Just thought I'll let you know - on 17 Sep, my website (dolphin 6.1.4) was hacked.
Not only that, it was then made into phishing website and mail.php used to spam.
Needless to say, I got into big trouble with the datacenter (where the server was hosted) because of this :(
The evidence can be seen here : http://psbl.surriel.com/evidence?ip=202.43.163.44&action=Check+evidence
Unfortunately, the logfiles around that date was deleted by the cracker. So I don't know which script is being used to break through Dolphin's installation.
Looking at a script left behind by the cracker, I found this code :
$chiave =~ s/ /\+/g;
$chiave =~ s/:/\%3A/g;
$chiave =~ s/\//\%2F/g;
$chiave =~ s/&/\%26/g;
$chiave =~ s/"/\%22/g;
$chiave =~ s/\\/\%5C/g;
my $inizio=1;
my $pagine=150;
my @lista;
my $av=1;
while($inizio <= $pagine){
my $msn="http://search.live.com/results.aspq=$chiave&first=$av&FORM=PERE";
Looks like those are the queries used by the cracker to find my site.
The queries are submitted to various search engines (not just live.com)
If the developers are interested on investigating this, I'm willing to give them shell access to my server, so they can check it out themselves.
Be on guard.
Thanks,
Harry
|
Did you have the free security fixes that Sammie gave everyone installed? I was getting the dog snot kicked out of me by hackers on my old shared hosting account. Moved to DosDawgs hosting, set up everything with Sammie's Security fixes, and have not had a problem since. All the stuff you were attacked with I had, now not only no problems I get personal IMs and emails when a hacking attempt in progress. How much extra did all this cost? Nothing. The answers are often times in the forums, these fellow customers have been a huge resource of information and help. I believe that was the intent of this community. I agree ask the right questions and be prepared to make the right business decisions and system works very well. I have been where you are so I understand the frustration, all 5 of my sites were taken over and been used for phishing, spamming and more that I could not even tell. I made the decision to read, and to take a leap of faith in the people who were helping me the most (DosDawg and Sammie) and have lived happily every after.
Signed,
Reginald
|
sorry about your demise on that. i have a few questions for you on this though. you say dolphin was hacked? was dolphin the only script on this server? you say you got in trouble with the datacenter host? were you on a datacenter, or were you on a shared hosting account with 2000 other sites? you see i ask these questions as i have been dealing with dolphin now for about 4 years, and i have yet to have any of the dolphin accounts i am affiliated with hacked.
there are many underlying truths that do not get exposed on these hacking reports, and if you have hosted your site where it was vulnerable to an RFI via of remote php shell, then you have done what many of us have warned against since the last entourage of hacks on shared hosts.
well just thought i would post this as i dont see where you have included all the facts of what was going on your dolphin account. i see you have been a member for a little less than 50 days, and that tells me you may have missed all the postings about this back in july.
Good Luck,
DosDawg
When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support |
that link looks odd, you have posted 3 posts, claim to have a dolphin site, have no contributor status and post a link that redirects from a domain to an ip number.
No contributor status? Bloody hell.. you're right :(
Anyway, after all the troubles with Dolphin, now I'm moving to Drupal 6 for my Youtube-clone project : http://drupal.org/project/flashvideo
I've considered my Dolphin-related costs to be a loss.
The link I posted is to verify the status of my server. As you can see for yourself, currently my server is still listed as a spamming mailserver :(
That link also shows why (complete email received by their spamtraps)
Thanks,
Harry
|
Did you have the free security fixes that Sammie gave everyone installed? I was getting the dog snot kicked out of me by hackers on my old shared hosting account. Moved to DosDawgs hosting, set up everything with Sammie's Security fixes, and have not had a problem since. All the stuff you were attacked with I had, now not only no problems I get personal IMs and emails when a hacking attempt in progress. How much extra did all this cost? Nothing. The answers are often times in the forums, these fellow customers have been a huge resource of information and help. I believe that was the intent of this community. I agree ask the right questions and be prepared to make the right business decisions and system works very well. I have been where you are so I understand the frustration, all 5 of my sites were taken over and been used for phishing, spamming and more that I could not even tell. I made the decision to read, and to take a leap of faith in the people who were helping me the most (DosDawg and Sammie) and have lived happily every after.
