 Anyone Have Info On "spyhackerz.com"?, failed hacking attempt at my site by these guys |
|
|
|
|
  |
 Oct 27 2006, 07:23 PM
Post
#1
|
|
|
A clever man learns from his own mistakes, a WISE man learns from those of OTHERS  Group: [HOSTED] Posts: 1,028 Joined: 12-April 06 From: Essex, UK Member No.: 21,719  |
Hi all
I just checked my site, hosted here at trap17.com, and my guestbook was full of html code, when i checked the file used to store the content of the guestbook i notice the HTML was as follows QUOTE <html> <head> <meta http-equiv="Content-Language" content="tr"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1254"> <title>Hacked By Spyhackerz.com</title> </head> <body bgcolor="#000000"> <p align="center"><a href="http://www.spyhackerz.com"> <img border="0" src="http://rootingsabotage.sitemynet.com/sht.jpg" width="503" height="387"></a></p> <p align="center"><font face="Verdana"><b><font color="#FFFFFF"> <a href="http://www.spyhackerz.com"><font color="#FFFF00">www.spyhackerz.com</font></a></font><font color="#FFFF00"> </font></b></font></p> <p align="center"> <EMBED src=http://spyhackerz.com/music/index.mp3 width=20 height=15 autostart="true" loop="true"></p> <p align="center"> </p> </body> </html> So im just wondering if anyone has any info on these people. I recommend not going on the website incase they trace your IP etc....I haven't visited yet either, i might use Google to check them out but was hoping someone might know something? Thankfully it failed as scripts wont work in my guestbook  but id like to know who they are. It seems nothing else has been affected but ill keep checking things. Any info would be great 
|
 |
 
|
|
Oct 27 2006, 08:36 PM
Post
#2
|
|
|
Super Member Group: Members Posts: 204 Joined: 6-October 04 From: London, uk Member No.: 1,444 |
the website is like this
QUOTE spyhackerz.com This domain may be for sale by its owner! For technology try these sponsored results 
|
|
|
|
|
Oct 27 2006, 08:52 PM
Post
#3
|
|
|
A clever man learns from his own mistakes, a WISE man learns from those of OTHERS Group: [HOSTED] Posts: 1,028 Joined: 12-April 06 From: Essex, UK Member No.: 21,719 |
QUOTE(krap @ Oct 27 2006, 09:36 PM)  the website is like thisboring strange...im not too worried as nothing else seems to have been damaged, just wanted to know which script kiddie had a pop at my site! I notice a lot of other people have been hit by these guys too which is irritating. Why wont they put their knowledge to good use. |
|
|
|
|
Oct 27 2006, 09:32 PM
Post
#4
|
|
|
A computer once beat me at chess, but it was no match for me at kick boxing.  Group: [MODERATOR] Posts: 4,071 Joined: 24-July 05 From: Linix, DOS and Windows…the good, the bad and the ugly Member No.: 9,787  |
Yes, some script kiddies have been causing some grief around the 'net.
They appear to only be defacing index pages, so take a backup of your site, change passwords for your ftp and cpanel access, etc as pro-active security measures. Several other sites have been affected, none seriously, though. And it is way beyond this Domain. They are pretty busy little individuals. |
|
|
|
|
Oct 27 2006, 10:08 PM
Post
#5
|
|
|
Hidden Secrets can't be told threw just words. One must feel what the other feels to truely understand... Group: Members Posts: 1,522 Joined: 8-January 06 From: Sacramento California Member No.: 16,756 |
yeah, they hit mine
But they seem to be only targeting trap17 accounts from what ive heard/seen so yeah......... they also hit a friend of mines... lovely eh? anywho, they only got something on mine that anyone in the world could have done.. it is one of those scripts that are in the ACP of IPB for admin updates.... and i had a friend write this script because i wanted one like it, and they decided to paste their HTML for that page into the box and clicked save  no real damage to my site, nor my friends...lmao
|
|
|
|
|
Oct 27 2006, 10:16 PM
Post
#6
|
|
|
$p4m 0n j00 $h4m3 m3 0nc3 $p4m 0n m3 $h4m3 m3 7\/\/1c3 Group: [HOSTED] Posts: 6,560 Joined: 21-September 04 From: 9r33|\| 399$ 4|\|D 5P4/\/\ Member No.: 1,218  |
They also seem to know the scripts as well, or they can get to the directory somehow. The site is German but they seems to use a Turkish IP as once of it's back ups IP's.
|
|
|
|
|
Oct 28 2006, 09:54 AM
Post
#7
|
|
|
A clever man learns from his own mistakes, a WISE man learns from those of OTHERS Group: [HOSTED] Posts: 1,028 Joined: 12-April 06 From: Essex, UK Member No.: 21,719 |
Script kiddies is right then methinks! I was searching the net and it also said there was a vulnerability in SMF forums so if you use one of those best to update it if possible, not sure how credible it is but its a precaution at least.
They could be trying to make people distrust trap17 and xisto network websites for some hidden agenda or just "fun" i guess. But the problem doesn't lie here on the servers its just vulnerable code, i might google for vulnerabilities in SMF forums and see what comes up. I didnt know it was mainly localized to trap17 though, interesting EDIT searched for SMF vulns and i cant find hardly anything, all the ones i did find were related to version 1 of the forums. Plus i wasn't using SMF so methinks SMF is safe
This post has been edited by shadowx: Oct 28 2006, 09:59 AM |
|
|
|
|
Oct 28 2006, 10:41 AM
Post
#8
|
|
|
Ephesians 6:10-17 Group: [MODERATOR] Posts: 1,917 Joined: 22-June 05 From: The World of Gentoo Member No.: 8,528 |
They tried to deface a site i have hosted on my account. But they failed to make it publicly viewable. The index.php page had more priority than the index.htm page they managed to make. Though, i found it funny when i saw that index.htm file. That's all i've seen them do, really, though.
But yeah, SMF 1.0.8(+) is safe. |
|
|
|
|
Oct 28 2006, 10:53 AM
Post
#9
|
|