The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacker's site exposed

Discussion in 'General Discussion' started by cretu, Jan 20, 2004.

  1. cretu

    cretu Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    208
    Likes Received:
    0
    Trophy Points:
    16
    Hi there,

    I have been attacked by small trojans, disposed in /tmp in one of my boxes. I did a little research and found out that hacker is injecting his tojans via insecure php programs (developed by one of developer hosting with me).

    Anyway, here's hackers site - more interesting are exploits and files used to inject and infect boxes - for your viewing pleassure:

    http://www.geocities.com/kamar_n0ldy/


    Cheers,

    Cretu
     
    #1 cretu, Jan 20, 2004
    Last edited: Jan 20, 2004
  2. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    ON, Canada
    Quite the stuff he has there.
     
  3. kris1351

    kris1351 Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    963
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lewisville, Tx
    Definately a few interesting reads in there. I have seen more than enough of shell.php and other similar scripts this past year.
     
  4. cretu

    cretu Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    208
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    I guess the show is over... Geocities took the site down

    Cretu
     
  5. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    ON, Canada
    Just temporarily due to data transfer.
     
  6. cretu

    cretu Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    208
    Likes Received:
    0
    Trophy Points:
    16
    well, such a popularity...

    cretu
     
  7. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Still works for me. Why don't they take it down? Obviously this guy is a criminal.
     
  8. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    ON, Canada
    Geocities only takes a site down for an hour when it's too busy.

    They likely don't know about it.
     
  9. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    They do now. I'm sure he'll just sign up for another free site, though.:rolleyes:
     
  10. MPCN_Russ1

    MPCN_Russ1 Member

    Joined:
    Jun 26, 2003
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cretu/cPanel,

    Please remove the link back to that site. There is quite a bit of personal information of people there (hundreds to thousands of sets) including credit card information.

    Thanks,
    Russ
     
  11. MrHits

    MrHits Well-Known Member

    Joined:
    Oct 31, 2001
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    interesting, one of his hacks appears to be a cpanel Dev server:


    sh-2.05a$ uname -a
    uname -a
    Linux server.melitaweb.net 2.4.20-HOSTNOC-1.1 #1 SMP Fri Mar 28 22:48:01 EST 200
    sh-2.05a$ cat /proc/version
    cat /proc/version
    Linux version 2.4.20-HOSTNOC-1.1 (root@development.hostnoc.net) (gcc version 3.2.3 20030316 (Debian prerelease)) #1 SMP Fri Mar 28 22:48:01 EST 2003
    ================================================================================
    81.15.148.2 l:blink p:kopedkrew port 22
    ================================================================================
     
  12. nybble

    nybble Well-Known Member

    Joined:
    Jan 26, 2004
    Messages:
    223
    Likes Received:
    0
    Trophy Points:
    16
    I am just wondering, did anyone report this guy?

    Yahoo!(tm) seems to still have his site up... are those card numbers valid? those poor people who own those cards....

    Anyway :) just wondering if its been reported to Visa/MC.
     
  13. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    still not been able to check this website. Everytime i try it says the site has exceeded its allocated transfer.
     
Loading...

Share This Page