Icy Phoenix

Old Support Topics - Hacking From Www.turkhackgrup.com

babbman [ Wed 20 Feb, 2008 16:57 ]
Post subject: Hacking From Www.turkhackgrup.com

Using version 1.1.10.25

My Icy Phoenix board was hacked this morning from the jerks at turkhackgrup.com. Is there a security problem with this version that allows these pieces of sh** to get in and replace files at will? Is there something I am missing in a configuration somewhere? Any help to eliminate this from happening again would be appreciated. Thanks!

CTracker saw nothing but there was an entry from their web site recorded in the http referrers list.

I was left with a 0 byte file in the root of the forum called zehir4.asp as well as the entire index.php file that was replaced with:

Spoiler: [ Show ]

Code: [Hide] [Select]

<html>

<head><!--hacked by turkhackgrup.com-->

<meta http-equiv="Content-Language" content="tr">

<meta name="Deface" content="Microsoft FrontPage 6.0">

<meta name="ProgId" content="FrontPage.Editor.Document">

<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">

<title>HACKED BY ULUS </title>

</head><body text="#808080" bgcolor="#000000" background="http://img284.imageshack.us/img284/9959/arkaplansl0.jpg">

<head>

<title>HACKED BY ULUS</title>

<body text="#CC0000" bgcolor="white">

<p><noembed>-</noembed></p>

<div align="center">

  <img src="http://www.turkhackgrup.com/thg.jpg" width="200" height="251">

  <p><font color="#FFFFFF" size="5" face="Arial Black">    HACKED BY ULUS & www.TURKHACKGRUP.com</font></p>

<p><font color="#FFFFFF" size="5" face="Arial Black">HARİTA ÖYLE DEGİL BÖYLE ÇİZİLİR !</font></p>

  <p>

  <p><img border="0" src="http://www.turkhackgrup.com/harita.jpg" width="640" height="266"></p>

<div align="center">

  <img src="http://www.turkhackgrup.com/ataturk.jpg" width="350" height="494">

<P><b><font color="white" size="7" face="Georgia">

Ben Bir TÜRKÜM

!...</font></b></P>

<P align=left><b><font color="white" size="4" face="Georgia">

Ben;  </font></b></P>

<P align=left><b><font color="white" size="4" face="Georgia">

Orta Asya'dan Türeyen, 

Anadolu'da Büyüyen, 

Avrupa İçlerine Yürüyen TÜRK'üm !

</font></b></P>

<P align=left><b><font color="white" size="4" face="Georgia">

Ben;  </font></b></P>

<P align=left><b><font color="white" size="4" face="Georgia">

Dağlarda Gemi Gezdiren, 

Taşlara Destanlar Kazdıran, 

Tarihi Baştan Yazdıran, TÜRK'üm !

</font></b></P>

<P align=left><b><font color="white" size="4" face="Georgia">

Ben; </font></b></P>

<P align=left><b><font color="white" size="4" face="Georgia">

Adalete, Ben Mertliğe Örnekler Veren, 

Ölüm - Kalım Savaşına Gülerek Giden, 

Yeryüzünde Her Murada Eren TÜRK'üm !

</font></b></P>

<P align=left><b><font color="white" size="4" face="Georgia">

Ben;  </font></b></P>

<P align=left><b><font color="white" size="4" face="Georgia">

Sancaklara, Tuğlara Baş Eğdiren, 

Beylere, Paşalara Hil'at Giydiren, 

Kılıcını Üç Kıt'ada Gezdiren TÜRK'üm !

</font></b></P>

<P align=left><b><font color="white" size="4" face="Georgia">

Ben;  </font></b></P>

<P align=left><b><font color="white" size="4" face="Georgia">

Atilla'yı, Yavuz'u, Fatih'i Var Eden, 

Kralları, İmparatorları Kendisine Yar Eden, 

Düşmanına Dünyasını Dar Eden TÜRK'üm !

</font></b></P>

<P align=left><b><font color="white" size="4" face="Georgia">

Ben;  </font></b></P>

<P align=left><b><font color="white" size="4" face="Georgia">

Şahları, Sultanları Kul Edinen, 

Altınları, Elmasları Pul Edinen, 

İncili Kaftanları Çul Edinen TÜRK'üm !

