Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?



Login with username, password and session length
July 31, 2014, 03:32:35 AM

Pages: [1]   Go Down
  Print  
Author Topic: well i finally got hacked  (Read 9649 times)
durangod
Galactic Royalty
*****
Offline Offline

Posts: 202


« on: June 24, 2010, 09:53:16 PM »

not very happy at the moment i thought i had all the security setting just right, and i got hacked tonight.  i have a service ticket in and i managed to get a static page up to explain we are down but they really got me good, seems that they used some sort of forcing technique to upload some files, im getting it restored but not sure how long admin from exploited accounts will take to do that..

i dont think they got to the db or any customer info, and it really upsets that with all the security that lp offers us on their servers and all the settings i had, they still got me.. i certainly dont trust any of my site files at the moment..

i asked them to investigate so maybe i can file a report with the US Attorney General Cyber Crime Unit...  well whoever did it better hope i never find them...
Logged
katrina1
Guest
« Reply #1 on: June 25, 2010, 12:21:44 AM »

Very sorry to hear that. Some people have nothing better to do than hurt others. Know how you feel. Have you seen http://wiki.lunarpages.com/General_Web_Site_Security_Tips or our other wiki articles under the Misc section for specific security tips for Joomla, Oscommerce, and Wordpress?
Logged
durangod
Galactic Royalty
*****
Offline Offline

Posts: 202


« Reply #2 on: June 25, 2010, 05:06:37 AM »

thanks katrina1 no i have not but im looking now i appreciate that,   i have noticed for the last week or so that my error log showed a ton of hits for file does not exist for a directory and strange file names that never existed on my site, do i dont know if some one was running a script on the site looking for vulnerabilities or what...

honestly i dont even know how anyone does this kind of thing, i mean tech wize, they obviously didnt get my pw or anything because all they did was upload a crap load of junk files and overwrote my other ones so i have to  replace the whole site as i dont trust any of the files now..   but i dont know how anyone tech is able to upload files without loggin in...    is it something that they hit lp server and im just an innocent bystander or is this something specifially entended for me....     and i know its not a good idea to talk about how on here, im just venting...  i appreciate it....

my immediate concern is that it has been 8 hours now and no reply from tech support, not even a hello, all they did was xfer the ticket to a dif dept but never even commented, and i have customers waiting....

so i dont know if i should wait for them to restore or just upload a the files i have and start again... 
« Last Edit: June 25, 2010, 05:13:35 AM by durangod » Logged
katrina1
Guest
« Reply #3 on: June 25, 2010, 05:22:38 AM »

The servers are pretty well protected and watched 24/7 but we can't protect against vulnerabilities in files uploaded by users to their accounts. Hackers use injection quite a bit to get in. It sounds like they were scanning for vulnerabilities. I see that stuff in my own access logs all the time. Best you can do is keep all scripts up to the latest versions, delete scripts you aren't using, and apply all the security tips you can find. And of course, BACKUP,BACKUP,BACKUP!

Do you have the 7 digit ticket number so we can check on it?
Logged
durangod
Galactic Royalty
*****
Offline Offline

Posts: 202


« Reply #4 on: June 25, 2010, 05:25:08 AM »

Ticket #1914535    thanks
Logged
durangod
Galactic Royalty
*****
Offline Offline

Posts: 202


« Reply #5 on: June 25, 2010, 06:12:41 AM »

well turns out i had done this to myself just fyi, i got a portion of a script online to use as one of my features and it turns out even though i used a portion of it, that portion  was a listening script so its my own fault...  im going to scrap my whole project and start from scratch and build my own top to bottom and make sure everything in there i do myself...  here i thought i was done after three months with this huge project and as it turns out its just the beginning  Crying or Very sad live and learn i guess to do stuff yourself no matter how long it takes...

i used a section of this script ,, if you download this script be warned it has severe vulnerability issues with it, at least the version online at the moment does..
www.Elitius.com affiliate program

one thing is for sure, when i get my own project done it will be slick, neat, feature packed and perfect.... i will put my name on it and so i has to be perfect....  
« Last Edit: June 25, 2010, 01:39:23 PM by durangod » Logged
durangod
Galactic Royalty
*****
Offline Offline

Posts: 202


« Reply #6 on: June 25, 2010, 09:52:37 AM »

sorry i forgot to mention above that i really appreciate your help....   peace and bless you...
Logged
Pete
Alien Anomaly
Senior Moderator
Professor in Nanotechnology
*****
Offline Offline

Posts: 4246



WWW
« Reply #7 on: June 25, 2010, 10:04:22 AM »

Hi durangod.  Pete waves



Is it possible your running on an old version of that software ?

