Page 1 of 3 123 LastLast
Results 1 to 20 of 47

Thread: Site Hacked !

  1. #1
    Senior Member
    Join Date
    May 2005
    Posts
    111

    Unhappy Site Hacked !

    my website www.50klicks.com/index.php.old has been hacked by some naughty people

    this seems to be associated with websites using the older vBadvanced CMPS v1.0.1 (version 1 )... though it could be coincidential ?

    these are the toe-rags that did it - http://www.mavrahane.com/

    there are a number of sites there that they boast to have hacked....

    anyway - what can I do now? where would this re-direct have been placed? any suggestions before I update to vbadvanced version 2? and would/should that stop this particular exploit ?

  2. #2
    Junior Member
    Join Date
    Sep 2004
    Posts
    4

    Default Re: Site Hacked !

    I have been hacked by the very same bunch this morning.

    I was running CMPS v1.0.1 as awell

    Have you fixed it?

    If so how did you do it?

    Can anyone help please

  3. #3
    Administrator Brian's Avatar
    Join Date
    Jan 2004
    Location
    Georgia, USA
    Posts
    34,431

    Default Re: Site Hacked !

    What exactly was done to the site, and what leads you to believe that they used the exploited CMPS?

  4. #4
    Junior Member
    Join Date
    Sep 2004
    Posts
    4

    Default Re: Site Hacked !

    I have no idea!

    The homepage no longer opens instead it redirects to their site, that is it did until I redirected it to my forums.

    I am not blaming CMPS but asking the question everywhere in the hope that someone can shed some light on the problem.

  5. #5
    Senior Member
    Join Date
    May 2005
    Posts
    111

    Default Re: Site Hacked !

    OK - Tracked this down to the shoutbox module I was using - disabling that module and seemed to stop the problem.

    could there be some kind of post in the shoutbox that would automatically forward to a website ?

    I doubt this is a vbadvanced issues really - more a crappy shoutbox exploit ?

  6. #6
    Senior Member
    Join Date
    May 2005
    Posts
    111

    Default Re: Site Hacked !

    Quote Originally Posted by Brian
    What exactly was done to the site, and what leads you to believe that they used the exploited CMPS?

    no - i now dont think itsa a vbadvanced issue - its the shoutbox Im using - and suspect the same for all involved - it seems theres an entry in it that must force a redirect to their website.

  7. #7
    Senior Member
    Join Date
    May 2005
    Posts
    111

    Default Re: Site Hacked !

    ps - effected sites will find that they have a new user signed up - called MavraHaNe or similar - on my site they used this to enable them to post a shout.

    list of effected sites (from their webpage)

    1. http://www.arcadecrazy.com/

    2. http://rochvibe.com/

    3. http://www.b3playground.com/

    4. http://www.c-o-e.de/hopezcom/cmps_index.php

    5. http://www.thebig7.com/

    6. http://www.assimx.net/

    7. http://forums.clan-tlb.com/

    8. http://www.vvt-i.net/

    9. http://www.trackshare.com/forum/

    10. http://www.trackshare.com/

    11. http://www.iz-grafix.co.uk/

    12. http://www.beginnerbikers.org/

    13. http://www.ctd-hq.com/

    14. http://www.50klicks.com/

    15. http://www.illefx.com/

    16. http://www.clansoe.it/

    17. http://www.noodlum.com/

    18. http://www.hardcoreplayhouse.nl/

    19. http://www.530riders.net/

    20. http://www.naijaworld.com/

    if you are quick enough with the STOP button on ya browsers you will see the last thing that is posted on the shoutboxes is a MavraHaNe shout - soon as it tries to display that shout is re-directs.

  8. #8
    I ******* single moms. mholtum's Avatar
    Join Date
    May 2004
    Location
    Tempe, Arizona
    Posts
    1,938

    Default Re: Site Hacked !

    Well if it is / was a shout that causes the re-deirect, I would hardly call that "hacked"

  9. #9
    Administrator Brian's Avatar
    Join Date
    Jan 2004
    Location
    Georgia, USA
    Posts
    34,431

    Default Re: Site Hacked !

    Is this from a shoutbox module that's posted on here? If so, could somebody please link me to it?

  10. #10
    Senior Member
    Join Date
    May 2005
    Posts
    111

    Default Re: Site Hacked !

    Quote Originally Posted by mholtum
    Well if it is / was a shout that causes the re-deirect, I would hardly call that "hacked"
    no - me neither... an 'exploit' would be more apt.

    but on first discovering this I (and im sure others effected) thought the same - the site loads as normal, then suddenly redirects to a large graphic and a message saying "this site has been hacked" then forwards onto their website with a list of all the victims.

    quite sad really - but effective and trouble causing all the same.

    does anyone know if something in version 2 of vbadvanced would protect agaisnt this? all those in the list seem to be using version 1.

