Any idea why they chose that site?

Some hackers just hack sites for the fun of it becuase they are little kids with no life other then to ruin other people's hard work.

CMS's are like Windows - because holes are regularly uncovered, but people just don't patch them.

CMS's (content management systems) are modular, making it easy to plug things in - add on extras, and increase functionality. Of course, any "3rd party" plug in may comprimise the security of the CMS system - and even if they don't, vulnerablilities are always found eventually, either as the PHP language gets updated to fix potential issues, or as updates to the site code create more vulnerablities.

I use a software callled "Joomla" (used to be Mambo), which is a CMS. They release lots of security updates to patch up any holes. The people who get hacked using this software are those that are around 6 or 7 versions behind (that's only 8 - 10 months behind) on updates. Every person on their board complaining of being hacked is running ver 1.03 or earlier, when its now 1.08. Every response has "this vulnerability was patched back in 1.05" or something similiar. The exploits for the older code is getting around, and hence sites being hacked (for Joomla that is).

Starfyre uses phpnuke from what I remember.

That, at best, has always had holes and security vulnerabilities, ones which mean if any old script kiddy knows what to look for then they can get in (the reason I never used phpnuke). Hackers (from what I gather with Joomla/Mambo hacked sites) don't delete or destroy usually, they manipulate and deceive - using a vulnerable site to host things for attacks, for phishing etc. The simple fact that they ruin a site with a banner makes me think they're nothing more than a 15 yr old kid impressed with their own "l33tness".

Of course, Reynen may have been up to date and the hacker may actually be a formidable hacker - but I doubt it to be honest. If he was, why target a game fans site - which won't exactly bring any real notoriety.

the hacker left a link...
http://www.godson-productions.com/Sorce ... rOwned.jpg
replace "1" with "i"

WHOIS data

Registrant:
Heather Pratt
620 E 10th Stret Apt C
Michigan City, Indiana 46360
United States

Registered through: GoDaddy.com (http://www.godaddy.com)
Domain Name: GODSON-PRODUCTIONS.COM
Created on: 11-Feb-06
Expires on: 11-Feb-07
Last Updated on: 11-Feb-06

Administrative Contact:
Pratt, Heather [email protected]
620 E 10th Stret Apt C
Michigan City, Indiana 46360
United States
(219) 874-7324

Technical Contact:
Pratt, Heather [email protected]
620 E 10th Stret Apt C
Michigan City, Indiana 46360
United States
(219) 874-7324

Domain servers in listed order:
NS1.J-H-HOSTING.COM
NS2.J-H-HOSTING.COM


Registry Status: REGISTRAR-LOCK

Edited by - Isos Topos on 3/21/2006 10:32:31 AM

Actually I kept up on updates and had nuke sentential installed along with alot of other protection. We fend off an average of 10 attacks a month. This was done by someone who knew what he was doing.

Actually I received a threat prior to this saying a "competitor" had been hired to take the site down. I thought nothing of it. However now I can believe it. I am considering dropping TNG as I cannot afford this to happen again.

I already invest alot money into this and I don't have any more to spend.

Reynen, there is the option, if you continue work on the mod, on a non-server computer, and when ready, post it here on TLR. An option if you want.

Edited by - Finalday on 3/21/2006 5:56:39 PM

Yowser, I hope you reported it to... whomever you have to report things to over there. Certainly that site appears to be dedicated to hackers and so on. I would have imagined that the site was targeted due to its CMS system though - if nothing else, report it to the phpnuke people with logs if possible, just incase it's a vulnerability in their software that needs to be plugged.

The reason I say this is because look at the "google search" for sorcerer owned:
here
All the sites have been phpnuke sites, and on a majority the "Sorcerer" leaves taunts about lax site security. There is obviously a vunerability in phpnuke that this person has exploited to hit as many sites as possible - at least 10+ sites, maybe more. Checking the site's caches lets you see when it happened, and also the message left behind.

It appears as if the person can log in due to a make admin command or some such stuff, granting access to the admin panel of phpnuke. I am sure some more digging around (as this only took a few minutes) and you'll be able to find information about the hack, and security fixes, to plug the hole.

It appears to be yet another CMS vulnerability, exploited by someone.


Edited by - Chips on 3/22/2006 12:09:11 AM

Question
Is there anyway to stop the site(The hacker's site)? Like report it or something?



Edited by - Question Asker2044 on 3/22/2006 2:39:27 AM

Judgeing by the damage done, they ned to be reported to a governent agency for prosicution. The voice, sounds northern, like the north states.

I've already reported them to the authorities. Problem is they were so complete that they even deleted the logs. I've never seen something hacked so completely. They even infected the backup the server company had.

The main problem with this is I was actually starting Stafyre Studios up as an actual game company. I was dealing with bids from other game companies on designing a number of games. Now however I am no longer in negotiations because they are shocked by what happened and concerned about security. So this not only effects TNG it also effects my normal work as well.

I had just starting talking with a company about helping design a MMORPG, ARG! It would have been a multi-million dollar deal. Man of all the times for this to happen now. I've been so upset I practically cried. This really devistated us.

I hate hackers and cheaters, they are people without real life friends and without friends in internet also.

WEll in Iiso's information, he posted all kinds of info you can use to track them down. Maybe they can use that info.

QuEsTiOn AsKeR
Last Hope MOD

---

I've already reported them to the authorities. Problem is they were so complete that they even deleted the logs. I've never seen something hacked so completely. They even infected the backup the server company had.

---

Then ask them to reinstate the offline backup. There should be no way that the only backup was stored in a location with the same accessibility as the original; that just defeats the point of having a backup. If the company hasn't got an offline backup somewhere for you to use then that's criminal negligence on their part and you'd be perfectly entitled to take legal action against them.

Accushot,

They said the only back THEY had was infected.
I tried restoreing my backup but it didn't work.
Yes I severely reamed their @$$ for only having 1 backup.
That plain poor of a hosting company to do that.
You would think after a site has 8,000,000 hits in a year they would have multiple backups.
Now I am trying to figure out who can support about 7 more terabytes of data for the downloads.

Edited by - reynen on 3/22/2006 10:29:21 PM