+Team JSAM Posted June 18, 2006 Share Posted June 18, 2006 Has anybody ever seen this before. I went to log on to the IGO website and is says its been hacked by Hacked by OZELKUVVETLER & BORDO BERELILER just wondering if anybody has seen such a thing before. Idaho Geocachers Org Quote Link to comment
+hikergps Posted June 18, 2006 Share Posted June 18, 2006 Yep, sure has. I bet your webmaster chokes on his Wheaties in the morning. Never heard of those guys, but I don't see many hacked pages. Quote Link to comment
+Isonzo Karst Posted June 18, 2006 Share Posted June 18, 2006 Today's Cacher was hacked. Set them back a month or more on their publication schedule. Created problems with handling subscriptions too. A real PITA, some people are total jerks. Quote Link to comment
+treasure_hunter Posted June 18, 2006 Share Posted June 18, 2006 Looks like the Turks, they hacked www.earthcache.org last year! Quote Link to comment
+BadAndy Posted June 18, 2006 Share Posted June 18, 2006 This is the second time they've hit us....Bastards. Quote Link to comment
+Team Torque Posted June 18, 2006 Share Posted June 18, 2006 Your webmaster is not keeping up on his security updates or has a poor password policy. Even 0-day hacks have a fix right away. Once they are in you have little choice but to wipe clean and reinstall. Since you don't know how long it was compromised even a backup may not be safe. Quote Link to comment
+BadAndy Posted June 18, 2006 Share Posted June 18, 2006 Your webmaster is not keeping up on his security updates or has a poor password policy. Even 0-day hacks have a fix right away. Once they are in you have little choice but to wipe clean and reinstall. Since you don't know how long it was compromised even a backup may not be safe. I don't see how you could come to the conclusion that he isn't on top of security. Some of the most security minded corporate and govt websites have been hacked. Quote Link to comment
+ReadyOrNot Posted June 18, 2006 Share Posted June 18, 2006 Your webmaster is not keeping up on his security updates or has a poor password policy. Even 0-day hacks have a fix right away. Once they are in you have little choice but to wipe clean and reinstall. Since you don't know how long it was compromised even a backup may not be safe. I don't see how you could come to the conclusion that he isn't on top of security. Some of the most security minded corporate and govt websites have been hacked. When I look at the logs on my server, people are constantly trying to find holes and hack in. I doubt that they targeted the site, they probably just found a hole and took advantage of it. Quote Link to comment
+El Diablo Posted June 18, 2006 Share Posted June 18, 2006 Your webmaster is not keeping up on his security updates or has a poor password policy. Even 0-day hacks have a fix right away. Once they are in you have little choice but to wipe clean and reinstall. Since you don't know how long it was compromised even a backup may not be safe. When they hit Today's Cacher it wasn't our webmaster's fault, it was the fault of the hosting company. They not only hacked our site but everyone else that was on the hosting company's server. We finally had to change hosting companies. The good thing was that they didn't mess with our data. El Diablo Quote Link to comment
+Vinny & Sue Team Posted June 18, 2006 Share Posted June 18, 2006 Your webmaster is not keeping up on his security updates or has a poor password policy. Even 0-day hacks have a fix right away. Once they are in you have little choice but to wipe clean and reinstall. Since you don't know how long it was compromised even a backup may not be safe. When they hit Today's Cacher it wasn't our webmaster's fault, it was the fault of the hosting company. They not only hacked our site but everyone else that was on the hosting company's server. We finally had to change hosting companies. The good thing was that they didn't mess with our data. El Diablo What you have pointed out is extremely common; much of the security of a website really depends upon the security measures employed by the hosting company, regardless of whether the site is hosted on a shared server or on dedicated servers. Quote Link to comment
+Team Torque Posted June 18, 2006 Share Posted June 18, 2006 Your webmaster is not keeping up on his security updates or has a poor password policy. Even 0-day hacks have a fix right away. Once they are in you have little choice but to wipe clean and reinstall. Since you don't know how long it was compromised even a backup may not be safe. When they hit Today's Cacher it wasn't our webmaster's fault, it was the fault of the hosting company. They not only hacked our site but everyone else that was on the hosting company's server. We finally had to change hosting companies. The good thing was that they didn't mess with our data. El Diablo What you have pointed out is extremely common; much of the security of a website really depends upon the security measures employed by the hosting company, regardless of whether the site is hosted on a shared server or on dedicated servers. It is true I assumed your webmaster and hosting company was the same. Either way someone was not on top of things. Quote Link to comment
