I've been hacked, so what do i do now?

shawshank62 · May 28th, 2004, 05:24 PM

http://www.gamershdq.com/phpnuke/index.php

Looks like i was hacked, and whoever did deleted all admin accounts....is there anything i can do? Acording to the site, it was hacked by "Dan from immortals-inc" http://www.immortals-inc.com/index.php

I dont know what to think about this...is there any legal action i can take, any way to trace this?

**GroundZero3** · May 28th, 2004, 05:27 PM

wow that sucks shawshank62

this box that was hacked was it a personal box that is at home? or you using a webhost?

what os? and how is the network set up?

shawshank62 · May 28th, 2004, 05:30 PM

I have webhosting, and the os is a unix based, i cant remember, it might have been debian. http://www.p4host.com/

That is the only site that was hacked from my hosting, i 4 others that wernt touched.

K-Raz · May 28th, 2004, 05:32 PM

Do you have acces to any logs?

BTW - YGPM (Shortly)

shawshank62 · May 28th, 2004, 05:42 PM

im talking to my hosting to see if there are any logs that i could get access to, and thanks for the info on the pm

K-Raz · May 28th, 2004, 05:44 PM

Anytime!

I just didn't want to post that sort of info in a public forum

shawshank62 · May 28th, 2004, 05:50 PM

Well i looked through the rules, and didnt see where this would violate them, so i dont see why it shouldnt be posted

Info about http://www.immortals-inc.com/index.php

Domain name : 66.193.174.252
Time Warner Telecom TWTC-NETBLK-4 (NET-66-192-0-0-1)
66.192.0.0 - 66.195.255.255
HostDime.com DimeNoc - Infinitum Technologies TWTC-INFINITUM-01 (NET-66-193-174-0-1)

Registrant Contact:
www.Immortals-Inc.com
Marc Heward (vtsnowdude15@hotmail.com)
(802) 484-5070
Fax: None
3278 Route 44.
Brownsville, VT 05037
US

Administrative Contact:
www.Immortals-Inc.com
Marc Heward (vtsnowdude15@hotmail.com)
(802) 484-5070
Fax: None
3278 Route 44.
Brownsville, VT 05037
US

Technical Contact:
Ez Web Hosting
Ez Web Hosting Support (support@ez-web-hosting.com)
1-877-ezwebhosting.c
Fax: xNA
4633 Welborn Dr.
Sherrills Ford, NC 28673
US

Billing Contact:
www.Immortals-Inc.com
Marc Heward (vtsnowdude15@hotmail.com)
(802) 484-5070
Fax: None
3278 Route 44.
Brownsville, VT 05037
US

Status: Active

Name Servers:
dns1.njcharmer.com
dns2.njcharmer.com

Creation date: 19 Aug 2003 22:49:58
Expiration date: 19 Aug 2004 22:49:58

Rand Dusing · May 28th, 2004, 06:21 PM

Did you bother getting any of the patches for PHPNuke? There is in SQL injection attack that people can run to still your admin login info. A guy on this forum a while backed warned me that he could easily get my account info.

Search nukecops.com ro phpnuke.org for security fixes.

I just upgraded to 7.2 and now that you got hacked, I'm going to find any security updates.

shawshank62 · May 28th, 2004, 06:37 PM

As far as i can see, there isnt much i can do with that site anymore, since he deleted all admin names. And AFAIK, that site wasn't updated. As for the rest of my sites, i will be upgrading them to 7.2 over the weekend. The fact that he has a site like that pisses me off, i wish there was some way to get it closed.

Are there any laws against hacking? It is a crime, isnt it?

K-Raz · May 28th, 2004, 06:42 PM

I do believe its a crime

You should contact your ISP, his ISP - and probably also the police, but you gotta have some evidence.

It shouldn't be a problem though - he seems like a total n00b, i mean - c'mon! - leaving links to his own site... using the word 0wn3d? *lol*

A true script kiddie... He should be brought in front of a judge, that might teach him

*still rather p1ssed by the picture he inserted!*