Smokey Posted May 4, 2011 Report Share Posted May 4, 2011 Hey, I just noticed my site was hacked. http://www.revillution.com here's the source code to the html file they replaced my stuff with: <html> <head> <title>Hacked by Team Animus</title> </head> <body bgcolor="black"> <center> <font color="white"><h1>Hacked by Team Animus</h1></font><br /> <iframe src="http://player.vimeo.com/video/17743674?title=0&byline=0&portrait=0&color=ffffff&autoplay=1&loop=1" width="560" height="315" frameborder="0"></iframe> <br /> <font color="white">Contra - Exclusive - FMC</font><br /> <font color="white">From Sweden with <3</font><br /> </center> </body> <!-- All files should still be untouched. The purpose of this was not to fuck anything up. --> <!-- We did it for the lulz. --> <!-- Contra @ REC or [email protected] --> </html> Any idea how they got in? Quote Link to comment Share on other sites More sharing options...
Cody R. Posted May 5, 2011 Report Share Posted May 5, 2011 Hey, I just noticed my site was hacked. http://www.revillution.com here's the source code to the html file they replaced my stuff with: <html> <head> <title>Hacked by Team Animus</title> </head> <body bgcolor="black"> <center> <font color="white"><h1>Hacked by Team Animus</h1></font><br /> <iframe src="http://player.vimeo.com/video/17743674?title=0&byline=0&portrait=0&color=ffffff&autoplay=1&loop=1" width="560" height="315" frameborder="0"></iframe> <br /> <font color="white">Contra - Exclusive - FMC</font><br /> <font color="white">From Sweden with <3</font><br /> </center> </body> <!-- All files should still be untouched. The purpose of this was not to fuck anything up. --> <!-- We did it for the lulz. --> <!-- Contra @ REC or [email protected] --> </html>[/code] Any idea how they got in? You can submit a ticket and we can try to scour the FTP / access logs to see if there is anything obvious. Usually these happen either by a compromise on your local computer (virus, etc) or by an exploited script (usually caused by being out of date). Depending on how long it's been compromised you may be able to use R1Soft to restore to a few days ago: https://support.hawkhost.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=91 If not the best option is to re-upload a fresh copy of your website from a copy you know wasn't compromised. You should also rotate your passwords / scan your PC just in case . Quote Link to comment Share on other sites More sharing options...
Smokey Posted May 5, 2011 Author Report Share Posted May 5, 2011 I sent in a ticket.....let me know if you need any specific info (although you guys prob already have it all ) Please try to take a look ASAP so I know where to go from here? Quote Link to comment Share on other sites More sharing options...
Smokey Posted May 5, 2011 Author Report Share Posted May 5, 2011 A member of my forums found this: http://www.vbulletin.com/forum/showthread.php/379206-Hacked-by-Team-Animus?langid=1 Seems as if it's an exploit in vBulletin 3.8. I'm gonna go ahead and fix the damage, and switch. Quote Link to comment Share on other sites More sharing options...
Brian Posted May 5, 2011 Report Share Posted May 5, 2011 Just picked up your ticket I believe. Glad to read this (albeit a bit late) and see you've found the source + a fix. Update your ticket if we can help out anymore and good luck with the migration! Quote Link to comment Share on other sites More sharing options...
Smokey Posted May 5, 2011 Author Report Share Posted May 5, 2011 Turns out it was due to an exploit in a plugin I had installed rather then vB itself, but i switched to IPB anyway and i'm happier now. However, My site is loading really slow....is it a server issue? Quote Link to comment Share on other sites More sharing options...
Brian Posted May 5, 2011 Report Share Posted May 5, 2011 I've spent the last 10 minutes browsing your forum with no noticeable slowness. I've also checked your accounts resource usage and do not see any processes consuming enough resources that would cause a noticeable slowdown. The servers load is fine and the monitoring for the server hasn't shown any events recently which would cause performance issues. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.