Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?


Login with username, password and session length
February 04, 2012, 05:49:34 AM

Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: NobodyCoder Problems  (Read 5006 times)
Mitch
Berserker Poster
*****
Offline Offline

Posts: 12838


WWW
« on: August 17, 2009, 09:45:15 AM »
Hello everybody, it looks like several people have reported having their web page replaced or code injected from somebody claiming to be NobodyCoder.  Doing my research, it looks like this person did this to a lot of web sites back in June - including the Oregon University web site - and looks to be back at it.

What Does it Look Like?

Here is an example of what you might see:

Quote
From IRAN

NobodyCoder@mail.ru

Hey Stupid Fly Catcher Obama! Stop talking about Iran and telling to your dogs (UK, France, Germany) to talk about Iran and Iran Election. Keep working on your own country and try to solve economic crisis in your hungry country! Iran's election doesn't have problem and Moosavi with his tiny brain will be in jail in near future, so don't pay your time and money for him and for his fans. 80% of Iranian people hate Moosavi nowadays... We never cheated in elections and even Moosavi knows that. So it's time to finish this kind of activities and it's better each country work on its own business.

Is This a Lunarpages Only Problem?

No, it would appear this person, NobodyCoder, is attacking a great number of web hosts and web sites from all around the Web.  I just want to make sure we stay pro-active with anybody who might have gotten this hack here so we can get them back on the right track faster.

What do You Recommend?

Run a combination of an installed anti-virus program, an anti-spyware or anti-malware program and an online anti-virus program on your PC.  We have several free suggestions for these listed here:


Change your password, change your password, change your password!  Next, change your hosting account password, and the passwords for any scripts you have installed (such as WordPress or Joomla) for any account that has "admin" access.  You should avoid using dictionary words, don't use personal information, and avoid common sequences.

Make sure your scripts you have installed are up to date!  Make sure every script you have installed on your hosting account is up to date.  Also, never leave an un-used script laying around on your hosting plan.  If you are no longer using a script, it should be removed.  Not doing so can leave you open to attack.

Solutions and Fixes?

So far, a lot of these have been taken care of by deleting/looking for the file(s) he has inserted into the public_html folder in your hosting account.  Check out default.*, home.*, index.*, main.*  (with the * representing various file extensions, such as .htm, .html, .php, .asp, etc).

As I get more information, or find it online I'll be sure to update this post here...
« Last Edit: August 17, 2009, 11:44:14 AM by Mitch » Logged
New to Web Site Hosting? Check Out the Lunarpages Blog Hosting Guide!

Follow us @lunarpages on Twitter!
Important Threads: Read This Before Posting! | Lunarforums Rules! | Mitch's Link of the Day!
Also, be sure to check out and subscribe to the Lunartics Blog and the Lunarpages Newsletter !

Need Web Hosting Help? Check out the Lunarpages Web Hosting Wiki. It has tons of tips, tutorials and resources!
Edward Collin
Newbie
*
Offline Offline

Posts: 2



WWW
« Reply #1 on: December 07, 2010, 01:57:28 AM »
No, I think he hacked the forum first, then somehow got the password to the WordPress database.
But I agree, he needs to be stopped, his IP has already been found, but he says he owns "several servers".
Btw, in the meantime, ban these IPs:
94.101.131.240
79.140.81.83
193.164.133.61
195.225.198.190
66.117.154.10
94.101.131.250
94.101.131.139
88.198.69.134
Logged
yorkie training
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to: