Can someone check this out?

I was away on a little vacation and I came back to my site being hacked. All the files are screwed up.

http://www.boardingscene.com

Must have happened last night?

Looking fine to me here. :)

I started to fix back the site, but has anyone seem this from the same person yet?

"Hacked By Liz0ziM"

It must have been possibly a targeted hit...

I have backups of it, so he did no harm lol, I just wanna know how he got in and if he has attacked anyone else?

I hate having enemies is all.

Did it include a black screen and a pic of Michael Jackson?

I saw that on a hacked site recently. :(

Ok now this is weird... he got my cpanel?

No, all it said was...

"Hacked By Liz0ziM"

In plain text...

Looks to be he only replaced the index files?

I wonder if it was a host targeted attack?

Type Hacked By Liz0ziM into google, he has all types of things hacked...

That is very possible especially if it has also affected your cpanel.

Yeah... I wonder how he got in though.

:( Thats going to bug me.

At least it seems he just randomly picks websites to exploit, so hopefully no one else will experience this.

I would like to meet the guy though... Heck I would hire him lol

Yeah... I wonder how he got in though.

:( Thats going to bug me.

At least it seems he just randomly picks websites to exploit, so hopefully no one else will experience this.

I would like to meet the guy though... Heck I would hire him lol

He likely got in through an insecure script, such as a gallery addon/plugin - there was a nasty exploit in CMG not too long ago - Do you use that?

Likely, if he got in once, he setup shop - and he can get back in unless you figure out how he did it.

You can look for any irregularities with the following string of commands;

cd /usr/local/apache/domlogs;tail -n 5000 * | grep 'ptrace'

find /home/ -name "*.php" -exec grep 'passthru(' {} \; -print

find /home/ -name "*.php" -exec grep -i 'phpshell' {} \; -print

wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
cd chkrootkit*
make sense
./chkrootkit


If you find anything interesting feel free to post back - damned hackers...

Hope this helps some.

Internet Explorer cannot display the webpage
________
List of Toyota vehicles (http://www.toyota-wiki.com/wiki/List_of_Toyota_vehicles)

Actually it appears to be a server problem, rather than a browser problem. FireFox says the server timed out.

Regards,

No... I reported it to my host and the are switching me to a new server till they figure out what happened. They think they got in through to shared server and just got my account too.

Now it seems it was a skiddie who found a code and used it.

My host still hasnt fixed whatever happened.

<a href="http://www.zone-h.org/component/option,com_attacks/Itemid,43/filter_defacer,BiyoSecurityTeam/" target="_blank">http://www.zone-h.org/component/opti...oSecurityTeam/</a>

Take a look at that.

He seems to be a part of "BiyoSecurity Team".