so things are back to normal there.

Frontpage extensions are not installed on my website host...

I'm in CA for a kite party and will send the logs when I get home...

On the patches, I thought I had them all... what's the latest patch for my version?

Thanks everyone..

There should be a patch in the first post of the RC3 release.

I'll wait for the logs.

Enjoy your KITE.
 




____________
Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
 
Mighty GorgonSend private messageSend e-mail to userVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Hacking From Www.turkhackgrup.com 
 
Mighty Gorgon wrote: [View Post]

Enjoy your KITE.


Thanks... I'll get the patch in..

BTW...

here's the type of kite's we party with...


YouTube Link

 



 
babbmanSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Hacking From Www.turkhackgrup.com 
 
Here's the referrers log from that point in time


140     www.google.com     http://www.google.com/search?hl=en&q=back2thewind     1     20 Feb 2008 14:42     20 Feb 2008 14:42
--> 141     www.turkhackgrup.com     http://www.turkhackgrup.com/index.php?PHPSESSID=62...     1     20 Feb 2008 10:05     20 Feb 2008 10:05
142     www.google.com     http://www.google.com/search?q=grand+haven+images&...     1     20 Feb 2008 02:38     20 Feb 2008 02:38
143     www.google.com     http://www.google.com/search?hl=en&q=Illinois+Kite...     1     20 Feb 2008 02:00     20 Feb 2008 02:00
144     www.google.com     http://www.google.com/search?hl=en&q=straight+stit...     1     19 Feb 2008 22:39     19 Feb 2008 22:39



here's the most recent visit from these jerks:

17      www.turkhackgrup.com      http://www.turkhackgrup.com/index.php?topic=8467.0      6      20 Feb 2008 11:45      Yesterday at 11:55


The link above takes you to a posting on their forum where I suppose they are bragging about the hack.

I was also informed today that there was a bunch of phishing code dumped into my Icy Phoenix installation. View the screen shot for the folder it was dumped into.

How in the hell did these idiots get into this section of the forum with enough access to put these files on my site?

Anything you can help me with is most appreciated..

Thanks,

C

20080301-IKECLUB.ORG.jpg
Description:  
Download
Filename: 20080301-IKECLUB.ORG.jpg
Filesize: 155.82 KB
Downloaded: 90 Time(s)

 



 
babbmanSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Hacking From Www.turkhackgrup.com 
 
I should need the HTTP REQUESTS LOGS, because the REFERRERS LOG doen't contain any useful information about the hacking technique used.

Do you have HTTP REQUESTS LOGS?
 




____________
Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
 
Mighty GorgonSend private messageSend e-mail to userVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Hacking From Www.turkhackgrup.com 
 
Mighty Gorgon wrote: [View Post]
I should need the HTTP REQUESTS LOGS, because the REFERRERS LOG doen't contain any useful information about the hacking technique used.

Do you have HTTP REQUESTS LOGS?



Unfortunately, it doesn't seem like I can get them from my provider... I can turn logs on but that's pretty useless unless I know when they are going to attempt to get in and screw with me.

Any other suggestions or ideas you can provide?

Here's one other piece of information that concerns me. If I go into CrackerTracker Maintenance and System Check, I am getting a few 'Caution' labels:

PHP Version (Visit Website)      4.3.11      4.4.8      CAUTION
» PHP SAFE MODE     OFF     ON     CAUTION
» PHP GLOBALS     OFF     OFF     SAFE
phpBB Version (Visit Website)     2.0.22     2.0.23     CAUTION
» Visual Confirmation     ON     ON     SAFE
» Account Activation     OFF     ON     CAUTION
CBACK CrackerTracker (Visit Website)     5.0.4     5.0.6     CAUTION

Any of this that could open a hole for these jerks to get into?

Thanks...
 



 
babbmanSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Hacking From Www.turkhackgrup.com 
 
Try to make a  backup of db and all files in case MG needs them...
 



 
novice programmerSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Hacking From Www.turkhackgrup.com 
 
novice programmer wrote: [View Post]
Try to make a  backup of db and all files in case MG needs them...


I have backups of everything...
 



 
babbmanSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Hacking From Www.turkhackgrup.com 
 
Please upload your site with new release as soon as possible.
 




____________
Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
 
Mighty GorgonSend private messageSend e-mail to userVisit poster's website  
Back to topPage bottom
Post new topic  Reply to topic  Page 1 of 1
 


Display posts from previous:    

HideWas this topic useful?

Link this topic
URL
BBCode
HTML




 
Permissions List
You cannot post new topics
You cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events


  

 

  cron