  11. #11
    Senior Member
    Join Date
    May 2005
    Posts
    111

    Default Re: Site Hacked !

    Quote Originally Posted by Brian
    Is this from a shoutbox module that's posted on here? If so, could somebody please link me to it?
    I muist have got this module from this site .... I remember there was a few to choose from at the time...

    i have a shoutbox.php thats starts with

    <?php

    ###########################################################################
    ## MAJESTIC FORUM SHOUTBOX
    ###########################################################################

    might be this one ? http://www.vbadvanced.com/forum/show...light=shoutbox

    noticed someone with a 'majestic forums' sig ?

    hope this helps?


    EDIT - yes it was that one actually - i remember the guy offering the mod to remove the scoll bars etc.

  12. #12
    Junior Member
    Join Date
    Sep 2004
    Posts
    4

    Default Re: Site Hacked !

    Firstly I have found the culprit. It is a script thats entered into the shoutbox. I searched the database for the name mavrahane and it showed up so I have deleted it.

    Sorry if it appeared that I was accusing CMPS of being at fault, I wasn't, but hoped that someone here would know the answer.

    Thankyou.

  13. #13
    Administrator Brian's Avatar
    Join Date
    Jan 2004
    Location
    Georgia, USA
    Posts
    34,431

    Default Re: Site Hacked !

    Quote Originally Posted by majorj0nny1
    does anyone know if something in version 2 of vbadvanced would protect agaisnt this? all those in the list seem to be using version 1.
    I highly doubt it. The exploit is somewhere in the shoutbox.php file, which is included in an iframe in the CMPS module. Looks like they're inserting some javascript when they post the shout, and that's what's redirecting people to their site. My guess would be that HTML characters are not being stripped properly before the shout is inserted into the database, but I haven't really looked at the script so I may be wrong about that.

  14. #14

  15. #15

    Default Re: Site Hacked !

    yup.. they're using something like this
    PHP Code:
    <script>header.location="hackersite"</script> 
    I'm on that hacked sites list above

  16. #16

    Default Re: Site Hacked !

    Spot the illegal 3.0 beta 4 forum they are using tho, anyone with a licence would be using 3.0.6 or .7 due to the security flaws in the older verisons.

    Pay back I think, report em, or use the known exploits and do the same to them.

  17. #17
    Senior Member
    Join Date
    May 2005
    Posts
    111

    Default Re: Site Hacked !

    Quote Originally Posted by Brian
    I highly doubt it. The exploit is somewhere in the shoutbox.php file, which is included in an iframe in the CMPS module. Looks like they're inserting some javascript when they post the shout, and that's what's redirecting people to their site. My guess would be that HTML characters are not being stripped properly before the shout is inserted into the database, but I haven't really looked at the script so I may be wrong about that.
    could i (in theory) say use the swearword feature in the script to stop anything like <script>header. being used? (as in what vbusers11 said) ?

    would that work ?

  18. #18
    Senior Member
    Join Date
    May 2005
    Posts
    111

    Default Re: Site Hacked !

    Quote Originally Posted by Izza
    Firstly I have found the culprit. It is a script thats entered into the shoutbox. I searched the database for the name mavrahane and it showed up so I have deleted it.

    Sorry if it appeared that I was accusing CMPS of being at fault, I wasn't, but hoped that someone here would know the answer.

    Thankyou.

    cool Izza - would you mind giving instructions on 'searching the database' please? Id like to do the same.

    ta.

  19. #19

    Default Re: Site Hacked !

    somebody give the exact code if you would... that they used in your DB

  20. #20

    Default Re: Site Hacked !

    wow, they're a user on this forum. no wonder.

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Hacked to smithereens -- BlizzLink.com!
    By PMichaud in forum Show off your vBadvanced!
    Replies: 4
    Last Post: 06-06-2005, 08:55 PM
  2. cmps_index.php has been hacked in some way!
    By DOMIN8 in forum Troubleshooting / "How do I..." Questions
    Replies: 3
    Last Post: 04-24-2005, 06:36 PM
  3. T-Mobile's server infrastructure hacked
    By Brian in forum Chit Chat
    Replies: 6
    Last Post: 01-13-2005, 10:56 AM
  4. New Site - What do you think?
    By goingnova in forum Show off your vBadvanced!
    Replies: 2
    Last Post: 11-29-2004, 10:35 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •