PDA

View Full Version : A good lesson...I got hacked



orion_joel
09-27-2008, 10:34 AM
Well i did not think i would ever have to deal with it but today i had cover every possible avenue after one of my hosting accounts was hacked. I do not know exactly what the extent was, as the first i knew was an email from the Web host to inform me the account in question was suspended until i could modify the passwords for it.

While i cannot confirm exactly how they got in i suspect it was an install of a much older version of vbulletin i had started uploading, but had not finished and had not run the install script on. Although it could have been something else. There was some weird search terms in the stats, and a couple of direct incoming clicks from what looked like webmail urls.

Thankfully even though it was my master reseller domain for the account, i do not think they realized and were more interested in sending bulk email out, which was stopped fairly quickly by limits in place by the host. However i end up changing the password's for every email account and cpanel account plus any scripts i have installed just to be on the safe side.

It taught me a valuable lesson though, clean up what you start, never leave a script in limbo uninstalled and good support at your host stops things very quick. While for the most part i would suspect the majority of the more web savvy people here already know what can happen it is worth a reminder that it does still happen and doesn't take much.

KristineS
09-27-2008, 12:15 PM
This is a great reminder. Unfortunately the hackers and the scam artists get more and more sophisticated.

I'm glad it was a relatively benign hack.

billbenson
09-27-2008, 01:05 PM
I had a shared server get hacked once. One account on the server had a simple password. It wasn't my account. After that I changed all my passwords to 12 character passwords using special characters where permitted. I keep them in an excel file and do a copy and paste. The excel file has 2000 lines of things like contacts, notes, websites etc so the passwords are pretty buried in there. I think that is pretty secure.

There are plenty of password generators out there. I use this one:

Security Guide for Windows - Random Password Generator (http://www.pctools.com/guides/password/)

orion_joel
09-28-2008, 02:01 AM
Just from what i found in Awstat's and then doing some searches on google, i don't think that it was overally sophisticated, but more so taking advantage of a very simple flaw to get an in.

Apparently they had started trying to send out bulk amounts of phishing email's. However from the returned messages it does not appear that there was much more then a few hundred actually sent before it was stopped. The way in was making use of a google search to find a particular file by the title meta tag, and the particular file must have some sort of flaw in the coding to allow them to get access.

I probably would have had much more problem if they had realized the account was linked to web host manager and the password was the same. However i have now changed all my passwords to make use of letters numbers and special characters, and over 9 characters. When i created them cpanal gave them 10/10 for security. So should stay all good for the time being.

It is i have learned very good to stay on top of things and where possible make use of passwords that are secure as possible.

cbscreative
09-28-2008, 10:57 PM
This thread should serve as a valuable reminder of the importance of security and having strong passwords. Many people falsely believe that as long as the account doesn't contain anything of real value that they don't need to worry. This experience is a perfect example that the intent was to hijack an email to send Spam and frame the account that got hacked. It also demonstrates how searching for a file known to be vulnerable opens up the potential for attack.

Hackers are not always looking for valuables. Sometimes they just want to mask their own malicious activities.

Business Attorney
09-29-2008, 09:06 AM
Many people falsely believe that as long as the account doesn't contain anything of real value that they don't need to worry.

I used to think that until about a year ago. The website of my former law firm was hacked and redirected to a site featuring lawyer jokes. We are pretty sure that the offender was a guy who was being sued by one of our clients. Our consultants thought that he probably hacked in through the ColdFusion admin panel but they never explained why they thought that. In any event, they converted the site to static pages and we eventually put in a different back end system.

vangogh
09-29-2008, 09:04 PM
Sorry to hear Joel. It probably was due to the old version of vBulletin. Open source software is great, but it's important to keep it updated. Once a vulnerability is found it eventually becomes automated for someone to search sites with the hole and take advantage of it.

It could also have been that you hadn't run the install script yet, but had it on the site. Most open source software will have you remove the install script once you've set up the application because someone else could come in behind you and run it too.

orion_joel
09-30-2008, 12:18 AM
I think the primary reason i had not done the install was that from memory the FTP had only managed to upload about half the files and it timed out and i had thought will finish tomorrow. So i know what mistake to not make again, if you dont have time to finish something don't start it.