TP Hacked -- v0.86 with Shoutbox Patch -- still hacked

BobbyKashyap · July 04, 2006, 12:39:30 AM

i donno how this happened guyz... but my TP has been hacked... $:-\$
its v0.86 and has been patched with the shoutbox patch.
but hey... i havent enabled guest shouting... still i wonder how it happened.

the hacker posted a shout as shown in the screenshots... with the following url
http://dogu_bey89.sitemynet.com/turkishackers.htm

bloc, mods... how to see if there are any changes that the hacker made to my site... i dont see any other visible defacements or changes that the hacker made...

check out the screenshots

bloc · July 04, 2006, 12:49:46 AM

It seems that someone found the way to change the username, as a member. Since that redirect link just show up there and don't do anything, its should be safe. Although its a annoying shout of course.

I am testing out something now that will stop that from happening.

agridoc · July 04, 2006, 01:19:56 AM

BobbyKashyap did the redirection work? I believe not, it' s just displayed.

Bloc I believe that by putting a link to member name that made the shout (as in TP 0.9.x) will show the member' s name and ID.

In TP 0.8.6 there is no such link. With a ready string copied, someone can change the displayed name in one screen, then try the hack in Shoutbox! in another (the changed name will be displayed and will remain) then back to the profile screen and change again display name.

BobbyKashyap · July 04, 2006, 03:04:01 AM

thx for the reply Bloc and agridoc.

yep.. i have manually removed the shout for now.

the shout and even the member name came up as

Quote
location="http://dogu_bey89.sitemynet.com/turkishackers.htm"

so, the redirection didnt go.

i havent gone through logs (if any) and the actual server files...
right now.. im at my day job...
so i'll update you guys, laters... if any other stupid things these hackers did...

:laugh: :laugh: never knew my site is sooo famous, to get hacked :laugh: :laugh:

and i saw a similar posting here..
http://www.tinyportal.net/smf/index.php?topic=6216.0

just cant wait for TP 0.9 to be released.. to knock these hackers

Polymath · July 04, 2006, 03:18:52 AM

Looks like we all got hit tody. I got it too. Didn't do any thing though.

Quotehttp://dogu_bey89.sitemynet.com/turkishackers.htm

monotonehell · July 04, 2006, 05:49:02 AM

I was also "hacked" today. They managed to leave a guest shout (even though guest shouts are disabled) with the string >> location="http://etc.etc.somewhere" << It's happened once before but this time the portal page was redirected by the string. I can't work out how they did it though.

I've turned off the shoutbox block until Bloc works something out. No biggie, shoutboxes are a bit redundant on a forum anyway

Filtering for "location=" might be a start.

Techdomain · July 04, 2006, 08:32:49 AM

I moved the shoutbox off the main part of my site so its only in the arcade

BobbyKashyap · July 04, 2006, 01:37:49 PM

those bastards are still trying 2 hack... two times after the 1st one this morning.

any solution?

Bloc/mods... is 0.9 test version open for us?

Skhilled · July 04, 2006, 01:42:39 PM

Got the same in the shoutbox at smfarcade.net and we are using tp 9.1. Nothing seems to be out of place tho...

BobbyKashyap · July 04, 2006, 01:48:53 PM

hmmm i disabled shoutbox for now

Recent

User

Stats

Members

Stats

Users Online

TP Hacked -- v0.86 with Shoutbox Patch -- still hacked

BobbyKashyap

bloc

agridoc

BobbyKashyap

Polymath

monotonehell

Techdomain

BobbyKashyap

Skhilled

BobbyKashyap

This website is proudly hosted on Crocweb Cloud Website Hosting.