PDA

View Full Version : Anyone know who "uykusuz001" are?

Megatr0n
02-20-2009, 09:37 PM
A few hours ago my site seemingly got hacked and all I could see was a page like this:

http://kcsl.ca/X-Portal/

Except it said:


XSS Exploit in vBuletin add-on


ONE TURK AGAINST THE WORLD


AND JUSTICE FOR ALL

If I tried to access any script on the forum or page it'd always take me back to the index.page. Once I uploaded a fresh new copy of the file, the issue was fixed and the site started loading again. It's funny because none of my files or the database wasn't deleted or damaged.

I asked the host and they said they scanned the site whole server and no malicious scripts or shall programs to speak of and did not noticed any breaching through FTP.

Any ideas?
iyama
02-20-2009, 09:49 PM
here more stuff
http://www.google.nl/search?q=uykusuz001&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:nl:official&client=firefox-a
Megatr0n
02-20-2009, 09:53 PM
Thanks. I have already used Google and can't find much information on it. Just other sites which, have got hacked.
iyama
02-20-2009, 09:58 PM
Its a hacker what is hacking around for his fun. And it shows that it is possible to hack your site. Maybe he want you to protect your site the next time better.
Megatr0n
02-20-2009, 10:01 PM
That's just it nothing was hacked, I mean damaged of the sort. I didn't have to restore any sort of back-up or anything.

I was wondering if anyone here can shed some more light about who this guy(s) is/are.
Lynne
02-20-2009, 11:07 PM
I think it was a more of a warning - he *could* have done more to your site since he obviously got access. I suggest you read this - How To Make My Forums More Secure (http://www.vbulletin.com/forum/showthread.php?t=194701) - and also contact your host to see if they can help you figure out how they got access to your server.
Megatr0n
02-21-2009, 12:47 AM
Hi Lynne,

You could be right. I read though he also managed to hack United Nation's and Sony's site? :S

I've pretty much followed all those steps from that thread. The host think it's a script based hack but don't know which, one. They've now enabled enhanced logging so if it happens again they'll know. So, I guess we'll have to wait and see.
Dismounted
02-21-2009, 03:45 AM
XSS Exploit in vBuletin add-on
This tells all, really.
fattony69
02-21-2009, 06:05 AM
This tells all, really.

Not ALL. Which one is it?
iyama
02-21-2009, 08:02 AM
Maybe he toke the settings from you. Your host can see that