 |
Your forum announcement here! |
|
 |
02-07-2007, 14:11
|
|
new member
|
|
Join Date: Apr 2007
Posts: 4
|
|
Hacked! turkprotest.com
Just had our website hosting hacked by some turkish hackers who seem to have uploaded index.whatever files of every type to our 'www' folder (i.e. index.php, index.cfm, index.htm etc.)
It looks like this may have been spotted by support staff already (site went down for a couple of minutes, and files have been renamed to index.php-hacked), but I need to know if this is a vulnerability of my website hosting or the hosts?
Has anyone else had this problem?
Thanks! |
02-07-2007, 14:25
|
 |
Chief Marketing Officer
|
|
Join Date: Sep 2005
Posts: 4,374
|
|
Your website hosting is resolving from server of some other company. I don't see your domain name in our billing system as well.
You will need to contact your web hosting company to get this sorted. currently none of our customers have any sort of such issues.
__________________
UK Web Hosting || Business Hosting || eUKhost Knowledgebase
Toll Free : 0808 262 0255 || MSN : mark @ eukhost.com || AIM : eukmark
A bunch of Sheep led by a Lion is better than a bunch of Lions led by a Sheep.
__________________________________________________
Great Opportunity :: Join our Affiliate Program for FREE and earn 20% commission on each referral.
|
02-07-2007, 14:42
|
|
new member
|
|
Join Date: Apr 2007
Posts: 4
|
|
sorry - should have made that clearer: turkprotest.com is the website hosting that hacked mine (google it, they've been busy!)
our URL is sitel-cardiff.com
Ignore the bit about support working on it - this was another colleague of mine, who was working from home...
I'd appreciate it if you could investigate the vulnerability - from what I can find on other support forums, it seems to point to a need to patch the hosting server. |
02-07-2007, 14:55
|
|
Chief Marketing Officer
|
|
Join Date: Sep 2005
Posts: 4,374
|
|
Some of our customers hosted on one of our web hostingcontroller windows server have reported this matter. we are replacing their index pages right now and our windows system admins will take a look in getting this security vulnerability sorted ASAP.
We have made such exploits impossible on Linux Servers but they have now focussed on windows servers so we will implement some security rules on windows ( hostingcontroller ) as well.
__________________
UK Web Hosting || Business Hosting || eUKhost Knowledgebase
Toll Free : 0808 262 0255 || MSN : mark @ eukhost.com || AIM : eukmark
A bunch of Sheep led by a Lion is better than a bunch of Lions led by a Sheep.
__________________________________________________
Great Opportunity :: Join our Affiliate Program for FREE and earn 20% commission on each referral.
|
02-07-2007, 15:23
|
 |
Premium Member
|
|
Join Date: Apr 2007
Location: Manchester, United Kingdom
Posts: 4,849
|
|
I had this happen a while ago - and yes it was by a Turkish hacking group doing exactly the same thing to my website hosting. This has no happened in nearly a year now to me but I am on Linux and like Mark says, the security rules have been updated on Linux.
I am sorry to here about your troubles - it only happened to me once so hopefully it is over for you now too! |
02-07-2007, 15:54
|
|
Chief Marketing Officer
|
|
Join Date: Sep 2005
Posts: 4,374
|
|
Quote:
Originally Posted by DPS Computing
I had this happen a while ago - and yes it was by a Turkish hacking group doing exactly the same thing to my website hosting. This has no happened in nearly a year now to me but I am on Linux and like Mark says, the security rules have been updated on Linux.
I am sorry to here about your troubles - it only happened to me once so hopefully it is over for you now too! |
no worries. they will have a lesson this time 
__________________
UK Web Hosting || Business Hosting || eUKhost Knowledgebase
Toll Free : 0808 262 0255 || MSN : mark @ eukhost.com || AIM : eukmark
A bunch of Sheep led by a Lion is better than a bunch of Lions led by a Sheep.
