Gossamer Forum
Home : General : Chit Chat :

mean anything to anyone

Quote Reply
mean anything to anyone
Hi,

Has anyone else has seen this before

"MinangCrew Back To Action
Wait N Feel Our New Actions, Soon
MinangCrew At Dalnet

JeJENg Wuz Here
Dedicated to My Soul "

Basically my server has been broken into despite regular changes of password. It scares me actually but I haven't got a clue what to do, this text had become my home page. I'm now worried that somewhere is a script placed on it that notifies them of password changes.

Any insights appreciated

rgds
Kevin

Cheers
KevM
Quote Reply
Re: [KevM] mean anything to anyone In reply to
Google 'MinangCrew' and 'massplo'. Some interesting stuff there. I'd recommending changing all server passwords - including FTP and scripts. And use nonsensical passwords that also consist of non-alphanumerical characters. If you use Telnet, switch to SSH. If you use FTP, consider using SFTP (Secure FTP). What scripts do you have installed on server?

----
Cheers,

Dan
Founder and CEO

LionsGate Creative
GoodPassRobot
Magelln
Quote Reply
Re: [dan] mean anything to anyone In reply to
Hi Dan,

just been posting with andy as well, looks as though they got in and installed some files. Had a trawl around google and it seems they do this for the hell of it.

Passwords have been changed.

What a pain in the ar$e though, I was looking forward to today Unsure

Rgds

Kev

Cheers
KevM
Quote Reply
Re: [KevM] mean anything to anyone In reply to
I'd do more then change passwords though, as it's quite common to leave a backdoor once you get in. You should at a minimum run a rootkit to see if there are any common back doors, as well as get an audit of the files on your system.

Cheers,

Alex
--
Gossamer Threads Inc.
Quote Reply
Re: [Alex] mean anything to anyone In reply to
Hi,

it seems that they probably used my forms (like the search form that i currently use on my main page) to enter php or asp command lines that generate either html code to my main page or an index.html that overwrites my current index page.

This also has a name it turns out, it is called de-facing rather than hacking.

It's a bit ironic that i was going to swap over to my link sql page today so I got beaten to it, hopefully by tomorrow it will all be ok.

Thanks for your help and insight to all who replied.

rgds

kevin

Cheers
KevM
Quote Reply
Re: [KevM] mean anything to anyone In reply to
<<de-facing>>

For my own interest really is this down to the server security or the perl/search form page security/code.

How could I have prevented this, I remember speaking to Jack and he said security was paramount with Links SQL so how does Links prevent this?

Cheers,

Kev

Cheers
KevM