PDA

View Full Version : My site got Hacked - hacker said site is very vulnerable

AzadarNews.com
09-11-2006, 12:14 AM
Hello every one

My website got hacked today by some calling him/her self "ANTI-HIPOKRAT"
He/she left a message which said the site is vulnerable - i was wondering if some else has faced similar problem ?

I have opened a support ticket regarding this and has requested to help resolve the vulnerability so it does not happen again.

Boccio, please help and reply to the ticket at your earliest.

thanks
boccio
09-11-2006, 07:00 AM
In order to do something about this, we need to see full access logs from your web server. Without this we can't determine whether Vivvo CMS was the point of attack and what exactly happened.

As soon as you provide this, we'll be able to see to this vunerability.
Elton
09-11-2006, 11:45 AM
Mine have also all been hacked and the hackers gained access to the root of the server.
Elton
09-11-2006, 12:24 PM
A quick search on Google threw this up:

http://securitydot.net/xpl/exploits/vulnerabilities/articles/1464/exploit.html
Elton
09-11-2006, 12:43 PM
And this one looks even worse:

http://securitydot.net/xpl/exploits/vulnerabilities/articles/1467/exploit.html
Mark
09-11-2006, 01:17 PM
We are looking into this closely. An update on this issue will be available very soon, including any patches/fixes that may be needed.

Thanks for you patience.
Elton
09-11-2006, 01:25 PM
Thanks, Mark.

Can you drop me a line by email? I have some more information.
Mark
09-11-2006, 01:30 PM
Elton, please send all the info to tech support, these guys are working on the issue as we speak.

Thanks for your help.
Aziz
09-11-2006, 01:40 PM
Hello,

Mine have also all been hacked and the hackers gained access to the root of the server.
Can we avoid this by change the account owner to someone else the root? This need a Linux expert to advice.

That's sounds like it's not a real person but a robot script that search google for a text phrase in Vivvo then do programmed actions, I've seen that on some other scripts on many sites.

Please note that this things happened before with Nuke and vBulletin and many other famous scripts which mean it's OS Vulnerability or part of webserver OS basics such as Apache/mySQL/PHP or some other outdated 3rd parties script.

Regards,

Aziz
boccio
09-11-2006, 02:07 PM
The File Inclusion and SQL Injection exploit is published on Secunia Advisory:
http://secunia.com/advisories/21855/

We're almost done with the patch, expect to have it ready for download within next 120 minutes. You'll all be notified via email and RSS feed in your Control Panels.

Thank you for your understanding.
boccio
09-11-2006, 02:10 PM
Mine have also all been hacked and the hackers gained access to the root of the server.
This is not very likely to be caused by exploit mentioned here:
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1467/exploit.html

I'm affraid it's a security hole on your Apache. Contact server administrator ASAP.
Elton
09-11-2006, 04:24 PM
Any news?

I've forwarded you an email with a url that takes you straight into my file directory :(
AzadarNews.com
09-11-2006, 05:00 PM
Thanks a million Boccio all of us are now waiting for the security patch.


thanks again
boccio
09-11-2006, 06:06 PM
The patch is released:
http://www.vivvo.net/forums/showthread.php?t=310

Thank you all for your support and help in this matter.