Signed,
Reginald
Thanks Reginald, no I didn't know the existence of Sammie's security fixes.
Good job Sammie. Very well done.
However, seeing how this has been a while, Boonex should REALLY have released version 6.1.5
This is critical AND exploitable security issues we're talking about.
At the very least, Boonex could inform their **paying** customers about it. Heck, I got warnings from other free (gratis) CMS whenever they got new security issues.
Not everyone has time to dwell & monitor the forums.
Thanks,
Harry
|
sorry about your demise on that. i have a few questions for you on this though. you say dolphin was hacked? was dolphin the only script on this server? you say you got in trouble with the datacenter host? were you on a datacenter, or were you on a shared hosting account with 2000 other sites? you see i ask these questions as i have been dealing with dolphin now for about 4 years, and i have yet to have any of the dolphin accounts i am affiliated with hacked.
there are many underlying truths that do not get exposed on these hacking reports, and if you have hosted your site where it was vulnerable to an RFI via of remote php shell, then you have done what many of us have warned against since the last entourage of hacks on shared hosts.
well just thought i would post this as i dont see where you have included all the facts of what was going on your dolphin account. i see you have been a member for a little less than 50 days, and that tells me you may have missed all the postings about this back in july.
Good Luck,
DosDawg
Hi DosDawg, to answer your questions :
1. The server where dolphin is hosted is secured with suPhp. So the cracker was only able to wreck havoc with that Dolphin site only. Other websites hosted on the same server stays secure.
That's also why I can be sure that there's a security hole in current Dolphin version (further confirmed by Sammie's security fixes)
2. The website is on shared server, then it was blocked by the datacenter. So yes, I got problem with the datacenter, AND with the webhoster (because their whole server is blocked at the datacente-level because of my Dolphin website).
3. Yes, I'm still new. I assumed that as long as I keep Dolphin up to date with the latest version, I'll be secure.
Needless to say, I've been proven very wrong.
Thanks,
Harry
|
your claim to be blacklisted on this server just aint true
Had a hard time verifying that myself, seems like the spam from my website didn't hit the spamtraps from the big blacklists (spamcop, MAPS, etc)
I found out that PSBL's spamtrap got it from this page : http://openrbl.org/client/#202.43.163.44
I also found that server (202.43.163.44) is blacklisted on blacklist.Five-ten-sg.com, but then again it seems that Fiveten is blacklisting almost everyone.
Thanks,
Harry |
Everyone for your own safety, I suggest not clicking on any of the links provided in this forum thread clubbeyourself |
Everyone for your own safety, I suggest not clicking on any of the links provided in this forum thread
What will happen?
|
So, what result? ..
are current 6.1.4 is hack-able or not? :)
or just this guy not follow all instructions that php_flag register_globals will Off etc ..
|
all that from a guy thats had nothing but problems with his dolphin install (he claims) and not posted one post asking for help in 46 days?
I got in touch directly with support for my Dolphin issues, I figure this is the right track for paying customers.
I've been having install problems. Been messing up with various software, including (the notoriously difficult to setup) qmail, and got through of them all. However, my Dolphin installation just kept on having problems, which I can't figure out. And support's response was very, very slow.
With this incident however, I no longer bother myself with the trouble.
surriel.com is not a datacenter/hosting provider, its a personal blog of a guy in the USA
It's different than http://psbl.surriel.com/, which is a Spam Blacklist server
all from a person no-one knows
Search for "sufehmi" on Google. Since I'm the only one on earth with that name, it should be easy.
Anyway, thanks and goodbye.
Harry
|
