shadowx

Oct 27 2006, 07:23 PM

Hi all


I just checked my site, hosted here at trap17.com, and my guestbook was full of html code, when i checked the file used to store the content of the guestbook i notice the HTML was as follows

QUOTE

<html>

<head>
<meta http-equiv="Content-Language" content="tr">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<title>Hacked By Spyhackerz.com</title>
</head>

<body bgcolor="#000000">

<p align="center"><a href="http://www.spyhackerz.com">
<img border="0" src="http://rootingsabotage.sitemynet.com/sht.jpg" width="503" height="387"></a></p>
<p align="center"><font face="Verdana"><b><font color="#FFFFFF">
<a href="http://www.spyhackerz.com"><font color="#FFFF00">www.spyhackerz.com</font></a></font><font color="#FFFF00">
</font></b></font></p>
<p align="center">&nbsp;<EMBED
src=http://spyhackerz.com/music/index.mp3
width=20 height=15 autostart="true" loop="true"></p>
<p align="center">&nbsp;</p>

</body>

</html>

So im just wondering if anyone has any info on these people. I recommend not going on the website incase they trace your IP etc....I haven't visited yet either, i might use Google to check them out but was hoping someone might know something? Thankfully it failed as scripts wont work in my guestbook but id like to know who they are. It seems nothing else has been affected but ill keep checking things. Any info would be great

 

 

 

Reply

krap

Oct 27 2006, 08:36 PM

the website is like this

QUOTE

spyhackerz.com


This domain may be for sale by its owner!


For technology try these sponsored results

boring

Reply

shadowx

Oct 27 2006, 08:52 PM

QUOTE(krap @ Oct 27 2006, 09:36 PM)

the website is like thisboring

strange...im not too worried as nothing else seems to have been damaged, just wanted to know which script kiddie had a pop at my site! I notice a lot of other people have been hit by these guys too which is irritating. Why wont they put their knowledge to good use.

Reply

Albus Dumbledore

Oct 27 2006, 10:08 PM

yeah, they hit mine

But they seem to be only targeting trap17 accounts from what ive heard/seen so yeah.........
they also hit a friend of mines... lovely eh?

anywho, they only got something on mine that anyone in the world could have done.. it is one of those scripts that are in the ACP of IPB for admin updates.... and i had a friend write this script because i wanted one like it, and they decided to paste their HTML for that page into the box and clicked save no real damage to my site, nor my friends...lmao

Reply

shadowx

Oct 28 2006, 09:54 AM

Script kiddies is right then methinks! I was searching the net and it also said there was a vulnerability in SMF forums so if you use one of those best to update it if possible, not sure how credible it is but its a precaution at least.

They could be trying to make people distrust trap17 and xisto network websites for some hidden agenda or just "fun" i guess. But the problem doesn't lie here on the servers its just vulnerable code, i might google for vulnerabilities in SMF forums and see what comes up.

I didnt know it was mainly localized to trap17 though, interesting

EDIT searched for SMF vulns and i cant find hardly anything, all the ones i did find were related to version 1 of the forums. Plus i wasn't using SMF so methinks SMF is safe

Reply

shadowx

Oct 28 2006, 01:37 PM

Ah chmod'ing one thing i haven't done. Ill have to check that, thanks. They arent really good at 'hacking' this lot Just an annoyance!

Reply

Latest Entries

special

Oct 30 2006, 07:39 PM

Never bin succesfully targeted by people, I use a mainframe to server network. Means mainframe will deal with attacks and the routers and send cleans info to the server ( gameserver )

So that way the site is protected and the gameserver dubbel protected also AM a mu server host most people give out there gameserver ip public i dont to prevent attacks thats why website / server is ona difrent ip / server.

Reply

shadowx

Oct 30 2006, 05:09 PM

As crazyrob said its silly kids aka script kiddies who know nothing of actual programming or real hacking, they simply scan the web for vulnerable things like the old SMF systems for example then keep looking and asking until someone will tell them how to do damage and follow the instructions. Im not personally worried by them as they failed at my site but Absolute has a good point, if you do get affected by them particularly if you loose money due to the defacement its worth trying to get at least the losses back. The problem being no-one knows who these kiddies are. Possible the security websites where they post their latest defacements. If those security companies would be prepared to hand over the IP's to authorities the little group might have a problem. Though i suspect they will be behind a chain of proxies, if not they really are stupid

Reply

CrazyRob

Oct 30 2006, 09:32 AM

yeh theyve tried to hack thru my firewalls and deface my site. ive blocked there actual ip's and reported them so they will be stopped soon enough. ITs just kids thinking their hard by defacing a page by loggin onto somones ftp account as guest unless you have it turned off.

