X10 Check ure protection ( hacked )

[Mr. Coolkat]

As x10 know I was banned cause of one picture on my frontpage and could not change it .......Why , Well simple.....
http://www.zone-h.org/en/defacements/mirror/id=3239335
Like I told in earlier posts i cant access my page anymore ...
But even not to try to look what was wrong u blocked me of a pic i wanted to get of my front page.

I checked many sites and it seems that X10 has no good protection .

I dont know what they have done to my page yet ( cause i was banned for 4 days ).
If im right I should be check it out tomorrow again.

I dont mean to be rude or so , but its also a warning for X10 , please secure more....
And hope you will unblock me tomorrow so i can fix that problem with that picture on my front page .
If My page is not 100% hacked and deleted....

Dont give me bad points ...
Do you think iam happy ?

 

[Jake]

we'll check this ... i also think corey should read this, if he doesnt i will make him

 

[Mr. Coolkat]

Hope corey will read this asap , and see that it was not really my problem that i could not edit or come online ...

Sorry X10 for the fault on my page , but i really could not change that...

 

[Bryon]

This was already known about. The data center reported about 15-20 sites that were defaced because of a vuln. in some sort of PHP CMS, script, etc. This has nothing to do with x10's sites, but rather, an outdated/old PHP script.

Edit http://www.zone-h.org/en/defacements/filter/filter_ip=70.86.136.178/

 

[Mr. Coolkat]

Okay update me ,

if its Php Why the whole X10 Page ( of mine ) was gone .....
Iam running the latest php forum board with all protections...


And if its about php , what can we do about it ?
Iam sure iam not the only one......

*** Edit ***

How do you know its not X10 ???

Look at link , its a root directory and not to PHP ??

 

[Bryon]

Ticket Number: 1058497PLNT
Ticket Type: Technical Support
Server: N/A
Status: CLOSED
Opened By: Tech Support
Summary: Multiple Defaced Websites: 70.86.136.178
Last Updated: 01/19/2006 00:02:10
Details:
Customer,

It has been brought to our attention that your server 70.86.136.178 may be hosting a website that has been defaced.

The possibly defaced websites are:
> 70.86.136.178 | 2006-01-13 17:42:00
> http://aaroniscool.be/~rooting/hacked/index.php 3239345
> 70.86.136.178 | 2006-01-13 17:42:00
> http://amescua.be/~rooting/hacked/index.php 3239343
> 70.86.136.178 | 2006-01-13 17:42:00
> http://bwforums.net/~rooting/hacked/index.php 3239346
> 70.86.136.178 | 2006-01-13 17:42:00
> http://campeaureunion.com/~rooting/hacked/index.php 3239356
> 70.86.136.178 | 2006-01-13 17:42:00
> http://coolkat.x10hosting.com/~rooting/hacked/index.php 3239335
> 70.86.136.178 | 2006-01-13 17:42:00
> http://crak-hed.com/~rooting/hacked/index.php 3239341
> 70.86.136.178 | 2006-01-13 17:42:00
> http://crystal.x10hosting.com/~rooting/hacked/index.php 3239329
> 70.86.136.178 | 2006-01-13 17:42:00
> http://digital.exofire.net/~rooting/hacked/index.php 3239339
> 70.86.136.178 | 2006-01-13 17:42:00
> http://digital.pcriot.com/~rooting/hacked/index.php 3239340
> 70.86.136.178 | 2006-01-13 17:42:00
> http://donald.x10hosting.com/~rooting/hacked/index.php 3239362
> 70.86.136.178 | 2006-01-13 17:42:00
> http://dosworld.info/~rooting/hacked/index.php 3239342
> 70.86.136.178 | 2006-01-13 17:42:00
> http://emmaw-central.net/~rooting/hacked/index.php 3239347
> 70.86.136.178 | 2006-01-13 17:42:00
> http://giaidieuloves.be/~rooting/hacked/index.php 3239355
> 70.86.136.178 | 2006-01-13 17:42:00
> http://haqrpg.pcriot.com/~rooting/hacked/index.php 3239357
> 70.86.136.178 | 2006-01-13 17:42:00
> http://j4ltech.org/~rooting/hacked/index.php 3239358
> 70.86.136.178 | 2006-01-13 17:42:00
> http://joostis.x10hosting.com/~rooting/hacked/index.php 3239334
> 70.86.136.178 | 2006-01-13 17:42:00
> http://kenrocks.x10hosting.com/~rooting/hacked/index.php 3239364
> 70.86.136.178 | 2006-01-13 17:42:00
> http://motb.net/~rooting/hacked/index.php 3239359
> 70.86.136.178 | 2006-01-13 17:42:00
> http://prowl.be/~rooting/hacked/index.php 3239336
> 70.86.136.178 | 2006-01-13 17:42:00
> http://reaperprojects.com/~rooting/hacked/index.php 3239332
> 70.86.136.178 | 2006-01-13 17:42:00
> http://ryctu.x10hosting.com/~rooting/hacked/index.php 3239328
> 70.86.136.178 | 2006-01-13 17:42:00
> http://sauly.be/~rooting/hacked/index.php 3239344
> 70.86.136.178 | 2006-01-13 17:42:00
> http://sdginger.net.ru/~rooting/hacked/index.php 3239331
> 70.86.136.178 | 2006-01-13 17:42:00
> http://soldatmaps.net/~rooting/hacked/index.php 3239330
> 70.86.136.178 | 2006-01-13 17:42:00
> http://students.x10hosting.com/~rooting/hacked/index.php 3239363
> 70.86.136.178 | 2006-01-13 17:42:00
> http://sweetschizo.net/~rooting/hacked/index.php 3239360
> 70.86.136.178 | 2006-01-13 17:42:00
> http://tehlikeliarsiv.x10hosting.com/~rooting/hacked/index.php 3239361
> 70.86.136.178 | 2006-01-13 17:42:00
> http://the-source.info/~rooting/hacked/index.php 3239348
> 70.86.136.178 | 2006-01-13 17:42:00
> http://theclan.x10hosting.com/~rooting/hacked/index.php 3239327

