http://img27.imageshack.us/img27/4923/38307449.png

What a funny guy... When I right clicked a message came up and said "Your ip is tracked, I will come for you ~ Netbeans"

GG :/


Anyone know him or have any experiences with him / them ?

It doesn't matter who this person is really, the real issue is cleaning and securing your site again. ;)

What a ++++ing loser.

Good luck with everything greenpk, I hope you have a backup. Otherwise, start manually going through sensitive PHP files and SQL tables.

--------------- Added 1364494448 at 1364494448 ---------------

I wonder if these are one in the same:

http://forum.extalia.net/threads/2242-NetBeans-banned-by-Extalia

Seems like a total idiot.

greenpk2 contact me it was exploit applied on your site i can help you to make more secre your forum ...

you should post in the paid request forum if you're looking for help ;)

Brandon Sheley for your information want to tell you i am expert in server security + PHP Applications like vBulletin . PHPBB . MyBB . like that . i read thouseds of ways how to hackers get in any forum . i have much info abut Shells . etc tools to hack or root a server

Brandon Sheley for your information want to tell you i am expert in server security + PHP Applications like vBulletin . PHPBB . MyBB . like that . i read thouseds of ways how to hackers get in any forum . i have much info abut Shells . etc tools to hack or root a server

Not sure why you are telling me this because I don't really care, my reply was for the OP.

Thanks :up:

Not sure why you are telling me this because I don't really care, my reply was for the OP.

Thanks :up:

ooops sorry .... :mad:

I find it both funny and serious. I know so little about PHP, MySQL & HTML.
I know some basic codes and the setup, but I am not advanced. I knew this would happend anyway, because we don't got the best webhosting service. This website is used for a private server, but the server is soon opening. I am thinking about let it go for a while, but elitecarders if you know how to secure us better I would be happy to get some information from you. I also read some articles how they hack and how to secure, but some of it are too advanced to me, since I am still learning the basics :)

--------------- Added 1364499138 at 1364499138 ---------------

I can tell one thing for sure, he just changed the content of the page... Maybe he is haunting us, because he wants me to mail him. If I think logic it might not be smart + he might demand cash... xD

I find it both funny and serious. I know so little about PHP, MySQL & HTML.
I know some basic codes and the setup, but I am not advanced. I knew this would happend anyway, because we don't got the best webhosting service. This website is used for a private server, but the server is soon opening. I am thinking about let it go for a while, but elitecarders if you know how to secure us better I would be happy to get some information from you. I also read some articles how they hack and how to secure, but some of it are too advanced to me, since I am still learning the basics :)

i will try to my best . i can ;-)

--------------- Added 1364508898 at 1364508898 ---------------

forum is fine now .. i did it :) no more infection here

Well guys it's solved now!
thanks to ~ elitecarders

For annyone ever doubted him, he actually helped me secure and learn me how to prevent a hack like that in the future!

htttp://www.true-carders.com/

did he do it for free or charge you?

Free :P

It's very rare (trust wise) that you find someone to do that for free so make him your friend imo!

:D

Edit: Be sure to post in your paid request that it's been taken care of otherwise you may receive now unwanted pm's ;).

I know :)

I got experience with this so I acted a bit rough and suspicious in the start with him. After a while I gave it a shot and he actually helped me out and taught me how to prevent and now It's fixed.

The hacker changed two templates; "FORUMHOME" & "FORUMDISPLAY"

The hacker also used one of the admin's account to do this, cuz u could see a change in the teamplate from that account. The guy that helped me told me that he is being infected or someone know the password to the admin account..

Well after changing FORUMHOME & FORUMDISPLAY back to normal, everything works fine.. The only problem is that every "Custom modification/configure" to the templates or added custom pages was deleted...

everything works fine.. The only problem is that every "Custom modification/configure" to the templates or added custom pages was deleted...

When your done adding the customizations back in, stop right then and make a backup of your style, you can export it ;).

i will try to my best . i can ;-)

--------------- Added 1364508898 at 1364508898 ---------------

forum is fine now .. i did it :) no more infection here

Elitecarders,

Can you say if this was this an undisclosed vulnerability, a misconfiguration issue or just an admin password problem?

Well some say I should feel suspicious, because he is owner of a illegal activities forum.. (Hacking) He told me he do it mostly for his own security.

It's like letting someone else wear your swim trunks - and then having to put them back on.

I am learning how to secure better and soon learning hacking techiques. (for security purpose) and reverse exploits.

I am learning how to secure better and soon learning hacking techiques. (for security purpose) and reverse exploits.

Posting 'lessons learned' would be great greenpk2 :)

Well I am happy, because he fixed the hack and he did learned me how to do it now, so I am happy. I wouldn't pay 300$ for that remove, because it was kinda easy to remove. The hacker just editted two templates added some basic codes... LOL no tracking codes or any mysql. It just seems worse than he made it to. I bet one of the administrators has been infected... Because we are 3 admins on it and one of them had changed "FORUMHOME" 6 pm and when I had a look at it u see that hackers code.

Well I am happy, because he fixed the hack and he did learned me how to do it now, so I am happy. I wouldn't pay 300$ for that remove, because it was kinda easy to remove. The hacker just editted two templates added some basic codes... LOL no tracking codes or any mysql. It just seems worse than he made it to. I bet one of the administrators has been infected... Because we are 3 admins on it and one of them had changed "FORUMHOME" 6 pm and when I had a look at it u see that hackers code.

hmm...Do you think it was just an easily guessable password for the admin acct or did the hacker already know it?

Did you have the strikes system enabled?

i added password for directories too now..