Page 1 of 1

Webwriter - Hacked?

PostPosted: Mon Nov 29, 2004 6:07 pm
by KriFos
I click the download link, and get up a page with the following text:

http://kriko.neosurge.net/webwriter/

Hacked By Q8Crackers Crew DeadLine | bohajr | Befcake | DosMan

#Darknet at irc.gigachat.net

PostPosted: Mon Nov 29, 2004 6:29 pm
by cerberos76_
interesting. I hope that is not related to coranto at all, but just a problem with Kriko servers...

PostPosted: Mon Nov 29, 2004 7:09 pm
by SrNupsen
Looks like it's fixed now. Probably nothing to do with Coranto.

SrNupsen

PostPosted: Mon Nov 29, 2004 8:32 pm
by kriko
My site got in the way of a massive defacement by some muslims from Kuwait. The whole server was rooted, in my opinion, and then some index files were replaced. Fortunately only a few were hurt in my account and I had a recent backup copy of them all.

Some defacements have already been reported:
http://www.zone-h.org/en/search/what=neosurge/
http://www.zone-h.org/en/search/what=neopages/

Here's a page I was fortunate not to get:
http://carboncanvas.neosurge.net/q8.html

For a few months the file uploading system on my site had been on attack - PHP files and various viruses were uploaded with no success. My system was set up secure enough not to be penetrated by some hackers. I also banned the IP's behind the attacks.

During september and october my site also exceeded it's bandwidth limits and reached 24GB. The usual BW usage for it had been around 1-2GB (of 10GB max).

My opinion is that there were people working hard to get access to the server and they finally managed to do it somehow.


In any case, I have replaced the files and the systems should be operational, if you encounter any more problems feel free to let me know.

PostPosted: Wed Nov 21, 2007 4:59 pm
by Brad
I just wanted to alert other Coranto users. I had a couple of different client's sites hack. All of the sites hacked had Multipart installed and active.

The hackers upload files for a phishing scam, for banks like Wachovia, and others.

Keep a close eye on your sites if you have any upload scripts.

PostPosted: Wed Nov 21, 2007 8:34 pm
by SrNupsen
True. And make sure to specify which file endings you allow for any upload field.

PostPosted: Sat Dec 08, 2007 11:46 pm
by AndyP
Thanks for the heads up here. I don't use an upload script myself, been stung by that in the past so I keep clear of them.