</font></b></P>

<P align=left><b><font color="white" size="4" face="Georgia">

Ben;</font></b></P>

<P align=left><b><font color="white" size="4" face="Georgia">

&nbsp;Zafer Rüyasını Görenlere Saç Yolduran, 

Hezimete Uğratıp, Ümitleri Solduran, 

Müzelerde Baş köşeleri Dolduran TÜRK'üm !

</font></b></P>

<P align=left><b><font color="white" size="4" face="Georgia">

Ben;  </font></b></P>

<P align=left><b><font color="white" size="4" face="Georgia">

Damarlarında Asil Kanın Aktığı Irkım, 

Benden Bahseder Destanım, Ağıtım, TÜRK'üm, 

Ben TÜRK'üm, Taa İliklerime Kadar </font></b></P>

<P><b><font color="white" size="7" face="Georgia">

MUSTAFA KEMAL&nbsp; ATATÜRK</font><font color="white" size="5" face="Georgia">'üm 

!..&nbsp; </font></b></P>

<P align=left><b><font color="white" size="5" face="Georgia">

Ya Siz Kimsiniz ? </font></b></P>

<div align="center">

  &nbsp;<p><b><font color="#FFFFFF">DERT SOFRASINDAN BAL YEDİK, CAN VERDİK ASLA BOYUN 

  EGMEDİK</font></b></p>

  <p><font color="#FFFFFF" size="6"><b>YÜCE TÜRK MİLLETİ ADINA BU SİTE TÜRK 

  TOPRAKLARINA KATILMIŞTIR</b></font></p>

  <p><font color="#FFFFFF" size="6"><b>AZİZ ŞEHİTLERİMİZE ve ONLARI BÜYÜTÜP BU 

  VATAN UGRUNA&nbsp; ŞEHİT VEREN ANNE'LERİMİZE </b></font></p>

  <p><font color="#FFFFFF" size="6"><b>ARMAGAN OLSUN</b></font></p>

  <p><font size="6" color="#FFFFFF"><b>HACKED BY ULUS </b></font></p>

  <p><font size="6" color="#FFFFFF"><b> | GHOST | Taksim | Hidden_Danger | NAMELESS |Scarface | SAMSUN | ByLazori | GraveR | ulus | SOUTHACK | ELNUR7 |</b></font></p>

  <p><b><font color="red" size="4" face="Georgia">One Turk .. Against The World .. !!..</font></b></p>

<bgsound src="http://www.flamencolife.net/10yilmarsi4.mp3" loop="2">

  <br>

    </font>

</div>

</html></td></tr></table></div>

Limun [ Wed 20 Feb, 2008 18:50 ]
Post subject: Re: Hacking From Www.turkhackgrup.com

OMG

...
i m sorry

that this happend

xmenfile [ Wed 20 Feb, 2008 22:25 ]
Post subject: Re: Hacking From Www.turkhackgrup.com

OMG. I hope you have your backup.

Mighty Gorgon [ Sun 24 Feb, 2008 20:24 ]
Post subject: Re: Hacking From Www.turkhackgrup.com

Did you apply all patches I have posted for that version?

Can you provide me a server log with all your HTTP requests in a time range around the time your site has been hacked please?

novice programmer [ Mon 25 Feb, 2008 16:05 ]
Post subject: Re: Hacking From Www.turkhackgrup.com

as the first lines of the HTML script shows, it appears to had defaced with the microsoft frompage. Ask your hosting prvider to disable he frontpage extensions.

babbman [ Mon 25 Feb, 2008 16:14 ]
Post subject: Re: Hacking From Www.turkhackgrup.com

I had a backup so things are back to normal there.

Frontpage extensions are not installed on my website host...

I'm in CA for a kite party and will send the logs when I get home...

On the patches, I thought I had them all... what's the latest patch for my version?

Thanks everyone..

Mighty Gorgon [ Tue 26 Feb, 2008 00:13 ]
Post subject: Re: Hacking From Www.turkhackgrup.com

babbman wrote: [View Post]
I had a backup so things are back to normal there.

Frontpage extensions are not installed on my website host...

