StriperSurf Forums

StriperSurf Forums (http://stripersurf.com/forums/index.php)
-   Computers, etc (http://stripersurf.com/forums/forumdisplay.php?f=51)
-   -   Freaking Hacker Info (http://stripersurf.com/forums/showthread.php?t=536983)

Bob D'Amico 03-21-2012 02:27 AM

Freaking Hacker Info
 
1 Attachment(s)
Another website I manage, bringseanhome.org, was seriously hacked in February. It took me weeks of work to get back control and make sure it was clean.

Ever wonder what a "Trojan" looks like? Here is an image of two different types. The larger one was an "injection" (hack) into the MySQL database which runs the Simple Machines Forums software and the main site which is on a CMS platform. It only was attached to only +/-50 very important PHP files.

The smaller one is a Javascript Trojan was easier to find but it infected every single Javascript file, hundreds of them throughout the web site! We, meaning WestHost and yours truly are stumped how that was done but it happened on Feb 15th. We can't be sure but suspect the "perp" who injected the Trojan was from:
  • Belarus or
  • Germany or
  • India or
  • Russia or
  • Pakistan or
  • Ukraine
I think the scumbag is a Russian.

Of these two Trojans the first one was the most "evil," if I deleted an infected file, within seconds it would reappear! It took me days to track down and kill the "Queen" file which was hiding in a sub-directory, guarding her flock of infected files.

The most interesting thing is that no matter which scanning service I used, Google Webmaster Tools, and a few others, plus a software package on my PC called Beyond Compare, none of the infected files were flagged. This proved to me that although "automation" by software is great it's like the old adage that you need "Boots on the Ground" to win a war. In this war, replace boots with a Pair of Eyes, opening and skimming the code in thousands of files! :wow:

The reason why the Trojans are in a picture is that they are of course "live code." The Black stripes is in case you save the picture and then share it. Sooner or later some smart arse kid would see it and simply copy each character into a Javascript file, causing a

Before anyone asks, this site uses vBulletin Forums software which costs $$$$$$ while Simple Machines Forums software is free. You get what you pay for. On the plus side this attack taught me an important lesson, no matter how secure we may think our websites, networks and PC's may be the bastards are constantly attacking.

RobS 03-21-2012 08:35 AM

Re: Freaking Hacker Info
 
so, to get in, first the s**mbag hacks an admin pwd, then drops these turds around to do their damage?

Jess 03-21-2012 01:48 PM

Re: Freaking Hacker Info
 
Quote:

Originally Posted by RobS (Post 2367020)
so, to get in, first the s**mbag hacks an admin pwd, then drops these turds around to do their damage?


You would never make it as a hacker Rob:naughty

No need to use the front door.;)

RobS 03-22-2012 07:44 AM

Re: Freaking Hacker Info
 
yeah yeah... been a while since I even looked into backdoor hacks, especially with the new suite of servers and apps.

I know about many tricks of overflowing stacks and blah blah used to open security holes.

Just that with the new rash of password bots, seems email accts and the like get simple front door attacks as much as anything else.


All times are GMT -4. The time now is 08:58 PM.

Powered by vBulletin® Version 3.6.6
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright 1998 - 2016 StriperSurf.com, All Rights Reserved