Jump to content

Support our Sponsors >> Thai Friendly | Luxury Pattaya Condo Rentals | Le Pub Soi Diamond | Pattaya Investigations | Beavers Pattaya | Pattaya News | Pattaya Bars | The Night Wish Group | Add your Text or Event here

Cerberus

Devils Den website hacked

Recommended Posts

Cerberus

After 3 x 18 hour days we had just got it sorted to about 95% when.....................you guessed, we got attacked again. This time people were online everywhere, so sat and watched and were able to pin point how they were getting in. However it will now take another day or two to set it right again. Sorry guys.

 

Ok we are working on fixing the site, we believe it was a group of anti-porn religious hackers that have carried out both assaults. May their god bless them, as he probably needs the souls :GoldenSmile1: I just love these, holier than thou, pricks.

Share this post


Link to post
Share on other sites
D'Impaler

Ok we are working on fixing the site, we believe it was a group of anti-porn religious hackers that have carried out both assaults. May their god bless them, as he probably needs the souls :GoldenSmile1: I just love these, holier than thou, pricks.

 

 

Yes my dick is holier than thou

Share this post


Link to post
Share on other sites
praf974

I dont know if this is of any use to you but i have some linux hosts which used to get attacked all the time until i installed 'denyhosts' which completely blocks specific i.p. addresses it spots trying to hack in (failed ssh attempts etc.)

Share this post


Link to post
Share on other sites
Soi Six Snatch Sniffer

[quote name='Cerberus' timestamp='1280337205' post='93876 It would seem it was not a single hacker but a Pack, (what do you call a group of these idiots).

 

I THINK THE TERM IS CUNTS!!!

Share this post


Link to post
Share on other sites
Cerberus

I dont know if this is of any use to you but i have some linux hosts which used to get attacked all the time until i installed 'denyhosts' which completely blocks specific i.p. addresses it spots trying to hack in (failed ssh attempts etc.)

 

Thanks you we will add that to the other options we are looking at.

 

I THINK THE TERM IS CUNTS!!!

 

No mate, as you come from where I do (appox ;-) ) and know the Anglo Saxon usage means its something we are always lusting after. They are more like a HIV virus, every-time you get a handle on the bloody little buggers they evolve elsewhere.

Share this post


Link to post
Share on other sites
jasonbalmer

After 3 x 18 hour days we had just got it sorted to about 95% when.....................you guessed, we got attacked again. This time people were online everywhere, so sat and watched and were able to pin point how they were getting in. However it will now take another day or two to set it right again. Sorry guys.

 

I presume you got some IP addresses too.

Were they in-country, or will the imps have to travel to deliver justice?

Share this post


Link to post
Share on other sites
s77656769

I dont know if this is of any use to you but i have some linux hosts which used to get attacked all the time until i installed 'denyhosts' which completely blocks specific i.p. addresses it spots trying to hack in (failed ssh attempts etc.)

 

If you are using ssh then you should turn off passwords entirely and just use keys. Then they can guess passwords to their hearts content, and it will always fail.

Share this post


Link to post
Share on other sites
Spanky99

I don't no much about cyber crime so what do they do to the site when

They have hacked it Is it about money ??????

 

Totally depends on the hacker. A professional group will target companies worth money to steal the data, usually financial data be it credit card numbers or other accounts. These are pros and this is how they make a living. They aren't flashy, they aren't out to scream to the world LOOK AT ME. This isn't an insult to the Devil's Den but they aren't getting hit by pros.

 

Your next group that tends to deface websites, are what we call Script Kiddies. They use well known exploits and scripts and just hammer on a server until they get access. It's damn near impossible to secure a server against every attack as new ones are discovered constantly. These groups like to deface sites and tag it with their name or group affiliation. They may get paid a small amount of money by someone to do it but mostly its just bragging rights to their friends and to build community credit that they hacked a site.

 

I think the owner of the Devil's Den said it earlier, if someone wants in you aren't stopping them. Unless you are monitoring your site 24/7, reviewing the log files, and are willing to take extreme measures you just can't stop a determined hacker.

Share this post


Link to post
Share on other sites
pattaya bound

Totally depends on the hacker. A professional group will target companies worth money to steal the data, usually financial data be it credit card numbers or other accounts. These are pros and this is how they make a living. They aren't flashy, they aren't out to scream to the world LOOK AT ME. This isn't an insult to the Devil's Den but they aren't getting hit by pros.