__________________________________________________
Great Opportunity :: Join our Affiliate Program for FREE and earn 20% commission on each referral.
|
02-07-2007, 16:28
|
|
Premium Member
|
|
Join Date: Apr 2007
Location: Manchester, United Kingdom
Posts: 4,849
|
|
Quote:
Originally Posted by eukhost.com
no worries. they will have a lesson this time |
What are you going to do to them this time? 
Last time you completely kicked the persons backside when they were trying to compromise the server security . |
02-07-2007, 16:41
|
 |
Senior Member
|
|
Join Date: Jun 2007
Location: Hunwick, Crook, Durham
Posts: 105
|
|
Try using a FTP client to re-transfer your files to your website hosting. and get rid of the stupid turk stuff. |
02-07-2007, 16:43
|
|
Banned
|
|
Join Date: Jun 2007
Posts: 24
|
|
Quote:
Originally Posted by DPS Computing
What are you going to do to them this time?
Last time you completely kicked the persons backside when they were trying to compromise the server security . |
Wow! These hackers better learn their lesson.
If you need help I would love to help you.
I know how to hack website hostings!
And I even built a website hosting for all of you to enjoy.
If you need to access a website hosting and it's blocked!
Please visit my website hosting
Proxy site
//LINK REMOVED
Last edited by Ben; 01-08-2007 at 19:18.
|
02-07-2007, 16:52
|
|
Premium Member
|
|
Join Date: Apr 2007
Location: Manchester, United Kingdom
Posts: 4,849
|
|
Quote:
Originally Posted by thug4life
|
Proxies are usually quite slow when used in this way if they have a reasonable amount of traffic.
And any network admin worth thier salt will figure this out within a day and block the new proxy - this idea has been tried before!! (at places like my college - we found a new proxy and they just blocked it really soon after!) |
02-07-2007, 17:12
|
|
new member
|
|
Join Date: Apr 2007
Posts: 6
|
|
I just noticed the same as freestate on my 2 website hostings hosted here on windows.
EVERY directory even those outside the root had a default.asp, cfm, htm, html and php file and an index.asp, cfm, htm, html and php file.
I just finished removing them all.
This is the third time in 3 weeks that those hackers can get away with it, time for eukhost to sort them out or for me to find another host.
This is the first time any of my website hostings have been hacked in 7 years online. |
02-07-2007, 17:20
|
|
Premium Member
|
|
Join Date: Apr 2007
Location: Manchester, United Kingdom
Posts: 4,849
|
|
Quote:
Originally Posted by badger24
I just noticed the same as freestate on my 2 website hostings hosted here on windows.
EVERY directory even those outside the root had a default.asp, cfm, htm, html and php file and an index.asp, cfm, htm, html and php file.
I just finished removing them all.
This is the third time in 3 weeks that those hackers can get away with it, time for eukhost to sort them out or for me to find another host.
This is the first time any of my website hostings have been hacked in 7 years online. |
Mark mentioned in an earlier post that eUKhost are in the process of modifying the security rules on Windows based accounts to make the secure and prevent this type of attack in the future.
Hope that helps . |
02-07-2007, 19:37
|
|
new member
|
|
Join Date: Apr 2007
Posts: 4
|
|
well, my website hosting has been down for about an hour now.
Hopefully this is part of the fix (and it won't take too much longer ...  ) |
02-07-2007, 20:13
|
|
Premium Member
|
|
Join Date: Apr 2007
Location: Manchester, United Kingdom
Posts: 4,849
|
|
Quote:
Originally Posted by freestate
well, my website hosting has been down for about an hour now.
Hopefully this is part of the fix (and it won't take too much longer ... ) |
I doubt modifying the security rules would take your website hosting down.
Have you tried contacting support for an explanation? Or to see whether it is a symptom of the hacking attempt that you have experienced earlier? |
02-07-2007, 20:19
|
|
Chief Marketing Officer
|
|
Join Date: Sep 2005
Posts: 4,374
|
|
Quote:
Originally Posted by DPS Computing
I had this happen a while ago - and yes it was by a Turkish hacking group doing exactly the same thing to my website hosting. This has no happened in nearly a year now to me but I am on Linux and like Mark says, the security rules have been updated on Linux.
