My site was hacked.

[Smokey]

Hey, I just noticed my site was hacked.

http://www.revillution.com

here's the source code to the html file they replaced my stuff with:

<html> 

<head> 

<title>Hacked by Team Animus</title> 

</head> 

<body bgcolor="black"> 

<center>

<font color="white"><h1>Hacked by Team Animus</h1></font><br /> 

<iframe src="http://player.vimeo.com/video/17743674?title=0&amp;byline=0&amp;portrait=0&amp;color=ffffff&amp;autoplay=1&amp;loop=1" width="560" height="315" frameborder="0"></iframe> <br />

<font color="white">Contra - Exclusive - FMC</font><br />

<font color="white">From Sweden with <3</font><br />

</center>

</body> 

<!-- All files should still be untouched. The purpose of this was not to fuck anything up. -->

<!-- We did it for the lulz. -->

<!-- Contra @ REC or [email protected] -->

</html>

Any idea how they got in?

[Cody R.]

Hey, I just noticed my site was hacked.

http://www.revillution.com

here's the source code to the html file they replaced my stuff with:

<html> 

<head> 

<title>Hacked by Team Animus</title> 

</head> 

<body bgcolor="black"> 

<center>

<font color="white"><h1>Hacked by Team Animus</h1></font><br /> 

<iframe src="http://player.vimeo.com/video/17743674?title=0&amp;byline=0&amp;portrait=0&amp;color=ffffff&amp;autoplay=1&amp;loop=1" width="560" height="315" frameborder="0"></iframe> <br />

<font color="white">Contra - Exclusive - FMC</font><br />

<font color="white">From Sweden with <3</font><br />

</center>

</body> 

<!-- All files should still be untouched. The purpose of this was not to fuck anything up. -->

<!-- We did it for the lulz. -->

<!-- Contra @ REC or [email protected] -->

</html>[/code]



Any idea how they got in?



You can submit a ticket and we can try to scour the FTP / access logs to see if there is anything obvious. Usually these happen either by a compromise on your local computer (virus, etc) or by an exploited script (usually caused by being out of date).


Depending on how long it's been compromised you may be able to use R1Soft to restore to a few days ago: https://support.hawkhost.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=91


If not the best option is to re-upload a fresh copy of your website from a copy you know wasn't compromised. You should also rotate your passwords / scan your PC just in case .

[Smokey]

I sent in a ticket.....let me know if you need any specific info (although you guys prob already have it all )

Please try to take a look ASAP so I know where to go from here?

[Smokey]

A member of my forums found this: http://www.vbulletin.com/forum/showthread.php/379206-Hacked-by-Team-Animus?langid=1

Seems as if it's an exploit in vBulletin 3.8.

I'm gonna go ahead and fix the damage, and switch.

[Brian]

Just picked up your ticket I believe. Glad to read this (albeit a bit late) and see you've found the source + a fix. Update your ticket if we can help out anymore and good luck with the migration!

[Smokey]

Turns out it was due to an exploit in a plugin I had installed rather then vB itself, but i switched to IPB anyway and i'm happier now.

However, My site is loading really slow....is it a server issue?

[Brian]

I've spent the last 10 minutes browsing your forum with no noticeable slowness. I've also checked your accounts resource usage and do not see any processes consuming enough resources that would cause a noticeable slowdown. The servers load is fine and the monitoring for the server hasn't shown any events recently which would cause performance issues.