+JMBIndy Posted June 19, 2006 Share Posted June 19, 2006 The jerks obviously have nothing better to do with their time... Quote Link to comment
+Moore9KSUcats Posted June 19, 2006 Share Posted June 19, 2006 My hubby works with security sometimes, and it is amazing how many IT people think that "guest" or "password" is an original idea for a password! I am not trying to make assumptions on the conditions of these hosting servers, but some of the things he has come across would curdle your socks. Quote Link to comment
+maggieszoo Posted June 19, 2006 Share Posted June 19, 2006 KYOWVA got hit last week, too. (Kentucky, Ohio, West Virginia geocachers) Quote Link to comment
kcart Posted June 19, 2006 Share Posted June 19, 2006 Public web servers get hacked, at least in part, because they're running old, outdated, unpatched software with exploitable vulnerabilities. The same thing happens to your home PC when you don't install the most recent updates. Granted, default usernames and weak passwords also increase vulnerability, but my guess is these guys go after boxes with well known, published 'sploits. And you're not alone. Looks like they've hacked dozens of sites. The number of web sites being compromised and used for phishing and/or dropping malware is increasing, and most times the owner of the site is unaware it's happening. More likely, in this case, script kiddies are simply defacing web sites. I could speculate as to why, but it might violate forum guidelines. Let's hope you have a good backup and that your system and network resources can get your group's web site restored ... but not before locking down the server. I expect those responsible for your site's security will be more vigilant going forward. ©¿©¬ Quote Link to comment
+Baralak Posted June 19, 2006 Share Posted June 19, 2006 www.nelageo.net was hit about 2 months ago... The good part for me is that I make weekly backups on the site and the data.. I lost several posts, but I was back up and running within an hour. Baralak Quote Link to comment
+Vinny & Sue Team Posted June 19, 2006 Share Posted June 19, 2006 Public web servers get hacked, at least in part, because they're running old, outdated, unpatched software with exploitable vulnerabilities. The same thing happens to your home PC when you don't install the most recent updates. Granted, default usernames and weak passwords also increase vulnerability, but my guess is these guys go after boxes with well known, published 'sploits. And you're not alone. Looks like they've hacked dozens of sites. The number of web sites being compromised and used for phishing and/or dropping malware is increasing, and most times the owner of the site is unaware it's happening. More likely, in this case, script kiddies are simply defacing web sites. I could speculate as to why, but it might violate forum guidelines. Let's hope you have a good backup and that your system and network resources can get your group's web site restored ... but not before locking down the server. I expect those responsible for your site's security will be more vigilant going forward. ©¿©¬ I think that was well-said -- I agree. Many websites are years behind the curve when it comes to firewalls, security updates for routers, server OS, etc. Quote Link to comment
ju66l3r Posted June 19, 2006 Share Posted June 19, 2006 Often, the server is hacked by another computer that's already been compromised (aka a "zombie"). The result is that often, the original "hacker" isn't even directly responsible for what's occurred...their little worm/virus just keeps going strong looking for an exploitable computer using a brute force search and then modifying the hosted files as wanted when it gets in. This isn't often the result of getting access to the actual username/password that has the access necessary. Usually, there's a hole in another program on the computer that "lends" its level of access to the offender's program in a way that lets them write their new files and then get out. Really evil offender programs will install things that will tattle passwords or usernames and other information but for the most part, what you'll see is just a few index.html type file replacements and the offending program doesn't have any way back into the system once you've fixed the hole meaning everything is safe the way it was (plus the patch). Unfortunately, since it's often really difficult to tell if it was a really evil hack or just a graffiti-style hit'n'run (and most of them will delete the system logs that could tell you what they did), it's safest to reset from a backup, patch to the latest software, and change passwords and things to prevent any potentially stolen information from coming back to haunt you later. Just wanted to be clear on the fact that this wasn't a targeted attack nor was it probably much more than a little graffiti tagging rather than something more sinister. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.