 

Your next group that tends to deface websites, are what we call Script Kiddies. They use well known exploits and scripts and just hammer on a server until they get access. It's damn near impossible to secure a server against every attack as new ones are discovered constantly. These groups like to deface sites and tag it with their name or group affiliation. They may get paid a small amount of money by someone to do it but mostly its just bragging rights to their friends and to build community credit that they hacked a site.

 

I think the owner of the Devil's Den said it earlier, if someone wants in you aren't stopping them. Unless you are monitoring your site 24/7, reviewing the log files, and are willing to take extreme measures you just can't stop a determined hacker.

 

Spanky, you must be board at work......leave the poor Devils Den alone and go back to the LB section......... :o:o:o:wacko::wacko::wacko:

Share this post


Link to post
Share on other sites
Cerberus

Spanky, you must be board at work......leave the poor Devils Den alone and go back to the LB section......... :o:o:o:wacko::wacko::wacko:

 

No hes right, we now believe it to be;

 

a group of anti-porn religious hackers that have carried out both assaults. May their god bless them, as he probably needs the souls :GoldenSmile1: I just love these, holier than thou, pricks.

 

as Spanky said;

 

Your next group that tends to deface websites, are what we call Script Kiddies. They use well known exploits and scripts and just hammer on a server until they get access. It's damn near impossible to secure a server against every attack as new ones are discovered constantly. These groups like to deface sites and tag it with their name or group affiliation

 

which is what they did :GoldenSmile1:

Share this post


Link to post
Share on other sites
praf974

If you are using ssh then you should turn off passwords entirely and just use keys. Then they can guess passwords to their hearts content, and it will always fail.

 

yeh but the denyhosts works for all sorts of attacks, its amazing to see on linux how these lowlifes are attempting to gain access to your box when your have a look at the root file /var/log/auth.log you can see them trying a while range of tcp ports with guessed user names and passwords for common setups like mysql, samba, ssh etc etc. scumbags .. is so tempting to have a go at attacking the ip addresses doing this!

Share this post


Link to post
Share on other sites
murtle71

No hes right, we now believe it to be;

 

 

 

as Spanky said;

 

 

 

which is what they did :GoldenSmile1:

 

 

 

So then the only question should be what site do they run and how many of use do you need to start a war....

 

:GoldenSmile1: :GoldenSmile1: :GoldenSmile1: :GoldenSmile1: :GoldenSmile1:

Share this post


Link to post
Share on other sites
George111

Dosen't your host company do weekly backups? Should be pretty simple to just load up the last backup version of the site.

 

Or whoever updates your site should have a version of the site saved on his computer when he did the update.

Edited by George111

Share this post


Link to post
Share on other sites
LaaMok

Dosen't your host company do weekly backups? Should be pretty simple to just load up the last backup version of the site.

 

Or whoever updates your site should have a version of the site saved on his computer when he did the update.

 

Yes, they will probably have several backups dating back, however the exploit has to be found and patched.

Share this post


Link to post
Share on other sites
Spanky99

Spanky, you must be board at work......leave the poor Devils Den alone and go back to the LB section......... :o:o:o:wacko::wacko::wacko:

 

Do I need to post more compromising pictures of you and your Canadian tanning habits? :P Do remember that I arrive BEFORE you and that I KNOW where you are STAYING! He/She will be taller than you, have large hands, a deep voice, and will demand that he/she "smoke you good" while humming "Happy Birthday Pattaya Bound", I would have him/her sing but her mouth will be full. :Raspberry6:

 

 

 

yeh but the denyhosts works for all sorts of attacks, its amazing to see on linux how these lowlifes are attempting to gain access to your box when your have a look at the root file /var/log/auth.log you can see them trying a while range of tcp ports with guessed user names and passwords for common setups like mysql, samba, ssh etc etc. scumbags .. is so tempting to have a go at attacking the ip addresses doing this!

 

Most scripts don't even bother with brute force password cracks. They will try the very common, defaults, but for the most part they shoot for unpatched applications and protocol vulnerabilities to gain access. Its faster and easier then running through a dictionary for a password. As for denyhosts, easily bypassed. A good hacker will never use their own IP address and instead shoot through a proxy usually another compromised machine. You would have to trace back to that machine then start tracing the packets, again back from there. A good hacker will have about 4 layers between them and their target. Your average script kiddie just hits a compromised machine in China and launches what they want from there. More so, if you got enough zombies under your control you can overrun most defenses just by flooding the server with so many requests its can't keeps up and either crashes or lets you through. Again, if they want in, you aren't going to stop them. This group apparently wants in bad enough that they will find a way to do it no matter what precautions you take.

Share this post


Link to post
Share on other sites
bigdicki

Totally off topic but why is Joy not listed on the DD website?

Share this post


Link to post
Share on other sites
George111

Yes, they will probably have several backups dating back, however the exploit has to be found and patched.

 

Well the most likely culprit would be the booking php, it's the only form I see on there. Maybe the input fields are not validated first so someone could get a script to run that way. Other then that maybe extra services running on the server that's not really needed and not secured down.

Share this post


Link to post
Share on other sites
Cerberus
For information, our site was on a dedicated server and not one on a server farm either. Yes, we did keep back-ups and had them on another server, they got to that as well. It would seem it was not a single hacker but a Pack, (what do you call a group of these idiots). No our passwords were complex to say the lest.

 

Spanky99, you a hacker :GoldenSmile1: you are on the button in most things you have said. The real damage was done the first time, the second just allowed us to see how they were gaining access. We are playing catch up and being across 3 times zones is hindering us a little.

Share this post


Link to post
Share on other sites
Spanky99

Spanky99, you a hacker :GoldenSmile1: you are on the button in most things you have said. The real damage was done the first time, the second just allowed us to see how they were gaining access. We are playing catch up and being across 3 times zones is hindering us a little.

 

Nah! I do IT for a living which means I don't get my jollies hacking others sites. After spending a day dealing with other peoples computer crap, last thing I want to do is spend time hacking. I mean, porn don't surf itself and I need to relax after a hard day at work. :07:

Share this post


Link to post
Share on other sites
biteneat

I guess its being sorted now, the current lineup is back in the website. I was shocked to see around 5 of the girls missing (I had taken Gik overnight only a week ago and when I get back home, she was missing in the website). Hope the entire issue gets sorted soon. :Chokdee:

Share this post


Link to post
Share on other sites
Cerberus

I guess its being sorted now, the current lineup is back in the website. I was shocked to see around 5 of the girls missing (I had taken Gik overnight only a week ago and when I get back home, she was missing in the website). Hope the entire issue gets sorted soon. :Chokdee:

 

We are working on it :GoldenSmile1: not finished but working :D

Share this post


Link to post
Share on other sites
bigjimslay

good now I have someone to give to the imps, when they heard and we received no bookings for that period they asked me: Boss you find these people you do nothing you give them to us ok.

 

now that's scary, welcome to Hell BJS

 

Uhoh... Me given to the Imps???? That could be interesting... LOL

Share this post


Link to post
Share on other sites
Catamaran

I assume you guys are using some distro of Linux. Denyhosts can only do so much, but it is useful for blocking login attempts.

There is however another package, called "mod_security", which can be very useful in blocking attacks. Is it essentially a Web Application Firewall,

and the default rules can be added upon (would need regex skills though). It comes in .rpm's for flavors such as RedHat and CentOS at their repos or rpmforge.

Installation can be at times tricky if you have certain dependencies, such as liblua.

 

http://www.modsecurity.org/

http://www.howtoforge.com/apache_mod_security

 

Best defense is to always keep your web-apps updated of course... :Chokdee:

Edited by Catamaran

Share this post


Link to post
Share on other sites
Highlander

Sorry to hear about that Cerberus, I hope you find out who the wanker/wankers are and return the favour.

Share this post


Link to post
Share on other sites
Cerberus

Guys we are 95% there, we have to update the pictures in the profiles and do a run search for any glitches. Then wait to hear from yourselves if you see anything we have missed.

 

To those patrons that persevered with making bookings throughout this period, :001_Thank_You5: As usual, I also have to thank the team that work alongside me for all the extra hours and effort everybody has put in to this recovery. Blessings seem to come in many sizes and mine run the spectrum from 45 to 130kilos. :GoldenSmile1:

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.