Account hackers?

Mat-Allum · Post by **Mat-Allum** » Wed Jul 13, 2005 4:05 pm

I just wanted to look at my forum for a sec - but when I went to the URL, I found that it had been hacked for the second time to my understanding.

I got this message:
.: DeFaCed By DxSero :.

It's scrolling in an annoying manner across the screen of my home page. What annoys me the most is that this is a free account. If they want something of their own, they oughta get their own stinking account.

I can't even get into my forum right now. If anyone knows what to do to get rid of these guys and get the place back to normal, please reply.

EDIT: The previous hacker was a "Zeus." I'm posting these names for two reasons - A, we can look for them on forums and stuff and see if anything's the same, and B, maybe they'll find a better career if they're discovered.

Post by **Phineus** » Wed Jul 13, 2005 4:25 pm

The scrolling message is probably just a marquis tag. If you download the main page and look at the code, you will be able to delete it.

The OK.txt could have been many things. Most times, the defacing type hackers do not delete your html but replace it with their own. It's possible the ok.txt was your normal page. Or, it may have provided clues about what they were doing and how they did it. I couldn't say, and it's too late now, but it may have been worth the peek.

Lastly, make sure you use hard-to-guess passwords. Robots can figure out easy ones.

Kdawg · Post by **Kdawg** » Wed Jul 13, 2005 5:11 pm

>>hard-to-guess passwords

Usually using both numbers and letters in a password helps.

Mat-Allum · Post by **Mat-Allum** » Wed Jul 13, 2005 6:34 pm

Yeah, it was a MARQUIS tag. What exactly does DEFACED mean?

And I will try for the hard-to-guess password. Maybe next time they try, I'll see what the ok.txt was.

PS: They also left four HTML pages as well, I dunno what that was all about as I removed them as well to appear as though nothing had happened. Next time I won't forget about that.

Post by **Phineus** » Wed Jul 13, 2005 8:12 pm

Deface just means to spoil the appearance. For computer hacks, it "usually" means without doing real harm. They just want to prove it can be done, that's all. But it's a nuisance when they do. Some though are much ruder and will delete all your files. Those are not the defacing kind.

http://dictionary.reference.com/search?q=deface

When it comes to *.txt and strange *.html pages, I usually download to a temporary location and open them in a text editor first, to make sure they're actually ascii files. If not, I delete. If they are, I read what's there before determining what to do.

HaC · Post by **HaC** » Wed Jul 13, 2005 9:31 pm

one of the most recent phpbb hacks to come into play, either your version of phpbb is out of date, or the version of php or mysql running on your hosts machine is out of date