The web pages on the account may be vulnerable to Cross Site Scripting. Some pages may have a vulnerability that allows a malicious person to take advantage of a vulnerable page and subsequently download and run malicious programs on your server.

We highly suggest you investigate your server for possible compromise and ensure that the user has all of their PHP scripts updated to the latest version. If you need assistance with this, please feel free to update the ticket and we will do what we can to assist you.

Please keep in mind this is merely a courtesy ticket to alert you of this and we apologize if you are already aware of this issue.

Thank you!

I'm not sure of what the actual vulnerabilty was. What did you have on your site? (If you had a CMS, forum, etc, post the version please.. )

 

[Mr. Coolkat]

What did i have ! \

Well , iam running a forum board PHP latest version , If iam correct it was 0.19 or so...
Latest version..
What i have in there is just mixes from members on the forum who made there own music..
Nothing special but nice for some members who wants to hear music mixes from over the world.

Why they attackt me , I dont know , There is nothing serious to get ..
Its just a page for music lovers


I Just ask one thing to all x10.
Please put me up again so i can see what is going on.
But i think i cant log on cause iam hacked...

How do we deal with this also ?
Its not mine fault ..

I cant connect at all like i said...
And i like this X10 hosting and dont want to loose it....
Any ideas ? Corey , Maybe ?

 

[Jake]

haha i think that we should just find that "dfgsdf"s ip and find like 20 hackers to hack his personal computer all at the same time that would probobly get him to stop...

but there really isnt anything you can do other than keeps your scripts up to date, and we can reactive your account ant stuff (if you want we can change the subdomain.

 

[Bryon]

Don't use "low end" CMS's/Forum systems if you don't want this to happen again. If you do, there is the chance for it to. If you don't use a "low end" CMS/Forum system, you just need to keep it updated. If you were updated, it might have just been a exploit he found himself that was unpatched (Obviously), and/or a 0 day.

It was prolly just a vuln/exploit that either allowed him to upload files of his choice, edit files, include files, etc etc.

 

[Mr. Coolkat]

Well , u say some points but i must say.
I dont get anything you talk about ......

Iam not a pro user , i was happy that i could get my page working with forum...

What do u mean ?

Just explane in stuppid language.

And to x10 , from today my account should be unsuspended...
It is not . so please do so then i can change that one picture and lets see what damage they did.

 

[moose]

CMS is the content management system, and because of a faulty script, it allowed the so called hacker upload unwanted files easily.

So he Nedren suggests you to get a better and probably a more supported CMS for your website so similar problems will be less frequent.

I hope that was what you wanted to know about.