Reply

Absolute

Oct 30 2006, 01:38 AM

QUOTE(jlhaslip @ Oct 27 2006, 03:32 PM)

Yes, some script kiddies have been causing some grief around the 'net.
They appear to only be defacing index pages, so take a backup of your site, change passwords for your ftp and cpanel access, etc as pro-active security measures.
Several other sites have been affected, none seriously, though. And it is way beyond this Domain. They are pretty busy little individuals.

Heres something that you should consider. Try reporting them to trap17 and if it continues then press charges against the group. Trust me it works. You will have to take the time to go to the police station and file a report but it just depends on how much time you want to spend on the issue. If it really is a bother then take the time. Trust me i've seen it happen myself where a group of people on a game and decided to hack my clans and some others websites and then brag about it on their own. Unfortunately for them im an arse and i got everyone together that was affected and filed a complaint with the police and they were arrested for it and now its on their permanent record. They had to pay for damages to everyones website and pay the hosts for time spent correcting the problem and had to do community service and were banned from any computer for six months. You just have to take the time. It may seem funny to them but it is a crime and if the people that did it to my groups site do it again they will have to spend time in jail. Now thats funny to me.

Reply

truefusion

Oct 28 2006, 06:39 PM

QUOTE(MusicOnly @ Oct 28 2006, 12:13 PM)

QUOTE(truefusion @ Oct 28 2006, 12:41 PM)

But yeah, SMF 1.0.8(+) is safe.

what do you mean by this?

I mean that Simple Machines Forum (SMF) 1.0.8, and maybe above, is safe enough to use; without the spyhackerz group successfully messing around. I have SMF 1.0.8 installed in my hosting, in the same directory that was engaged by a "spyhacker".

Reply

Got an Opinion! Express your Views! (no registration):-
Add your Reply/ Opinion/ Views/ Comments/ Suggestion/ Questions/ Queries etc.
Posts with decent grammar & English will be accepted and please refrain from profanities.
For asking a Question, We recommend you to sign-up (for free) so that you can track the topic easily.

Nature of your Post*:		Opinion/ Reply/ Comments Question/Query Feedback to us.
Name			Email
Title/Question*
(Maximum characters: 10,000) You have characters left.
Confirm Code:

1. smf vulnerabilidad
2. defacing smf - 83.95 hr back. (1)
3. find out ip of hacking attempt - 116.46 hr back. (1)
4. exploit smf 1.0.8 - 118.19 hr back. (1)
5. spyhackerz.com - 121.82 hr back. (2)
6. spyhackerz - 115.00 hr back. (2)
7. gmail hacking attempts detect - 145.65 hr back. (1)

1. Warning: Virus Spreading Through Msn Messenger - any info? (12)

   I was online, and then a friend sent me that file, and I accepted it because he's been wanting
   to send me a program that improves the resolution of the screen. But then my email address was in
   the file name, so I asked him what that was. To my horror, he said 'virus', but it was too
   late, I already opened it and then several chat screens popped-up, and it was auto-sent to some of
   the friends on the contact list. Luckily i was quick enough to ask them not to click on it. And my
   norton internet security and microsoft anti spyware program detected it and asked ...

2. Is Hacking Legal? And What Is Legal To Hack? - Is hacking Legal? And what is legal to hack? (6)
3. New Rootkit Uses Old Trick To Hide - Info on Trojan.Mebroot (2)

   Well it seems Trojans and root kits are making a deadly combination this especially with a technique
   thats pretty darn old. QUOTE The malware, called Trojan.Mebroot by Symantec, installs itself on
   the first part of the computer's hard drive to be read on startup, then makes changes to the
   Windows kernel, making it hard for security software to detect it. Well at least I understand
   how or where root kits become effective a bit more, but really you think if everyone is aware of it
   they would have found a way to patch that hole. I guess not since 5000 computer...

