Get exclusive CAP network offers from top brands

View CAP Offers

Need Help – Hacked by some ^$B&*#HDH#)@FU

[bsa_pro_ad_space id=2]
  • This topic is empty.
Viewing 15 posts - 31 through 45 (of 48 total)
  • Author
    Posts
  • #828734
    gokken
    Member

    http://web.archive.org/web/20110201145307/http://infoarea.com/ Feb 2011 record. Seems all legit. Site links to casino-online-promotion.com.

    On that site your promoting some of the worst known clip joints who have long histories of shafting players. Just saying!

    #828737
    Anonymous
    Inactive

    @AussieDave 245597 wrote:

    Hi rmeeuwsen, I was kind bored yesterday and knowing you have a few sites I got curious. I did a few checks to see if any of your other sites were hacked, and if any share the same servers.

    Your site infoarea.com has also been hacked. But, not by the same hacker it seems.

    Kinda strange cause this TLD is not listed in your sites at the GPWA. But infoarea.com is used as your contact email info for lucky-777-casino.com, which hasn’t been hacked.

    Just a thought, but have you pissed someone off recently?

    Not the first time I was hacked, unfortunately.

    One site on a different host had some phishing scam installed for ‘chase bank’. The host was notified by Chase and they just closed down my account – never sent me an email or anything. Just saw it by accident.

    It was on a domain I rarely visited (not updated either). I got rid of the code which was in the wp area just sticking out plain as day. Dumped the code and updated – everything fine. Account turned back on. Moved the domain to another host.

    But then the original host closed the account again – referenced the same issue – but it had already been addressed – so they turned the account back on again (it wasn’t even on their site at the time)

    Then they closed the account a third time – same issue – still had been resolved – turned it back on again.

    I prefer to think of these as ‘competitors’ doing negative measures to stifle the competition. (not likely, but a positive thought in a crummy situation)

    Although who knows the motivations of these ‘aholes’.

    So more crap to fix, instead of working on improving sites (sort of like reacting to google changes and gov domain seizures)

    PS – If I did ‘tick someone off’ with a ‘review post’ or ‘whatever’ all they had to do was email me!

    #828738
    Anonymous
    Inactive

    @AussieDave 245599 wrote:

    Online Casino Gambling Info Area Feb 2011 record. Seems all legit. Site links to casino-online-promotion.com.

    On that site your promoting some of the worst known clip joints who have long histories of shafting players. Just saying!

    You referring to slot madness or sites like palace of chance, casino titan or some other?

    #828739
    wbprofits
    Member

    I would think it betus banner

    #828740
    Anonymous
    Inactive

    @GamblingShares 245605 wrote:

    I would think it betus banner

    I had a lot of them and then they stopped the program, so I think it was already removed.
    But at least they paid out whatever was due.

    #828741
    betluckfan
    Member

    Who’s hack your site ??

    ===============
    fanooss rayaneh
    esmafahan – khajoo ST
    esfahan
    Esfahan,8157733361
    IR
    Tel. +098.9131261948
    ================

    P/S: You should update your wp site to last version.

    #828743
    Anonymous
    Inactive

    On the off chance that the web host could find something I emailed support.
    They were doing my support request, plus they sent me this advice.

    I have scanned your account and I was unable to find any malicious code from your website files. Also, please change the password of your account/FTP to strong value and remove unwanted FTP users if any exists.

    In order to prevent the hackers attack in the future, you will have to ensure that:
    1. Generate a strong password combination for account, ftp, and database.
    2. Scan local computer with good antivirus, antispyware programs and clean bad programs.
    3. Keep the software up-to-date with vendors/developers, and seek their support/forums for any known vulnerabilities/fixes/workarounds available.
    4. Do not assign 777 permissions to any of the files or folders as it makes them world writable and could lead to such issues.
    5. Remove any unneeded folders, files and if you are running any web application like Joomla, WordPress, osCommerce, Moodle.. etc keep them up-to-date with latest stable version.

    This can happen for various reasons like:
    1. Poor/compromised account/FTP password, which allows hackers to guess the password [or use brutforce tools] and get unauthorized access.
    2. Your computer infected by viruses, which is controlled by hackers. In this situation, your uploaded files also get infected.
    3. Poor scripts, which allow hackers to insert various malformed queries and remotely execute the code and perform intended action.
    4. Virus effected theme selection for the application.
    5. Installing application which are downloaded form third party sites; mainly not genuine sites.

