dont get mad | you have been hacked

dont get mad | you have been hacked | your security=0 y3v.h4x
was the message I found today after deleting a pornographic banner from the header of my site (sorry for that) and another fishy php file I found on my server.

How can I not get mad? When I see a pornographic banner on top of my site. I AM mad. I am VERY mad but I'm going to focus my energy into getting even a more secure system, learning about and promoting security to others.
But here is the thing, I've already been quite security aware and my home system is quite secure, if I may say so - definitely more secure than most of them out there. But it seems it wasn't my system that was breached into - it was a vulnerability in the CMS I use, sNews.

I'm thankful to Luka and Mika, main developers of sNews CMS for supplying us all with a patch in less than 24 hours and everybody else who helped solving this. Bravo!

I was actually among the fortunate ones as my site didn't go down like it did to a friend of mine Patric for whom I feel very sorry. And everybody else who got somebody crack into their site - that's right, my site wasn't hacked into - as hacking is not all about breaking into other people's sites and posting inadequate content or doing any other harm. These are crackers who just know how to click "OK" and execute some exploit somebody else made. Ha! Hackers - you wish!

The first thing you should do now, after applying the patch from sNews forum, and which I recommend to everybody using the sNews CMS is to remove that little notion that says your site was barbecued by this CMS. It's the most obvious one and it won't solve your problem but that's probably the easiest way these crackers can find most of the sNews sites. Everything indicates that these crackers have used that to find sNews sites in this particular case: my logs say that the person who did this came from Google searching for this phrase and the exploit to which Luka at sNews Forum indicates looks like it's made to search for just that. I'll soon put a little picture there instead.

As far as I know for now, the cracker left one suspicious php file that my hosting says could be some kind of a shell script used to manipulate with my files but nothing like that happened because my server has phpsuexec option in PHP turned on, whatever that means.

Now I've got some questions that are bothering me:

Posted on January 15, 2007

Fred K on January 15, 2007:

Dom,
I had the same problem and I agree with your point of view. These crackheads are fishing for attention, like any 5-year old and unfortunately they're getting what they want from us... But how can we not get mad? If they really wanted to alert us of a potential security flaw in sNews, gosh, all they had to do was post a comment on our sites to that effect or, even better, send us an email. Did they? Nah, they egged us instead. And then ask us not to get pissed off. Which is typical 5-year old behaviour.

Sorry you got cracked, man.
/agentS

albert on January 15, 2007:

Hi Dom

Sorry to hear that your site had been cracked.
Gald the luka a Mika are on the ball with getting the fix done asap.

if you want to find out more you can go here:
http://www.securityfocus.com/bid/22025/info

Patric on January 31, 2007:

Hey, mate...

;) .. Well, no need to comment really. They're asses, period.
Was just curious as to weather you did upload a favicon... Hehe... You mentioned that on my site a few days back...

Btw, I'm gonna steal this font for my new layout/design. It rocks.

Have a good one, Dom.

Dom on February 02, 2007:

Hi Patric!

Ditto! (about these crackers)

Regarding the favicon - didn't have time to do it this week - I'm really inexperienced with graphics and these complex digital graphic applications so we'll see what I will make out of my first try... hopefully I'll get to do it next week.
You watch and see - I've been thinking and I've got an idea how it's supposed to look...

And yes, please use this font - I already saw a font like this one (or maybe the same one) emerging on some headings on your new layout design ("New Articles", "New Comments" etc.) the other day and was about to comment how I'm definitely gonna like your new template if you use this font... ;)
I'm really bored seeing most of the websites having the same Verdana (or Verdana like) font...

Mani on March 12, 2007:

they just search 777 premison file and i think it was config.php and they put code into it thats it

sasha on April 01, 2007:

great site man....odlican :)

Dom on April 02, 2007:

Thanks sasha!

Now that wasn't April Fools' Day joke, was it?

sasha on April 02, 2007:

nop...site looks good..fast load ,good chosing colors and nice news story.i liked your site ..this is not joke....

y3v.h4x on June 11, 2007:

sowwy dude
that porno banner.. wasnt added there by me
i dont deface index i just added that shell
you have to turn your safe mode on
or was it that i did i bypass.. whatever
no harm done.. i just used your bandwidth for a bit
no hard feelings eh? :x

Dom on June 16, 2007:

We obviously have different views on the world an that's OK, although what you did is nowhere near OK in my world...

> no hard feelings eh? :x
Well, just as I have said - I won't waste my energy on hatred but rather on constructive things. But I won't forget.

Write a comment

* = required field

:

:

:

5 + 2 =

Thank you for helping me fight spammers!