Comments on: Neat! I was hacked. http://wqoq.com/2007/05/16/neat-i-was-hacked/ Clever... not good, but clever. Sun, 29 Apr 2012 20:30:10 +0000 hourly 1 http://wordpress.org/?v=3.3-beta1-18972 By: Bob Maguire http://wqoq.com/2007/05/16/neat-i-was-hacked/comment-page-1/#comment-4493 Bob Maguire Sat, 15 Sep 2007 19:55:55 +0000 http://wqoq.com/2007/05/16/neat-i-was-hacked/#comment-4493 Sure. No problem. There's been a considerable passage of time since then anyway. Sure. No problem. There’s been a considerable passage of time since then anyway.

]]> By: GateZone http://wqoq.com/2007/05/16/neat-i-was-hacked/comment-page-1/#comment-4492 GateZone Sat, 15 Sep 2007 19:50:01 +0000 http://wqoq.com/2007/05/16/neat-i-was-hacked/#comment-4492 FYI - there are sites and ip's included in your mega list that were hacked also and then used unknowingly for brief periods until the owners/administrators were able to shut down the exploits in the same or similar ways that you were able to do. Only now when those domains are searched they get your blog that associates them with hacking exploits... not great. In other words someone else could have done a similar list with your domain on it because of the hack on your site. My point is that publishing these lists without fully understanding what you are publishing (pardon me if you do) results in potential damage to others who suffered the exact same assault that you did. I would like you to consider removing the list as I'm sure I am not the only one. Thanks. GZ FYI – there are sites and ip’s included in your mega list that were hacked also and then used unknowingly for brief periods until the owners/administrators were able to shut down the exploits in the same or similar ways that you were able to do. Only now when those domains are searched they get your blog that associates them with hacking exploits… not great. In other words someone else could have done a similar list with your domain on it because of the hack on your site. My point is that publishing these lists without fully understanding what you are publishing (pardon me if you do) results in potential damage to others who suffered the exact same assault that you did. I would like you to consider removing the list as I’m sure I am not the only one. Thanks. GZ

]]> By: Bob Maguire http://wqoq.com/2007/05/16/neat-i-was-hacked/comment-page-1/#comment-4479 Bob Maguire Tue, 14 Aug 2007 04:16:43 +0000 http://wqoq.com/2007/05/16/neat-i-was-hacked/#comment-4479 What a coincidence. I have visited yours 0 times. What a coincidence. I have visited yours 0 times.

]]> By: Visitor082 http://wqoq.com/2007/05/16/neat-i-was-hacked/comment-page-1/#comment-4475 Visitor082 Tue, 14 Aug 2007 03:08:52 +0000 http://wqoq.com/2007/05/16/neat-i-was-hacked/#comment-4475 I have visited your site 368-times I have visited your site 368-times

]]> By: Hack attack in progress | YugaTech | Philippine Technology News & Reviews http://wqoq.com/2007/05/16/neat-i-was-hacked/comment-page-1/#comment-4464 Hack attack in progress | YugaTech | Philippine Technology News & Reviews Mon, 30 Jul 2007 00:59:48 +0000 http://wqoq.com/2007/05/16/neat-i-was-hacked/#comment-4464 [...] Several people have encountered the same and have been successfully hacked. The script is uploaded somewhere else and being pulled up from the target site. Your error logs might display this as such: [...] [...] Several people have encountered the same and have been successfully hacked. The script is uploaded somewhere else and being pulled up from the target site. Your error logs might display this as such: [...]

]]> By: Michael http://wqoq.com/2007/05/16/neat-i-was-hacked/comment-page-1/#comment-4450 Michael Wed, 11 Jul 2007 11:52:41 +0000 http://wqoq.com/2007/05/16/neat-i-was-hacked/#comment-4450 I saw attempts for this as well and decided to comb my logs for more occurences. I hacked out this ugly multi-part awk monstrosity to dump the results from the various logs to a file: cat /var/log/default.access.log | awk '{print $1," - ",$4," - ",$12," - ",$7}' | awk '/.*\?$/' > attackers-wiki.txt I'm sure someone with greater awk skillz can make it nicer... One interesting thing I noticed was that one of the files they try to run attempts to disable the safe-mode option in PHP. I saw attempts for this as well and decided to comb my logs for more occurences. I hacked out this ugly multi-part awk monstrosity to dump the results from the various logs to a file:

cat /var/log/default.access.log | awk ‘{print $1,” – “,$4,” – “,$12,” – “,$7}’ | awk ‘/.*\?$/’ > attackers-wiki.txt

I’m sure someone with greater awk skillz can make it nicer…

One interesting thing I noticed was that one of the files they try to run attempts to disable the safe-mode option in PHP.

]]> By: Bob Maguire http://wqoq.com/2007/05/16/neat-i-was-hacked/comment-page-1/#comment-4402 Bob Maguire Thu, 17 May 2007 05:24:42 +0000 http://wqoq.com/2007/05/16/neat-i-was-hacked/#comment-4402 Someone clicked on the link and visited my site to see the evidence, so it ended up in my logs as a referer link. Someone clicked on the link and visited my site to see the evidence, so it ended up in my logs as a referer link.

]]> By: Francois http://wqoq.com/2007/05/16/neat-i-was-hacked/comment-page-1/#comment-4401 Francois Thu, 17 May 2007 04:04:11 +0000 http://wqoq.com/2007/05/16/neat-i-was-hacked/#comment-4401 Bob, sorry to hear about the hack. How exactly did you notice that site was posted in a Spanish-language forum? Do you Google your site on a regular basis? Bob, sorry to hear about the hack. How exactly did you notice that site was posted in a Spanish-language forum? Do you Google your site on a regular basis?

]]>