    This advice is better than what I got from a different host on a previous hack, which was ‘delete all your files and reinstall from your backup’. It turned out all I had to do was delete about 5 wp files and upload new ones.

    #828744
    wbprofits
    Member

    #3 and # 5 in the 1st part are huge to do’s on all sites ( keep themes and Plug ins updated )

    back ups help also :burnafatt

    #828747
    Anonymous
    Inactive

    Update,

    rmeeuwsen gave me access to his backend so I could see what was going on.

    First and foremost I recommend changing all passwords.
    Second, do what I mentioned in the PM to you.
    Third, Keep all scripts up to date.

    The hacker did in fact get into his sql database and left a redirect. It was easy to spot and fix. I looked over other parts of the database where I thought they could have hid code and saw nothing.

    I also had a glance over the files on the server and didn’t see any malicious code. That doesn’t mean there’s none there but chances are there isn’t. This hack sees like a simple sql injection to deface the site.

    #828749
    Anonymous
    Inactive

    On Oct 7th Google issed a warning of more and more state sponsored cyber attacks and just by looking over my logs I can see that they’ve tried to gain access on quite a few of our sites. I suggest that you all update all your scripts immediately.

    here’s an article on G’s warning.

    Google Warning of More State-Sponsored Cyber-Attacks

    #828750
    CasinoSasa
    Member

    Guaranteed there state sponsored, but they aint coming from the Middle East.. lol Try a little closer to home. ;)

    #828752
    Anonymous
    Inactive

    @fonzi 245618 wrote:

    On Oct 7th Google issed a warning of more and more state sponsored cyber attacks and just by looking over my logs I can see that they’ve tried to gain access on quite a few of our sites. I suggest that you all update all your scripts immediately.

    here’s an article on G’s warning.

    Google Warning of More State-Sponsored Cyber-Attacks

    I also want to publicly thank Fonzi for fixing my site and giving me tips on protecting my sites better.

    The ” Free Casino Games and Bonuses ” site is back to ‘normal’, except – it now has all updated scripts and more protection AND a backup system.

    Yet, I still have another hacked site to fix. Another lesson reiterated is that even though there are a lot of ‘ahole’ hackers, there are also a lot of other nice people like Fonzi too.

    #828754
    Anonymous
    Inactive

    PS – If anyone plugs ” http://www.slotbonuses.info/ ” into google they’ll hopefully see my mug displayed there with my nome de plume Richard Wright

    That was the last thing I was working on at this site before being hacked.
    I wonder if there is any connection.

    PS – I could use a few google + circles additions too. :)

    #828758
    betluckfan
    Member

    Welcome come back, your site :).

    You should download scan shell tools and scan all your file and directory. For security, if hacker put a shell to your server, you will never find it.

    You can find this tool at google with keyword: Backdoor Scanner, scan shell tools…

    Good luck.

    John

    #828772
    Anonymous
    Inactive

    @johntang 245629 wrote:

    Welcome come back, your site :).

    You should download scan shell tools and scan all your file and directory. For security, if hacker put a shell to your server, you will never find it.

    You can find this tool at google with keyword: Backdoor Scanner, scan shell tools…

    Good luck.

    John

    Cool tools – I tried Wordfence. Red the ‘how to use tour’ and started looking at ‘Live Activity’. Saw a ‘human’ looking at a post (will be expanding on that topic in my site later) and saw an unfamiliar ‘crawler’ from ‘173.199.116.179.choopa.net’ – looked on google for it and saw it was listed on a site as a ‘Blacklist Bot/Crawler Type’ and ‘Web Crawler – Website Extractor” – then followed the url to the site where they referenced itself as “The largest index of live links and the best tool to spy on your competitors’ actual keywords”

    So I blocked the IP.
    But it was a persistent little bugger that came back with at least 3 more ip’s

    Then I looked at ‘logins and lockouts’ and saw someone from the Ukraine trying to login as admin every 2 minutes – So I blocked his IP too

    I made all the blocks permanent!

Viewing 15 posts - 31 through 45 (of 48 total)