Original Post
tagknife ate my website? nope.
pre-text http://i.imgur.com/c4jz0.png and http://i.imgur.com/AqjK8.png
^^^^^^^^^^^^^^^^^^^^^^^^
Clicky so you know what I am going on about. :P
Well apparently I missed this, but Tamer0 told me that tagknife went ballistic on the forums after "hacking" my website. This isn't exactly the case, he can't hack. At least he didn't hack me.
All he really did was abuse my kindness. I offer free project hosting on my webserver, as can easily be found here: http://adrianics.com/hosting/
I said yes as (almost) always and set up the sub-domain and FTP account. A little while later a php file was executed in his sub-directory.
I was so fast with the restoration of everything that I didn't even notice I had gotten "hacked" in the process, the only thing that made it catch my attention was a google cached version of my page.
tagknife is a script kiddy. His target was kind of odd as well, since I've not been active here for the greater part of 6 months.
So to conclude this post...
There's the proof that he didn't actually hack me, so no need to go apeshit on your security and whatnot, even though you should never slack with it in the first place, as I did. If I had actually thought about it I would have disabled shell access for my domain, but thanks for bringing it to my attention tagknife!
tagknife, stop trying to ddos me.
SPOILERS: IT'S NOT WORKING
^^^^^^^^^^^^^^^^^^^^^^^^
Clicky so you know what I am going on about. :P
Well apparently I missed this, but Tamer0 told me that tagknife went ballistic on the forums after "hacking" my website. This isn't exactly the case, he can't hack. At least he didn't hack me.
All he really did was abuse my kindness. I offer free project hosting on my webserver, as can easily be found here: http://adrianics.com/hosting/
I said yes as (almost) always and set up the sub-domain and FTP account. A little while later a php file was executed in his sub-directory.
A quick look at the access log revealed that a file 'download.php' in /ryan was used as a php shell, and caused the removal of my files. After I restored the files, the ryan and download.php items did not reappear.
92.28.77.149 - - [05/Jun/2011:19:42:13 +0000] "GET /ryan/gmod/gamemode/download.php?act=ls&d=%2Fhome%2Fadrianic%2F&sort=0 a HTTP/1.1" 200 5875 "http://adrianics.com/ryan/gmod/gamemode/download.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"
Here you can see one of the commands on download.php:
act=ls "run ls"
d=%2Fhome%2Fadrianic%2F "directory = /home/adiranic"
I was so fast with the restoration of everything that I didn't even notice I had gotten "hacked" in the process, the only thing that made it catch my attention was a google cached version of my page.
tagknife is a script kiddy. His target was kind of odd as well, since I've not been active here for the greater part of 6 months.
So to conclude this post...
There's the proof that he didn't actually hack me, so no need to go apeshit on your security and whatnot, even though you should never slack with it in the first place, as I did. If I had actually thought about it I would have disabled shell access for my domain, but thanks for bringing it to my attention tagknife!
tagknife, stop trying to ddos me.
SPOILERS: IT'S NOT WORKING
Last edited by Bust3r; Jun 9, 2011 at 01:38 AM.
We shall not cease from exploration, and the end of all our exploring will be to arrive where we started and know the place for the first time.
Originally Posted by Acavado
This is highly amusing. But a relief that nothing really happened.
Well, something did happen, he did delete all my files including the tmp files, but I have 24 hour backups so all I had to do was a quick restore and remove his ftp account.
We shall not cease from exploration, and the end of all our exploring will be to arrive where we started and know the place for the first time.
I lol'd.
Script kiddies are always fun, because they all seem to think that what they're doing is something I haven't seen before.
Script kiddies are always fun, because they all seem to think that what they're doing is something I haven't seen before.
Originally Posted by Jarmund
I lol'd.
Script kiddies are always fun, because they all seem to think that what they're doing is something I haven't seen before.
I must say I found his measly attempt to DoS me after I posted this thread even more pathetic. Just one IP... no botnet? Probably did it from his own connection with LOIC. <.<
We shall not cease from exploration, and the end of all our exploring will be to arrive where we started and know the place for the first time.
