Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
Reload this Page Site Hacked by Liz0ziM?
Register FAQ Community Calendar Today's Posts Search

Reply
Page 1 of 2 1 2
 
Thread Tools Search this Thread Display Modes
  #1  
Old 07-15-2006, 08:03 PM
Cky47's Avatar
Cky47 Cky47 is offline
 
Join Date: Feb 2006
Location: PA
Posts: 144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Site Hacked by Liz0ziM?
Can someone check this out?

I was away on a little vacation and I came back to my site being hacked. All the files are screwed up.

http://www.boardingscene.com

Must have happened last night?
Reply With Quote
  #2  
Old 07-15-2006, 08:08 PM
kall's Avatar
kall kall is offline
 
Join Date: Apr 2004
Location: New Zealand
Posts: 2,608
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Looking fine to me here.
Reply With Quote
  #3  
Old 07-15-2006, 08:09 PM
Cky47's Avatar
Cky47 Cky47 is offline
 
Join Date: Feb 2006
Location: PA
Posts: 144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I started to fix back the site, but has anyone seem this from the same person yet?

"Hacked By Liz0ziM"

It must have been possibly a targeted hit...

I have backups of it, so he did no harm lol, I just wanna know how he got in and if he has attacked anyone else?

I hate having enemies is all.
Reply With Quote
  #4  
Old 07-15-2006, 08:09 PM
kall's Avatar
kall kall is offline
 
Join Date: Apr 2004
Location: New Zealand
Posts: 2,608
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Did it include a black screen and a pic of Michael Jackson?

I saw that on a hacked site recently.
Reply With Quote
  #5  
Old 07-15-2006, 08:13 PM
Cky47's Avatar
Cky47 Cky47 is offline
 
Join Date: Feb 2006
Location: PA
Posts: 144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Ok now this is weird... he got my cpanel?

No, all it said was...

"Hacked By Liz0ziM"

In plain text...

Looks to be he only replaced the index files?

I wonder if it was a host targeted attack?

Type Hacked By Liz0ziM into google, he has all types of things hacked...
Reply With Quote
  #6  
Old 07-15-2006, 08:16 PM
peterska2 peterska2 is offline
 
Join Date: Oct 2003
Location: Manchester, UK
Posts: 6,504
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
That is very possible especially if it has also affected your cpanel.
Reply With Quote
  #7  
Old 07-15-2006, 08:22 PM
Cky47's Avatar
Cky47 Cky47 is offline
 
Join Date: Feb 2006
Location: PA
Posts: 144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Yeah... I wonder how he got in though.

Thats going to bug me.

At least it seems he just randomly picks websites to exploit, so hopefully no one else will experience this.

I would like to meet the guy though... Heck I would hire him lol
Reply With Quote
  #8  
Old 07-15-2006, 09:00 PM
maximux1's Avatar
maximux1 maximux1 is offline
 
Join Date: Mar 2002
Posts: 89
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Cky47
Yeah... I wonder how he got in though.

Thats going to bug me.

At least it seems he just randomly picks websites to exploit, so hopefully no one else will experience this.

I would like to meet the guy though... Heck I would hire him lol
He likely got in through an insecure script, such as a gallery addon/plugin - there was a nasty exploit in CMG not too long ago - Do you use that?

Likely, if he got in once, he setup shop - and he can get back in unless you figure out how he did it.

You can look for any irregularities with the following string of commands;
Code:
cd /usr/local/apache/domlogs;tail -n 5000 * | grep 'ptrace'

find /home/ -name "*.php" -exec grep 'passthru(' {} \; -print

find /home/ -name "*.php" -exec grep -i 'phpshell' {} \; -print

wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
cd chkrootkit*
make sense
./chkrootkit
If you find anything interesting feel free to post back - damned hackers...

Hope this helps some.
Reply With Quote
  #9  
Old 07-15-2006, 10:33 PM
Shazz's Avatar
Shazz Shazz is offline
 
Join Date: Jun 2006
Location: Utah
Posts: 4,758
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Internet Explorer cannot display the webpage
________
List of Toyota vehicles
Reply With Quote
  #10  
Old 07-15-2006, 10:41 PM
slappy slappy is offline
 
Join Date: Apr 2003
Posts: 97
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Actually it appears to be a server problem, rather than a browser problem. FireFox says the server timed out.

Regards,
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 02:23 AM.

Contact Us - Archive - Privacy Policy - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05614 seconds
  • Memory Usage 4,727KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/functions_amr.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete