View Single Post
  #1  
Old 03-21-2012, 02:27 AM
Bob D'Amico's Avatar
Bob D'Amico Bob D'Amico is offline
Publisher, StriperSurf
 
Join Date: Sep 1998
Location: Franklin Park, NJ
Posts: 20,493
Default Freaking Hacker Info

Another website I manage, bringseanhome.org, was seriously hacked in February. It took me weeks of work to get back control and make sure it was clean.

Ever wonder what a "Trojan" looks like? Here is an image of two different types. The larger one was an "injection" (hack) into the MySQL database which runs the Simple Machines Forums software and the main site which is on a CMS platform. It only was attached to only +/-50 very important PHP files.

The smaller one is a Javascript Trojan was easier to find but it infected every single Javascript file, hundreds of them throughout the web site! We, meaning WestHost and yours truly are stumped how that was done but it happened on Feb 15th. We can't be sure but suspect the "perp" who injected the Trojan was from:
  • Belarus or
  • Germany or
  • India or
  • Russia or
  • Pakistan or
  • Ukraine
I think the scumbag is a Russian.

Of these two Trojans the first one was the most "evil," if I deleted an infected file, within seconds it would reappear! It took me days to track down and kill the "Queen" file which was hiding in a sub-directory, guarding her flock of infected files.

The most interesting thing is that no matter which scanning service I used, Google Webmaster Tools, and a few others, plus a software package on my PC called Beyond Compare, none of the infected files were flagged. This proved to me that although "automation" by software is great it's like the old adage that you need "Boots on the Ground" to win a war. In this war, replace boots with a Pair of Eyes, opening and skimming the code in thousands of files!

The reason why the Trojans are in a picture is that they are of course "live code." The Black stripes is in case you save the picture and then share it. Sooner or later some smart arse kid would see it and simply copy each character into a Javascript file, causing a

Before anyone asks, this site uses vBulletin Forums software which costs $$$$$$ while Simple Machines Forums software is free. You get what you pay for. On the plus side this attack taught me an important lesson, no matter how secure we may think our websites, networks and PC's may be the bastards are constantly attacking.
Attached Images
 
__________________
Bob D'Amico

Reply With Quote