4. A Hacker Trying To Impress A Hacking Team..supposably - (2)

   I thought this was funny as hell seeing this story . First off if I where a hacker I try something
   that's more impressive then hitting myspace I would go for a bigger fish such as government
   computers, intranets, cripple a business etc etc. Point number two I am not going to advertise a
   hacking team like this noob instead I would have keep on doing it until some hacking tam notices me
   and asks me to join. Before I got any further I am not hacker, nor condone it, this is a what
   if scenario and show you what not do to. Back on topic now and point #3 I woul...

5. Php Security Vulnerability - Beware From Spammers - If you notice your site becoming really slow, you may be a victim (1)

   QUOTE PHP Security If you are using PHP on your website we ask that you please read the
   following carefully. We have noticed a significant number of PHP websites are being compromised
   due to vulnerable PHP code. Spammers are scanning millions of websites on the Internet looking for
   PHP scripts that can be exploited to send spam. When they find a script that has a loophole they
   send thousands of email messages through the script, often taking down the website or severely
   impacting website performance. Generally these loopholes exploit code using paramet...

6. Hacker Be Aware Of Hacking - (5)

   Hi I have seen many articles on how to deface this website or that one... but never seen much on
   whats happens after web-sites are defaced. I am no admin but got to know a few things from here and
   there. Just thought of putting all those things together... Let me put it down in the form of a
   small story. Once upon a time a company by name Lazyadmin.ltd had hosted its website
   "Stupidsecurity.com" for their clients. It had a large number of visitors and also the company had a
   great reputaion. Now one fine day, one hacker/craker broke into their site and defaced the sit...

7. Dangers Of Google Web Accelerator - Clicking links you don't want to click, and deleting info (21)

   Albeit another topic on Google Web Accelerator has been made, this topic addresses another
   different security concern. This is on the security concern on how Google Web Accelerator operates.
   While your internet connection isn't going any faster, the "illusion" of faster loading pages is
   caused by Google prefeching the pages and links, *before* you visit them. Therefore, all the pages
   have been downloaded into your hard drive. Which brings up the following problem: Since Google Web
   Accl. prefetches ALL links on a page, if the page had a link like: "cancel my accoun...

8. Gmail Phishing Attempt - (8)

   Thats a long message, but read the #'s where he wants personal information, bank accounts,
   address, and why is the message in all CAPS? Thats really wierd. I reported it to Gmail, but wanted
   to know if anybody got something similiar to this message. QUOTE I have a new email
   address! You can now email me at: peterwetego09@yahoo.com FROM :PETER WETEGO. ABIDJAN,IVORY
   COAST Email(peterwetego09@yahoo.com ) DEAR ONE, PERMIT ME TO INFORM YOU OF MY DESIRE OF GOING
   INTO BUSINESS RELATIONSHIP WITH YOU. I GOT YOUR NAME AND CONTACT FROM A FRIEND WHO IS MEMBER OF ...

9. Blaster/sasser Worms Info - (4)

   We all know that when Blaster or Sasser infect your computer the following things are observed: 1.
   The computer gets slow. 2. The search engine Doesnt work. 3. The computer often shuts down if we
   access the internet. Cure: To remove the worm, a removal tool should be downloaded from the
   internet. But it is not possible to do it because as soon as we connect to the internet a countdown
   for system restart starts. This problem can be over come by the following process.. Connect to the
   internet and search for the removal tool. It is also available on microsoft.com When the...

10. Big Brother Is Watching .. & Sneaking Your Info - personal privacy violations (7)

    Hi all, came across this newspaper article (& web posts about it) the other day. Thought it would
    be good for an opinion poll. re: more ways our personal privacy is being invaded. When will it all
    stop ? The article talks about government agencies gaining access to your personal files in an
    underhanded/"sneaky" way without "due process" of law (ie. court orders..etc). Here's the
    link(s) : http://the.honoluluadvertiser.com/article/...ln01a.html-FBI& computer repair shops Guess
    everyone should learn computer encryption & hard drive "wiping" security precautions BE...

11. Credit Card Info Stolen... - Security Breach (2)

    hi, The credit card breaches are starting to occur more frequently now.. (at least twice in last
    two months.. as far as I remember). Read the following article: QUOTE In what could be the
    largest data security breach to date, MasterCard International on Friday said information on more
    than 40 million credit cards may have been stolen. Of those exposed accounts, about 13.9 million
    are for MasterCard-branded cards, the company said in a statement. Some 20 million Visa-branded
    cards may have been affected and the remaining accounts were other brands, including Ameri...