Might be worth reading this article.....

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1506
Logged

x-visions.com


As I'm always saying.. (But nobody listens)
"Take a step back.. Take a deep breath and see if there a simple solution there, thats hiding" lol  Very HappyLunarpages Web Hosting   Lunarpages Forums  Lunarpages Affiliate Program
durangod
Galactic Royalty
*****
Offline Offline

Posts: 202


« Reply #8 on: June 25, 2010, 10:56:29 AM »

thanks for that, i worked really hard on taking something that was pretty much abandoned and turning it into something that was really great and had a ton of features....   

that is a very interesting article, and it does explain the issue, there is no other version that i know of, it appears to me that they have pretty much abondonded the forum on their site and the software itself, im not even really sure why they even keep the site up, there is no indication anywhere other than the current footer that they are even still upgrading the software at all that i have seen or found...

i really hate to start from scratch and im torn between two feelings, one is that im not sure i can trust this totally because of the data sanitasion issue, but yet i have come so far i dont want to start over...

i suppose the bottom line and the one question i should ask... can i put my name on what i offer and sleep at night...

i thought i could with this but now i really get the since that the only way for me to sleep and night is to put in the hard work and hours and do it myself, at least that way i know its pure inside and out....  i must admit im pretty deflated at the moment but im not gonna give up, one way or the other i will get this done and be proud to put my durangodaves company logo on it.

thanks pete and i wave back   Hiya
Logged
durangod
Galactic Royalty
*****
Offline Offline

Posts: 202


« Reply #9 on: June 26, 2010, 03:31:26 AM »

ok now that im back up i can focus on moving foward....  gonna do some googling for sql sanitation and do some reading it might be if i filter the sql then at least that vulnerability will be taken care of.... in the event i dont find anything, can anyone point me in the right direction because i was not aware that sql sanitation was a external script issue, i just assumed that mysql sanitized its own sql internally when processed...

 here i got again assumming LOL i gotta quit doing that right!!   Doh

ahhhh i see noone on here has ever discussed sanitation,,,,, could be time to start a sanitation thread...

ill do that ....  hope you dont mind i just think the subject is important enough that it  calls for its own title...

please reply to that new thread thanks...
« Last Edit: June 26, 2010, 03:44:33 AM by durangod » Logged
seoinheritx
Spaceship Captain
*****
Offline Offline

Posts: 108


WWW
« Reply #10 on: December 20, 2011, 02:29:13 AM »

Yes, I also passing these kind of situation in the past ,so can u give me proper solution ?
--------------

iPhone Website Development | Hire iPhone App Developer
 
Logged

merge
Newbie
*
Offline Offline

Posts: 1


« Reply #11 on: March 04, 2012, 09:02:45 PM »

i am really disappointed as my sites were wiped off from home directory. lucky i had a backup and reinstalled it and yet again next day it gets wiped off... and now on top of it server is down...  i see on my network status power down ... and this is happening for last 2 days.. .How can we manage a business like this... 
Logged
Pete
Alien Anomaly
Senior Moderator
Professor in Nanotechnology
*****
Offline Offline

Posts: 4246



WWW
« Reply #12 on: March 07, 2012, 08:54:41 AM »

Hi Merge. Pete waves

to the Lunarforums   Welcome

Nobody can really help you in an already created thread from 2 years ago.

Suggest you contact lunarpages support with details of your account so they can check things out.
Assuming youve already done things like check your computer for anything virus or trojan ilke lurking, changed your login password etc
Logged

x-visions.com


As I'm always saying.. (But nobody listens)
"Take a step back.. Take a deep breath and see if there a simple solution there, thats hiding" lol  Very HappyLunarpages Web Hosting   Lunarpages Forums  Lunarpages Affiliate Program
Tailgunner
Newbie
*
Offline Offline

Posts: 1


« Reply #13 on: March 26, 2012, 03:09:10 AM »

I was hacked twice, a month apart, after years of being ignored by the world - I had recently installed Wordpress. I've removed WP and I'm educating myself on security. While there's lots of themes, scripts, and other support out there for widely used packages, it also makes for a large attack vector. I was so innocent ...

Appreciate everyone's comments, very helpful.
Logged
Pages: [1]   Go Up
  Print  
 
Jump to: