Please Help, Hacked by Turkish hackers.

[xinnek]

I've changed my passwords on my domain, server, ftp, frontpage, mysql database etc. already. They have hijacked the admin account so I can't log into the boards. I replaced the index.php with a new copy. I am running tinyportal with smf.
How can I regain control of my admin file?

I was hacked by  [email protected] , who is a member of http://www.milli-harekat.org some turkish hacker club.

[Harzem]

I know how Turkish hackers hack sites. They sneak into the server, and deface all sites. You don't need to be casting againist Turkish, they deface all sites in the same server.

You have a weak server, this is why you were defaced. And if you were running an innocent site, you will probably not get hacked again by the same group.

If you have access to phpMyAdmin, we can help you get your admin account back. (If you accept help from a Turkish )

[DHC]

I know how Turkish hackers hack sites. They sneak into the server, and deface all sites. You don't need to be casting againist Turkish, they deface all sites in the same server. (This is why I hate the hackers from my own nation )

You have a weak server, this is why you were defaced. And if you were running an innocent site, you will probably not get hacked again by the same group.

If you have access to phpMyAdmin, we can help you get your admin account back. (If you accept help from a Turkish )

Can you please explain, in PM if necessary, HOW the hackers gain access to a "weak server" - AND - what can be done to protect against it?

TIA

- Dan

[xinnek]

No, The reason I got hacked is because I work with a guy who is turkish and a wannabe hacker. He admitted to me yesterday that he told his friends at several hacker sites that he was the administator of my site. Guess KucuK_Hacker doesn't like him. from what I can tell, they have instructions on their site to exploit the shoutbox on smf and tinyportals. That's probably how they got in. I have nothing against anyone from Turkey, I just want my site back up. It's pretty crappy that my members have to suffer because this jackoff claimed he was the admin of a site he had nothing to do with.

[xinnek]

If you have access to phpMyAdmin, we can help you get your admin account back. (If you accept help from a Turkish )

LOL Hey I'd love your help, If you don't mind helping an crazy american

[Harzem]

TinyPortal recently released a patch for shoutbox issues. You can use it.

To become the admin again,
Go to your phpMyAdmin,
On the selection box at the left, select your database.
Then, you will find a list of tables. Click on the smf_members.
There should be now a list of members, the first 30.
Find yourselft, probably you are the first one.
Find a button at your line to edit the data.

1) If you don't have admin powers, set your ID_GROUP to 1.

2) If you don't know your password, let me know your SMF version and admin username.

[xinnek]

  back in, thank you for your help, couldn't have done it without you. Again, I apologize if any of my remarks may have come across as rude or discrimatory. That was not my intention. I was just discribing where the hackers were from and what language. Again, thank you so much for your help.
xinnek

[xinnek]

by the way, kukuk_hacker just exposed the security holes, and did not destroy the forums, even though he had access to. I'd rather be hacked by someone like kukuk_hacker anyday than a malicious hacker.

[DHC]

by the way, kukuk_hacker just exposed the security holes, and did not destroy the forums, even though he had access to. I'd rather be hacked by someone like kukuk_hacker anyday than a malicious hacker.

Any chance you might share some of the vulnerabilities they exploited - AFTER you secure them, of course.

It would be nice if we had an idea of what is needed to fortify the security on the host.

TIA

- Dan

[BoA]

Poor fellow..

I got hacked as well, but in my case,

It was even worse - the whole databse was wiped out.

I got hacked by some islamic cyber terrorists...and many other phpBB2 Fully Modded boards got hacked instantly...as well.

Oh well, now I am with SMF, really proud!^^

[Harzem]

Nice to see you are back, xinnek

[KuCuK.HaCKeR]

[email protected] no -- is [email protected]
Name :  Eren
Age : 13
Location : Turkey
Muahhaha
From : hxxp:milli-harekat.org [nonactive] ----
Harzem abi türkmüşsün sende....... yaşım 13 o yüzden kucuk_hacker
MSN Contact : [email protected]
Kucuk = Small
Hacker = Hacker :=)
ESKOBAR abi söledi türk olduğunuda Harzem abi....
Msn i eklersen weya msn in warsa werirsen sewinirim.......
hxxp:www.milli-harekat.org [nonactive] & [email protected]

[conradk]

I got hit on Friday with the Shoutbox script. It was a matter of trying multiple times to stop the redirection and then view the page source to find the affected area. Once I found the shoutbox script, I could then turn off the block. (One of the themes has never played with Tiny Portal, so at least now I'm glad it didn't.)

Thanks for posting the info about the shoutbox update.

[KuCuK.HaCKeR]

I got hit on Friday with the Shoutbox script. It was a matter of trying multiple times to stop the redirection and then view the page source to find the affected area. Once I found the shoutbox script, I could then turn off the block. (One of the themes has never played with Tiny Portal, so at least now I'm glad it didn't.)

Thanks for posting the info about the shoutbox update.

no undetstand MSN contact : [email protected]

[Harzem]

conradk, I've talked to kucuk hacker and you can ignore his message

[Minsc]

I came on to my forum this morning to find it was hacked.  Thankfully all I had to do was copy over a backup of index.php.

[xinnek]

[email protected] no -- is [email protected]
Name :  Eren
Age : 13
Location : Turkey
Muahhaha
From : Milli-Harekat.Org ----
Harzem abi türkmüşsün sende....... yaşım 13 o yüzden kucuk_hacker
MSN Contact : [email protected]
Kucuk = Small
Hacker = Hacker :=)
ESKOBAR abi söledi türk olduğunuda Harzem abi....
Msn i eklersen weya msn in warsa werirsen sewinirim.......
Www.Milli-Harekat.Org & [email protected]

You've caused me a lot of time, work, frustration and money. Word of advise, One of these days you're gonna hack someone who has the power to reach out and touch you or your family. You may think you're totally anonymous, but everything is trackable on the internet and you never know who you just screwed with or just how psychotic they really are....
or for that matter....... even when they will retaliate, they may know who you are and where you live right now.

This is not a threat, just a word of caution, I had a friend who screwed with someone he didn't know. He thought he was totally anonymous and would never get caught. The guy tracked him down and stabbed him in the chest over a year later. He was very lucky to survive the attack. They didn't even know each other.  He was stabbed because he "anonymously" cut a tire in a parking lot. It was just on the wrong person's car.

[Harzem]

I've talked to that hacker boy on MSN. He says he wants to learn hacking more. But after he has seen me (a citizen of his own country), he said he wouldn't hurt SMF forums anymore.

BTW, he said the only vulnerabilitiy in SMF was the shoutbox thing, which were already patched.

Even they have SMF forum, http://www.milli-harekat.org/mhg/platform/

[MegaV1]

if you wanna hack
a) get paid to hack (white hats)
b) help fix the problem (gray hats)

and i help people fix their problems, me being a network admin, network tech, web admin, system admin, system tech
i sometimes have to work from the outside to find problems

oh yeah, about the shoutbox thingy, can you tell me if i am in danger from it?
www.skillsource.info

[Harzem]

You are not probably affected, because shoutbox exploit only works with guest posting. And I see you don't allow guest posting in shoutbox.