I am sorry to here about your troubles - it only happened to me once so hopefully it is over for you now too! |
turkprotest.com will be removed from registry of ICANN. nothing else besides removing all their domains from registry.
__________________
UK Web Hosting || Business Hosting || eUKhost Knowledgebase
Toll Free : 0808 262 0255 || MSN : mark @ eukhost.com || AIM : eukmark
A bunch of Sheep led by a Lion is better than a bunch of Lions led by a Sheep.
__________________________________________________
Great Opportunity :: Join our Affiliate Program for FREE and earn 20% commission on each referral.
|
02-07-2007, 20:23
|
|
Premium Member
|
|
Join Date: Apr 2007
Location: Manchester, United Kingdom
Posts: 4,849
|
|
Quote:
Originally Posted by eukhost.com
turkprotest.com will be removed from registry of ICANN. nothing else besides removing all their domains from registry.
|
I am glad to hear that! Thanks Mark! - these turkish hackers do seem to be getting round a bit hacking multiple forums, website hostings and guestbooks every minute!! Quite scary - seems like there is a lot of them  . |
02-07-2007, 20:27
|
|
Chief Marketing Officer
|
|
Join Date: Sep 2005
Posts: 4,374
|
|
Quote:
Originally Posted by badger24
I just noticed the same as freestate on my 2 website hostings hosted here on windows.
EVERY directory even those outside the root had a default.asp, cfm, htm, html and php file and an index.asp, cfm, htm, html and php file.
I just finished removing them all.
This is the third time in 3 weeks that those hackers can get away with it, time for eukhost to sort them out or for me to find another host.
This is the first time any of my website hostings have been hacked in 7 years online. |
I apologize for this problems you had on this server but we are on top of things and everything will be sorted today itself. I am good with windows servers but I never disturb settings of our windows team. I will get detailed documentation from them of what they have implemented to sort this problem and first thing I am doing is to get the hackers back on their toes.
__________________
UK Web Hosting || Business Hosting || eUKhost Knowledgebase
Toll Free : 0808 262 0255 || MSN : mark @ eukhost.com || AIM : eukmark
A bunch of Sheep led by a Lion is better than a bunch of Lions led by a Sheep.
__________________________________________________
Great Opportunity :: Join our Affiliate Program for FREE and earn 20% commission on each referral.
|
02-07-2007, 20:28
|
|
Chief Marketing Officer
|
|
Join Date: Sep 2005
Posts: 4,374
|
|
let me correct my statement. You cannot call it as hacking as they have managed to run mass exploit to replace index pages and nothing else. They manage to write their index page recursively in all directories but they cannot delete anything.
__________________
UK Web Hosting || Business Hosting || eUKhost Knowledgebase
Toll Free : 0808 262 0255 || MSN : mark @ eukhost.com || AIM : eukmark
A bunch of Sheep led by a Lion is better than a bunch of Lions led by a Sheep.
__________________________________________________
Great Opportunity :: Join our Affiliate Program for FREE and earn 20% commission on each referral.
|
02-07-2007, 20:37
|
|
Premium Member
|
|
Join Date: Apr 2007
Location: Manchester, United Kingdom
Posts: 4,849
|
|
Quote:
Originally Posted by eukhost.com
let me correct my statement. You cannot call it as hacking as they have managed to run mass exploit to replace index pages and nothing else. They manage to write their index page recursively in all directories but they cannot delete anything.
|
Surly we can just "close" this mass exploit then.
Can they only write files called "index" then or just create any file with any name they want and that is it? |
02-07-2007, 22:42
|
|
Senior Member
|
|
Join Date: Jun 2007
Location: Hunwick, Crook, Durham
Posts: 105
|
|
Have the right CHMOD settings and they shouldnt be able to right to your homepage. But this cannot be helped where write settings are needed.
|
|
