Hacked !

[pac]

Urghh, Mosavi1986 hacked and took out my entire site and all my 'for sale domains' last night.

Googling Mosavi1986 appears that he has been a busy boy, has anyone else been attacked ??

Crankshaft

 

[fonzie_007]

At the risk of sounding completely ignorant... I've never heard of Mosavi1986 before. Anyone care to inform me who he is ?

 

[Stephen]

He has indeed hacked many sites, here's a list of some:

http://www.zone-h.org/en/defacements/filter/filter_defacer=Mosavi1986/page=1/

 

[kr580]

http://www.nflnow.net/forumshacked/

Got me too. Fortunately enough for me it was just the vB files which I easily downloaded again.

He got into mine on a CHMOD 0777 mistake on my part.

 

[iggy]

He hacks websites that have to do with domains? How do you know its him? What did he do with your "for Sale" section?

Anyways, look out NAMEPROS!

 

[pac]

Hi, yep I was chmod 777 too, just changed to 711. As I host all my domain names 'dynamically' using one site & effectively 1 page, he took them all down. it's still down as I have asked my hosting company to investigate before I restore the site.

Fortunately I have automatic nightly backups, so all I will loose is the pagehits file for a few hours.

Crankshaft

 

[kr580]

He hacks websites that have to do with domains? How do you know its him? What did he do with your "for Sale" section?

Anyways, look out NAMEPROS!

From what I've seen he just looks for sites that have folders CHMOD'd to 0777, gains access to that folder, deletes all pages and leaves his calling card (See my link for the page). I don't think there's a pattern of subjects he's going after, just 0777's.

And I doubt NamePros has to worry. I would think they'd be smarter than to leave a important folder open like that. I could be wrong though.

 

[matt_bodis]

Don't you still need physical access to the server inorder to touch any 777 chmod folder?

 

[peterstannard]

Why does everyone think 777 is a security risk? Its not.

 

[zehrila]

You need to keep your machines uptodate keep an eye on all upcoming new exploits and their patches.Most of the time it is our negligence or hosting providers negligence to not to keep servers upto date.

 

[pac]

I understand that with chmod 777, some of the php scripts have security holes which hackers exploit to upload / edit files.

Crankshaft

 

[pac]

Just had another sub-site hacked by same hacker, CHMOD 777 again, so beware !

 

[peterstannard]

Here is an interesting piece about CHMOD 777;
http://www.simplemachines.org/community/index.php?topic=2987.0

 

[pac]

Hi Peter, hmm that thread is interesting, but the only folder which was CHMOD 777 on the site was hacked, the others were not touched.

 

[peterstannard]

Hi Peter, hmm that thread is interesting, but the only folder which was CHMOD 777 on the site was hacked, the others were not touched.

Sounds like a dodgy/out of date script to me. What was in the hacked dir?