I'm in CA for a kite party and will send the logs when I get home...

On the patches, I thought I had them all... what's the latest patch for my version?

Thanks everyone..

There should be a patch in the first post of the RC3 release.

I'll wait for the logs.

Enjoy your KITE.

babbman [ Tue 26 Feb, 2008 19:35 ]
Post subject: Re: Hacking From Www.turkhackgrup.com

Mighty Gorgon wrote: [View Post]

Enjoy your KITE.

Thanks... I'll get the patch in..

BTW...

here's the type of kite's we party with...

YouTube Link

babbman [ Sun 02 Mar, 2008 04:45 ]
Post subject: Re: Hacking From Www.turkhackgrup.com

Here's the referrers log from that point in time

140 www.google.com http://www.google.com/search?hl=en&q=back2thewind 1 20 Feb 2008 14:42 20 Feb 2008 14:42
--> 141 www.turkhackgrup.com http://www.turkhackgrup.com/index.php?PHPSESSID=62... 1 20 Feb 2008 10:05 20 Feb 2008 10:05
142 www.google.com http://www.google.com/search?q=grand+haven+images&... 1 20 Feb 2008 02:38 20 Feb 2008 02:38
143 www.google.com http://www.google.com/search?hl=en&q=Illinois+Kite... 1 20 Feb 2008 02:00 20 Feb 2008 02:00
144 www.google.com http://www.google.com/search?hl=en&q=straight+stit... 1 19 Feb 2008 22:39 19 Feb 2008 22:39

here's the most recent visit from these jerks:

17 www.turkhackgrup.com http://www.turkhackgrup.com/index.php?topic=8467.0 6 20 Feb 2008 11:45 Yesterday at 11:55

The link above takes you to a posting on their forum where I suppose they are bragging about the hack.

I was also informed today that there was a bunch of phishing code dumped into my Icy Phoenix installation. View the screen shot for the folder it was dumped into.

How in the hell did these idiots get into this section of the forum with enough access to put these files on my site?

Anything you can help me with is most appreciated..

Thanks,

C

Mighty Gorgon [ Sun 02 Mar, 2008 13:27 ]
Post subject: Re: Hacking From Www.turkhackgrup.com

I should need the HTTP REQUESTS LOGS, because the REFERRERS LOG doen't contain any useful information about the hacking technique used.

Do you have HTTP REQUESTS LOGS?

babbman [ Sun 02 Mar, 2008 14:35 ]
Post subject: Re: Hacking From Www.turkhackgrup.com

Mighty Gorgon wrote: [View Post]
I should need the HTTP REQUESTS LOGS, because the REFERRERS LOG doen't contain any useful information about the hacking technique used.

Do you have HTTP REQUESTS LOGS?

Unfortunately, it doesn't seem like I can get them from my provider... I can turn logs on but that's pretty useless unless I know when they are going to attempt to get in and screw with me.

Any other suggestions or ideas you can provide?

Here's one other piece of information that concerns me. If I go into CrackerTracker Maintenance and System Check, I am getting a few 'Caution' labels:

PHP Version (Visit Website) 4.3.11 4.4.8 CAUTION
» PHP SAFE MODE OFF ON CAUTION
» PHP GLOBALS OFF OFF SAFE
phpBB Version (Visit Website) 2.0.22 2.0.23 CAUTION
» Visual Confirmation ON ON SAFE
» Account Activation OFF ON CAUTION
CBACK CrackerTracker (Visit Website) 5.0.4 5.0.6 CAUTION

Any of this that could open a hole for these jerks to get into?

Thanks...

novice programmer [ Sun 02 Mar, 2008 22:47 ]
Post subject: Re: Hacking From Www.turkhackgrup.com

Try to make a backup of db and all files in case MG needs them...

babbman [ Mon 03 Mar, 2008 00:51 ]
Post subject: Re: Hacking From Www.turkhackgrup.com

novice programmer wrote: [View Post]
Try to make a backup of db and all files in case MG needs them...

I have backups of everything...

Mighty Gorgon [ Tue 04 Mar, 2008 02:07 ]
Post subject: Re: Hacking From Www.turkhackgrup.com

Please upload your site with new release as soon as possible.