Author Topic: hacked[solved] (Read 5263 times)

theinvisible · « **Reply #15 on:** July 16, 2017, 07:22:05 pm »

Quote from: _CONEJO on July 16, 2017, 06:34:57 pm

Which OS and version were you running?
Which version of PHP are you running?
Which themes/plugins do you have installed and which version of each?
Did you have installed any other software (wordpress, joomla,...) even if it's no longer active? Which version?
Did you use weak passwords?
Is your local computer/device compromised? keylogged?
...
and the list goes on

My password was having alphabets and numbers.I have changed my password and made it stronger.
I have subdomains with other softwares like opencart(2.3.0.2), abantecart(1.2.5) and sphider(1.3.6) search engine script.

i am running php 5.6.30
my computer is not compromised.

theinvisible · « **Reply #16 on:** July 16, 2017, 07:24:31 pm »

Found some info about the hacker on the web https://packetstormsecurity.com/files/author/3222/ and https://www.soldierx.com/hdb/Kingcope

Aficionado · « **Reply #17 on:** July 16, 2017, 07:34:45 pm »

Quote from: theinvisible on July 16, 2017, 07:10:06 pm

Quote from: Aficionado on July 16, 2017, 06:30:51 pm

Now: do you have a recent BACKUP of your site ?

Can you see the security of the folders (should be 755) and of files (should be 644) ?

i don't have a recent backup of my site.

Some folders are with 750 and others with 755. All files except 'config.php'(666) in public_html folder is 644.

So the folders/files are ok.

Doesn't your hosting company provide a backup ?

What kind of plan is that ? Shared ? Managed or Unmanaged ? VPS ?

Is anything ELSE hosted in your plan (other site, other cms) ?

Have you MODIFIED the core or anything else ?

Aficionado · « **Reply #18 on:** July 16, 2017, 07:41:36 pm »

Quote from: theinvisible on July 16, 2017, 07:22:05 pm

My password was having alphabets and numbers.I have changed my password and made it stronger.
I have subdomains with other softwares like opencart(2.3.0.2), abantecart(1.2.5) and sphider(1.3.6) search engine script.

i am running php 5.6.30
my computer is not compromised.

I doubt that your hack was done from weak password or something.

Apparently some php/apache/sql hole was exploited in all that script you run.

theinvisible · « **Reply #19 on:** July 16, 2017, 07:42:02 pm »

linux shared hosting plan.

i think they restored index.php files from their backup.
I don't remember changing any core files.

theinvisible · « **Reply #20 on:** July 16, 2017, 07:43:43 pm »

Quote from: Aficionado on July 16, 2017, 07:41:36 pm

I doubt that your hack was done from weak password or something.

Apparently some php/apache/sql hole was exploited in all that script you run.

you mean one of my php scripts is vulnerable. right?

Aficionado · « **Reply #21 on:** July 16, 2017, 07:52:07 pm »

Quote from: theinvisible on July 16, 2017, 07:43:43 pm

Quote from: Aficionado on July 16, 2017, 07:41:36 pm

I doubt that your hack was done from weak password or something.

Apparently some php/apache/sql hole was exploited in all that script you run.
you mean one of my php scripts is vulnerable. right?

I mean that hacking you have (searching by his name) appears to be some security exploit in apache/sql/php and not a password hacking.

Since Osclass is unknown to hackers, maybe some other script you run. But also could be the fault of your hosting company.

Impossible to tell without finding the cause if it.

And not having a backup seems strange to me. They all have a backup.

theinvisible · « **Reply #22 on:** July 16, 2017, 07:54:51 pm »

I think they have a backup. Thats how they managed to restore the original index.php files, i think.

_CONEJO · « **Reply #23 on:** July 16, 2017, 07:56:49 pm »

Your Sphider version is vulnerable https://www.cvedetails.com/vulnerability-list/vendor_id-4330/product_id-7526/version_id-169706/Sphider-Sphider-1.3.6.html

But from the links you posted, looks like the hacker search for mysql/apache/ssh exploits and not other software.

If it was the apache/php/mysql,... what was compromised, maybe your whole hosting company is compromised too

Aficionado · « **Reply #24 on:** July 16, 2017, 08:01:19 pm »

Quote from: _CONEJO on July 16, 2017, 07:56:49 pm

If it was the apache/php/mysql,... what was compromised, maybe your whole hosting company is compromised too

And it wouldn't be the first time for them. A few years back

http://thehackersmedia.blogspot.gr/2012/08/hostdime-hacked-by-1337.html

theinvisible · « **Reply #25 on:** July 16, 2017, 08:02:51 pm »

Quote from: Aficionado on July 16, 2017, 08:01:19 pm

Quote from: _CONEJO on July 16, 2017, 07:56:49 pm

If it was the apache/php/mysql,... what was compromised, maybe your whole hosting company is compromised too

And it wouldn't be the first time for them. A few years back

http://thehackersmedia.blogspot.gr/2012/08/hostdime-hacked-by-1337.html

but my hosting company is named mytruehost not hostdime

theinvisible · « **Reply #26 on:** July 16, 2017, 08:06:16 pm »

https://www.exploit-db.com/exploits/29290/
check this

Aficionado · « **Reply #27 on:** July 16, 2017, 08:07:51 pm »

Ok, this site

http://arimaborough.gov.tt/

http://www.zone-h.org/mirror/id/29929151?zh=1

was also hacked and guess what .... Hostdime.

So they are hacked totally. Server hacked.

Aficionado · « **Reply #28 on:** July 16, 2017, 08:08:44 pm »

Quote from: theinvisible on July 16, 2017, 08:06:16 pm

https://www.exploit-db.com/exploits/29290/
check this

Dude it is your hosting company that is hacked. Your whole server (or all their servers) apparently.

theinvisible · « **Reply #29 on:** July 16, 2017, 08:14:39 pm »

Quote from: Aficionado on July 16, 2017, 08:08:44 pm

Quote from: theinvisible on July 16, 2017, 08:06:16 pm
https://www.exploit-db.com/exploits/29290/
check this

Dude it is your hosting company that is hacked. Your whole server (or all their servers) apparently.

So you are telling me that mytruehost.com servers are hacked??

Osclass forums

News:

Author Topic: hacked[solved] (Read 5263 times)

theinvisible

Re: hacked

theinvisible

Re: hacked

Aficionado

Re: hacked

Aficionado

Re: hacked

theinvisible

Re: hacked

theinvisible

Re: hacked

Aficionado

Re: hacked

theinvisible

Re: hacked

_CONEJO

Re: hacked

Aficionado

Re: hacked

theinvisible

Re: hacked

theinvisible

Re: hacked

Aficionado

Re: hacked

Aficionado

Re: hacked

theinvisible

Re: hacked