SMF "Hacked by ghost61"

Forum Moderators: rogerd

Message Too Old, No Replies

SMF "Hacked by ghost61"

Forums hacked For Türkiye, apparently.

scraptoft

12:01 pm on May 23, 2008 (gmt 0)

Just tried checking my forums and each link of the forums is directed to a page that says "Hacked by ghost61 for Türkiye".

I did a quick search and it seams ghost61 has taken down a few forums including phpbb etc.

Now I don't know if this is a personal attack or just a robot searching the net, probably the latter.

In the last 5 years spent running and developing websites this has never happend to me before.

Could anyone with experience with ghost61 or tracking these "hackers" give me any advice on finding out how they managed to do it.

thecoalman

2:23 am on May 24, 2008 (gmt 0)

Are you up to date on your software? If its a prevalent attacker then your software/mods are most likely not up to date and contain vulnerabilities. They look for easy targets and they are too hard to find.

They'll find you through a google search either searching for text in the page, the URL etc. If for example phpbb3.0 had a vulnerability and its a bot crawling a quick look at the meta tags would tell it if the forum was updated or not as they were changed in the last update.

I had a mod on a phpbb2 forum that had one vulnerable file, I was on the authors personal mailing list for updates. Shortly after receiving notification and updating the file it suddenly became a very popular file. My logs showed a huge surge in hits for that file and the search string for the specific URL to confirm the file was present.

rogerd

1:34 pm on May 26, 2008 (gmt 0)

Forums, CMS scripts, etc., often have these vulnerabilities exposed, and, as the coalman poinnts out, keeping up to date will all patches and version upgrades is the key to avoiding them.

I did have one situation where the attack came via a vulnerability in the host's server. After two defacements, I changed hosts.