Well comming back from taking my finals today, i strolled to my site to check how many hits I got. When I got there it was a big white page that said someone hacked me. picture here So I quickly went, FSCK!!!! So I opened up my index.php and I nothing was changed there so I knew this guy just fscked around with our php programed CP. I knew he used the upload script the mess with my site, but how he did it was not clear to me.
So I opened up AIM+ and found Notfred online. He seemed to be as intrigued as I was in this situation and he quickly lent a helping hand to solve this cybercrime. Notfred never did any hax0ring until today. Through my log files It was clear that he used the upload script to upload a series of files that were helpful to him gaining more access. Pic of what he uploaded first
He ran that script to see what version of PHP I had installed and then wrote a seiries of his own scripts to find out more information.
Through me and Notfred's investigation we can conclude these series of events
- He was browsing through his anime forum when he found a site where people were using to upload their avatars (my site, since I had a very simple upload script)
- He then uploaded that phpversion file to see what version of php I had and where my path roots were.
- He then fondled himself as he got aroused at his hacking attempt
- Through that file he found out that my cp was in the directory ADMIN and he got a list of all the files
- he found config.php which had the database user/pass in it and ran this.
- Using that, this is what came up, SCREENSHOT
- He then got access to the admin folder and deleted the sitehtml for my site replacing it with a stupid OMG I HACKED YOUR SITE KTHX txt message. You think kiddies could be more creative!
Anyways not much harm was done. No files were deleted except some html which I have backed up on my computer. Just beware for a crazy swedish hacker who likes DELETED you know the urlname.
Thanks to notfred for his accomplishment today in being a hacker detective. Thats all.
So I opened up AIM+ and found Notfred online. He seemed to be as intrigued as I was in this situation and he quickly lent a helping hand to solve this cybercrime. Notfred never did any hax0ring until today. Through my log files It was clear that he used the upload script to upload a series of files that were helpful to him gaining more access. Pic of what he uploaded first
He ran that script to see what version of PHP I had installed and then wrote a seiries of his own scripts to find out more information.
Through me and Notfred's investigation we can conclude these series of events
- He was browsing through his anime forum when he found a site where people were using to upload their avatars (my site, since I had a very simple upload script)
- He then uploaded that phpversion file to see what version of php I had and where my path roots were.
- He then fondled himself as he got aroused at his hacking attempt
- Through that file he found out that my cp was in the directory ADMIN and he got a list of all the files
- he found config.php which had the database user/pass in it and ran this.
- Using that, this is what came up, SCREENSHOT
- He then got access to the admin folder and deleted the sitehtml for my site replacing it with a stupid OMG I HACKED YOUR SITE KTHX txt message. You think kiddies could be more creative!
Anyways not much harm was done. No files were deleted except some html which I have backed up on my computer. Just beware for a crazy swedish hacker who likes DELETED you know the urlname.
Thanks to notfred for his accomplishment today in being a hacker detective. Thats all.
Facebook
Twitter