Latest Announcemnent
New thread
Status
Not open for further replies.
boxhead fails if the server and passwords are secure, i have the proof and its not using other people's passwords from databases, as he hacked my server and i wasn't a member on any site but mine. You people need to look at logs, phpmyadmin, mysql etc..
 
yea FLG. Also many people don't know what to do when he's got in. As people make the same mistakes.

So to kick him out of your server.

1.Change all FTP, cPanel passes (doesn't normally get those but still)
2.Backup your MySQL Database then make a new user use a diff pass and make a new database using a different name and import your database to that.
3.Change your file settings to it goes to your new database.
4.(For Forums) Check the last line of all vbulletin files. If it starts like this <? after a ?> (meaning his inserted another code) it's a webshell. Reup all vbulletin files.

For more info on step 4. See what he added to TiendaDDL: http://clairvoyantcss.info/wazowned/Waz-Host-Owned.html
It's a webshell.

5.Don't reuse your pass.
6.If your index says Hacked By Boxhead even after you reupped your files. Go to http://ur-website.com/admincp and login, navigate to any templates it says u recently edited when u didn't, revert them back as he removes all the original code and put's hacked by boxhead.
7.Tell all Admins to change their passes.
8.Change email passes aswell as he sometimes get's into them if they're the same pass as your forum admin account pass (see step 5)
9.use cPanel's "Password protect directories" to password protect your admincp, just for added security.(Do Not Put The Login The Same As your or any admins Forum Account username/pass, Do NOT Even Put The Username The Same)
10. Another Good Tip Is To Use .htaccess To Only Allow Certain Ip's To Access your admincp. e.g All The Admins. Same With ModCP so nobody can hack a mod's account and prune all posts.

Then he should be out of your server :)
 
also turn off php showing itself in php.ini if you can this will help out also, get your server secured by somebody also.

Taken from my apache access logs:
Code: 
67.212.80.148 - - [25/Dec/2009:23:47:48 +0100] "GET //myadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 560
67.212.80.148 - - [25/Dec/2009:23:47:48 +0100] "GET //PHPMYADMIN/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 563
67.212.80.148 - - [25/Dec/2009:23:47:48 +0100] "GET //PHPMYADMIN/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 563
67.212.80.148 - - [25/Dec/2009:23:47:48 +0100] "GET //phpMyAdmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 563
67.212.80.148 - - [25/Dec/2009:23:47:48 +0100] "GET //phpMyAdmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 563
67.212.80.148 - - [25/Dec/2009:23:47:49 +0100] "GET //p/m/a/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 558
67.212.80.148 - - [25/Dec/2009:23:47:49 +0100] "GET //p/m/a/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 558
 
he does the work from inside not outside , so pretty much he gets into an account on a shared hosting provider and then gets a hold of the whole box , could be easily avoided
 
Who the fuck made that Camtasia video? He's a fucking retard, pathetic security? How is that pathetic security? You got a password to another site from a Personal Message wooooooooooooooowwwww leeeeeeet, fucking dipshit come hack my site if you're so fucking leet, I can take the pressure.
 
well in my case it was that way he got into my box through warezpredator wich was full of backdoors and i was too busy to check his backup that time so i ignored it , anyways like i said its easily avoidable ..no skills involved just stupidity from the webmasters side
 
Status
Not open for further replies.
Back
Top