Jump to content
IGNORED

Devils Den website hacked


Cerberus

Recommended Posts

After 3 x 18 hour days we had just got it sorted to about 95% when.....................you guessed, we got attacked again. This time people were online everywhere, so sat and watched and were able to pin point how they were getting in. However it will now take another day or two to set it right again. Sorry guys.

 

Ok we are working on fixing the site, we believe it was a group of anti-porn religious hackers that have carried out both assaults. May their god bless them, as he probably needs the souls :GoldenSmile1: I just love these, holier than thou, pricks.

Link to comment
Share on other sites

Ok we are working on fixing the site, we believe it was a group of anti-porn religious hackers that have carried out both assaults. May their god bless them, as he probably needs the souls :GoldenSmile1: I just love these, holier than thou, pricks.

 

 

Yes my dick is holier than thou

Link to comment
Share on other sites

I dont know if this is of any use to you but i have some linux hosts which used to get attacked all the time until i installed 'denyhosts' which completely blocks specific i.p. addresses it spots trying to hack in (failed ssh attempts etc.)

O you who turn the wheel and look to windward, Consider Phlebas, who was once handsome and tall as you.
Link to comment
Share on other sites

[quote name='Cerberus' timestamp='1280337205' post='93876 It would seem it was not a single hacker but a Pack, (what do you call a group of these idiots).

 

I THINK THE TERM IS CUNTS!!!

Link to comment
Share on other sites

I dont know if this is of any use to you but i have some linux hosts which used to get attacked all the time until i installed 'denyhosts' which completely blocks specific i.p. addresses it spots trying to hack in (failed ssh attempts etc.)

 

Thanks you we will add that to the other options we are looking at.

 

I THINK THE TERM IS CUNTS!!!

 

No mate, as you come from where I do (appox ;-) ) and know the Anglo Saxon usage means its something we are always lusting after. They are more like a HIV virus, every-time you get a handle on the bloody little buggers they evolve elsewhere.

Link to comment
Share on other sites

After 3 x 18 hour days we had just got it sorted to about 95% when.....................you guessed, we got attacked again. This time people were online everywhere, so sat and watched and were able to pin point how they were getting in. However it will now take another day or two to set it right again. Sorry guys.

 

I presume you got some IP addresses too.

Were they in-country, or will the imps have to travel to deliver justice?

Link to comment
Share on other sites

I dont know if this is of any use to you but i have some linux hosts which used to get attacked all the time until i installed 'denyhosts' which completely blocks specific i.p. addresses it spots trying to hack in (failed ssh attempts etc.)

 

If you are using ssh then you should turn off passwords entirely and just use keys. Then they can guess passwords to their hearts content, and it will always fail.

Link to comment
Share on other sites

I don't no much about cyber crime so what do they do to the site when

They have hacked it Is it about money ??????

 

Totally depends on the hacker. A professional group will target companies worth money to steal the data, usually financial data be it credit card numbers or other accounts. These are pros and this is how they make a living. They aren't flashy, they aren't out to scream to the world LOOK AT ME. This isn't an insult to the Devil's Den but they aren't getting hit by pros.

 

Your next group that tends to deface websites, are what we call Script Kiddies. They use well known exploits and scripts and just hammer on a server until they get access. It's damn near impossible to secure a server against every attack as new ones are discovered constantly. These groups like to deface sites and tag it with their name or group affiliation. They may get paid a small amount of money by someone to do it but mostly its just bragging rights to their friends and to build community credit that they hacked a site.

 

I think the owner of the Devil's Den said it earlier, if someone wants in you aren't stopping them. Unless you are monitoring your site 24/7, reviewing the log files, and are willing to take extreme measures you just can't stop a determined hacker.

'Veni, Vidi, Velcro' - I came, I saw, I stuck around.

When I'm single I like playing the field. You call it picking up hookers. - Jim Norton

 

Link to comment
Share on other sites

Totally depends on the hacker. A professional group will target companies worth money to steal the data, usually financial data be it credit card numbers or other accounts. These are pros and this is how they make a living. They aren't flashy, they aren't out to scream to the world LOOK AT ME. This isn't an insult to the Devil's Den but they aren't getting hit by pros.

 

Your next group that tends to deface websites, are what we call Script Kiddies. They use well known exploits and scripts and just hammer on a server until they get access. It's damn near impossible to secure a server against every attack as new ones are discovered constantly. These groups like to deface sites and tag it with their name or group affiliation. They may get paid a small amount of money by someone to do it but mostly its just bragging rights to their friends and to build community credit that they hacked a site.

 

I think the owner of the Devil's Den said it earlier, if someone wants in you aren't stopping them. Unless you are monitoring your site 24/7, reviewing the log files, and are willing to take extreme measures you just can't stop a determined hacker.

 

Spanky, you must be board at work......leave the poor Devils Den alone and go back to the LB section......... :o:o:o:wacko::wacko::wacko:

Link to comment
Share on other sites

Spanky, you must be board at work......leave the poor Devils Den alone and go back to the LB section......... :o:o:o:wacko::wacko::wacko:

 

No hes right, we now believe it to be;

 

a group of anti-porn religious hackers that have carried out both assaults. May their god bless them, as he probably needs the souls :GoldenSmile1: I just love these, holier than thou, pricks.

 

as Spanky said;

 

Your next group that tends to deface websites, are what we call Script Kiddies. They use well known exploits and scripts and just hammer on a server until they get access. It's damn near impossible to secure a server against every attack as new ones are discovered constantly. These groups like to deface sites and tag it with their name or group affiliation

 

which is what they did :GoldenSmile1:

Link to comment
Share on other sites

If you are using ssh then you should turn off passwords entirely and just use keys. Then they can guess passwords to their hearts content, and it will always fail.

 

yeh but the denyhosts works for all sorts of attacks, its amazing to see on linux how these lowlifes are attempting to gain access to your box when your have a look at the root file /var/log/auth.log you can see them trying a while range of tcp ports with guessed user names and passwords for common setups like mysql, samba, ssh etc etc. scumbags .. is so tempting to have a go at attacking the ip addresses doing this!

O you who turn the wheel and look to windward, Consider Phlebas, who was once handsome and tall as you.
Link to comment
Share on other sites

No hes right, we now believe it to be;

 

 

 

as Spanky said;

 

 

 

which is what they did :GoldenSmile1:

 

 

 

So then the only question should be what site do they run and how many of use do you need to start a war....

 

:GoldenSmile1: :GoldenSmile1: :GoldenSmile1: :GoldenSmile1: :GoldenSmile1:

Link to comment
Share on other sites

Dosen't your host company do weekly backups? Should be pretty simple to just load up the last backup version of the site.

 

Or whoever updates your site should have a version of the site saved on his computer when he did the update.

Edited by George111
Link to comment
Share on other sites

Dosen't your host company do weekly backups? Should be pretty simple to just load up the last backup version of the site.

 

Or whoever updates your site should have a version of the site saved on his computer when he did the update.

 

Yes, they will probably have several backups dating back, however the exploit has to be found and patched.

Link to comment
Share on other sites

Spanky, you must be board at work......leave the poor Devils Den alone and go back to the LB section......... :o:o:o:wacko::wacko::wacko:

 

Do I need to post more compromising pictures of you and your Canadian tanning habits? :P Do remember that I arrive BEFORE you and that I KNOW where you are STAYING! He/She will be taller than you, have large hands, a deep voice, and will demand that he/she "smoke you good" while humming "Happy Birthday Pattaya Bound", I would have him/her sing but her mouth will be full. :Raspberry6:

 

 

 

yeh but the denyhosts works for all sorts of attacks, its amazing to see on linux how these lowlifes are attempting to gain access to your box when your have a look at the root file /var/log/auth.log you can see them trying a while range of tcp ports with guessed user names and passwords for common setups like mysql, samba, ssh etc etc. scumbags .. is so tempting to have a go at attacking the ip addresses doing this!

 

Most scripts don't even bother with brute force password cracks. They will try the very common, defaults, but for the most part they shoot for unpatched applications and protocol vulnerabilities to gain access. Its faster and easier then running through a dictionary for a password. As for denyhosts, easily bypassed. A good hacker will never use their own IP address and instead shoot through a proxy usually another compromised machine. You would have to trace back to that machine then start tracing the packets, again back from there. A good hacker will have about 4 layers between them and their target. Your average script kiddie just hits a compromised machine in China and launches what they want from there. More so, if you got enough zombies under your control you can overrun most defenses just by flooding the server with so many requests its can't keeps up and either crashes or lets you through. Again, if they want in, you aren't going to stop them. This group apparently wants in bad enough that they will find a way to do it no matter what precautions you take.

  • Like 1

'Veni, Vidi, Velcro' - I came, I saw, I stuck around.

When I'm single I like playing the field. You call it picking up hookers. - Jim Norton

 

Link to comment
Share on other sites

Yes, they will probably have several backups dating back, however the exploit has to be found and patched.

 

Well the most likely culprit would be the booking php, it's the only form I see on there. Maybe the input fields are not validated first so someone could get a script to run that way. Other then that maybe extra services running on the server that's not really needed and not secured down.

Link to comment
Share on other sites

For information, our site was on a dedicated server and not one on a server farm either. Yes, we did keep back-ups and had them on another server, they got to that as well. It would seem it was not a single hacker but a Pack, (what do you call a group of these idiots). No our passwords were complex to say the lest.

 

Spanky99, you a hacker :GoldenSmile1: you are on the button in most things you have said. The real damage was done the first time, the second just allowed us to see how they were gaining access. We are playing catch up and being across 3 times zones is hindering us a little.

Link to comment
Share on other sites

Spanky99, you a hacker :GoldenSmile1: you are on the button in most things you have said. The real damage was done the first time, the second just allowed us to see how they were gaining access. We are playing catch up and being across 3 times zones is hindering us a little.

 

Nah! I do IT for a living which means I don't get my jollies hacking others sites. After spending a day dealing with other peoples computer crap, last thing I want to do is spend time hacking. I mean, porn don't surf itself and I need to relax after a hard day at work. :07:

'Veni, Vidi, Velcro' - I came, I saw, I stuck around.

When I'm single I like playing the field. You call it picking up hookers. - Jim Norton

 

Link to comment
Share on other sites

I guess its being sorted now, the current lineup is back in the website. I was shocked to see around 5 of the girls missing (I had taken Gik overnight only a week ago and when I get back home, she was missing in the website). Hope the entire issue gets sorted soon. :Chokdee:

Link to comment
Share on other sites

I guess its being sorted now, the current lineup is back in the website. I was shocked to see around 5 of the girls missing (I had taken Gik overnight only a week ago and when I get back home, she was missing in the website). Hope the entire issue gets sorted soon. :Chokdee:

 

We are working on it :GoldenSmile1: not finished but working :D

Link to comment
Share on other sites

good now I have someone to give to the imps, when they heard and we received no bookings for that period they asked me: Boss you find these people you do nothing you give them to us ok.

 

now that's scary, welcome to Hell BJS

 

Uhoh... Me given to the Imps???? That could be interesting... LOL

Link to comment
Share on other sites

I assume you guys are using some distro of Linux. Denyhosts can only do so much, but it is useful for blocking login attempts.

There is however another package, called "mod_security", which can be very useful in blocking attacks. Is it essentially a Web Application Firewall,

and the default rules can be added upon (would need regex skills though). It comes in .rpm's for flavors such as RedHat and CentOS at their repos or rpmforge.

Installation can be at times tricky if you have certain dependencies, such as liblua.

 

http://www.modsecurity.org/

http://www.howtoforge.com/apache_mod_security

 

Best defense is to always keep your web-apps updated of course... :Chokdee:

Edited by Catamaran

<center>To know when to be generous and when firm — that is wisdom.

Most things break, including hearts. The lessons of life amount not to wisdom, but to scar tissue and callus.</center>

Link to comment
Share on other sites

Sorry to hear about that Cerberus, I hope you find out who the wanker/wankers are and return the favour.

Link to comment
Share on other sites

Guys we are 95% there, we have to update the pictures in the profiles and do a run search for any glitches. Then wait to hear from yourselves if you see anything we have missed.

 

To those patrons that persevered with making bookings throughout this period, :001_Thank_You5: As usual, I also have to thank the team that work alongside me for all the extra hours and effort everybody has put in to this recovery. Blessings seem to come in many sizes and mine run the spectrum from 45 to 130kilos. :GoldenSmile1:

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



  • COVID-19

    Any posts or topics which the moderation team deems to be rumours/speculatiom, conspiracy theory, scaremongering, deliberately misleading or has been posted to deliberately distort information will be removed - as will BMs repeatedly doing so. Existing rules also apply.

  • Advertise on Pattaya Addicts
  • Recently Browsing

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.