December 27th, 2005
Defaced..
Yesterday night conversation with Faith;
Faith (27/12/2005 03:45:56): apsal ngan blog ko
Hepan (27/12/2005 03:46:00): huh
Hepan (27/12/2005 03:46:02): apsal?
Faith (27/12/2005 03:46:10): haha gi la tgk
Hepan (27/12/2005 03:47:14): OMG
And what I saw was on the screenshot above… well yea, I’ve been hacked by some Turkish hacker. I believe he started it around 3.00 A.M according to my apache access log and he’s been playing around with the gallery PHP files. Like Zeo mention in my shout box, it was the Plogger (my gallery script) security holes which happen to enable the hacker to insert their injection thru the browser. He didn’t actually rewrite my index file, but instead he wrote a new .htaccess file that redirect the user to the hack page which is inside the gallery folder.
If you were running the Plogger gallery script, go ahead and apply the security fixes immediately to avoid any problem.
For the time being, I don’t plan to upload the gallery yet since I don’t have much time to reconfigure the layout to match this theme.
Anyway, my site now is using the new ajaxed Wordpress 2.0. Upgrading was a breeze, I even manage to use my old quicktags (I have a lot of custom tag there) and most of the plugin is working perfectly.
Thanks to Zeo for the tips on how to disable the ugly and lame TinyMCE on the write page.
Updated, Hisyam thanks for showing the world.. –”nothing is secure” :))
kene upgrade plogger ler camni
upgrade je, kalo malas rename dulu folder tu jadi some random gilberish nombor.. huhuhu
haha…sian aku baru nak start balik buat layout..macam takkan siap je :)>-
uhuk..takpernah lagi tgk page kene hack…camtu upenyer…kalo org khianat pun camtu laa ek…ish…me nak pasang ploger,tapi tak tau..#-o
takpe bukan selalu, maklula. femes kan. die jeles ko baru tukar layout je tu. ehehehehe.
yukuri.. yukuri..
I’m just a random victim
ahahha.. manerrrrr :))
anyway thanks for informing me bout the hacking attemp yesterday
oh no hal.
selalunye yg kena hack hack ni sebab gallery script la. aku dulu pun pakai script utk letak gambar, mamat tu tak hack tapi tulis warning je. sebab tu aku stick ngan flickr sekarang nih :)>-
uiyoo… tetapi.. mengapa website aku bleh je bukak
lalalala \:d/
uuiihhh… hackerz!
yea.. defaced je. aku macam suke dengan plooger tu.. huhu
pasal die tak take control over the whole site ler.. die tuka frontpage jek
ape lalala.. bile mau update?
:-”
<):)
tadi aku check main page blank, putih jer…kena lagi ke…
tak, mysql server problem tadi
owh die hack gune .htaccess ek.. bahaye ni.. site aku pun gune .htaccess
tapi motif die hack tu cam bowdow je.. not war?
ape yg bodo nye? bagus la. motif dia hack tu nak kasi warning yg script yg ko pakai tu ada vulnerable(spelling) n suruh ko update.
Emptyspace, kalo .htaccess ko chmod 644 slamat la kot.. aku punye tu chmod 666 pasal wordpress senang nak rewrite permalink nanti.
Syam, aku rase emptyspace maksudkan pasal die tlis ‘not war’ tu kot.. huhu.. tade kaitan langsung..
p/s – pesal sengal sangat function reply aku ni, kejab bole. kejab takbleh.. adoi la.. pening aku
ishk2.. nape r baru perasan.. g blog abe hisyam baru perasan..
hm.. rupanye file .htaccess ni leh wat lobang.. ape function .htaccess ni? salu jumpa tp tak tau function., kdg2 rs gak nak delete sebab rs cam takde function but tkt de application mane2 yg ako tak tau perlukan file htaccess tu..
erm.. attack camni takleh dielakkan guna firewall ke., internet sekuriti ke..? erm.. bnyk kne blaja gak ni sbb one day i’ll have my own server..nak gak…
kat laptop ni salu je norton internet sekuriti cakap die block intrusion attack dari mne2 nth.. wireless..
actualy file yang problem tu dari script gallery and file tu bole enable mamat tu utk rewrite htaccess aku.
even the most secure server pun kalau gune script yang ade vurn akan dihack dengan mudah.
jangan delete htaccess tu, banyak function die. Fancy url/SEO optimized url pakai htaccess untuk rewrite URL dari index.php?p=xx ke URL yang lebih cantik macam /2005/12/27/Defaced.
nak block hotlinkers pun pakai htaccess gak