View Full Version : GLD website got hacked
Firefighter Z
09-15-2006, 12:11 AM
As stated above, GLD got hacked into
Greg@GLD
09-15-2006, 07:11 AM
NeoTrace Version 3.25 Trace Results
Target: turkishsecurity.uni.cc
Date: 9/15/2006 (Friday), 1:17:52 AM
Nodes: 22
Node Data
Node Net Reg IP Address Location Node Name
1 - - 192.168.1.109 Atlanta SHADOW
2 1 - 192.168.1.1 Unknown
3 2 - 65.14.248.5 33.794N, 84.200W
4 2 - 65.14.250.153 33.794N, 84.200W
5 3 - 205.152.105.81 29.194N, 81.056W
6 4 - 65.83.237.132 Jacksonville
7 4 - 65.83.238.39 Nashville-Davidso
8 4 1 65.83.236.4 Unknown pxr00asm-1-0-0.bellsouth.net
9 5 2 67.72.8.5 Atlanta so-1-0-0.gar1.atlanta1.level3.net
10 6 2 4.68.103.129 Atlanta ae-1-55.bbr1.atlanta1.level3.net
11 6 2 4.68.128.210 WASHINGTON D.C. ae-0-0.bbr2.washington1.level3.net
12 6 2 4.68.121.17 WASHINGTON D.C. ae-14-51.car4.washington1.level3.net
13 7 3 213.248.88.85 39.044N, 77.489W ash-bb1-113898-link.telia.net
14 7 3 213.248.83.21 39.044N, 77.489W nyk-bb1-link.telia.net
15 8 3 80.91.249.81 Frankfurt am Main nyk-b3-link.telia.net
16 - - 0.0.0.0 Unknown No Response
17 9 - 212.156.120.242 ANKARA
18 - - 0.0.0.0 Unknown No Response
19 - - 0.0.0.0 Unknown No Response
20 10 - 195.175.51.122 ANKARA
21 11 - 217.195.197.2 Istanbul host-217-195-197-2.teklan.com.tr
22 11 4 217.195.198.83 ANKARA siegetank.epidio.net
Packet Data
Node High Low Avg Tot Lost
1 0 0 0 1 0
2 1 1 1 1 0
3 26 26 26 1 0
4 11 11 11 1 0
5 165 165 165 1 0
6 28 28 28 1 0
7 11 11 11 1 0
8 31 31 31 1 0
9 43 43 43 1 0
10 24 24 24 1 0
11 26 26 26 1 0
12 43 43 43 1 0
13 50 50 50 2 1
14 48 48 48 1 0
15 35 35 35 1 0
16 ---- ---- ---- 2 2
17 285 285 285 1 0
18 ---- ---- ---- 2 2
19 ---- ---- ---- 2 2
20 218 218 218 1 0
21 175 175 175 1 0
22 204 204 204 1 0
Network Data
Network id#: 1
OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US
Network id#: 2
OrgName: BellSouth.net Inc.
OrgID: BELL
Address: 575 Morosgo Drive
City: Atlanta
StateProv: GA
PostalCode: 30324
Country: US
Network id#: 3
OrgName: BellSouth.net Inc.
OrgID: BELL
Address: 575 Morosgo Drive
City: Atlanta
StateProv: GA
PostalCode: 30324
Country: US
Network id#: 4
OrgName: BellSouth.net Inc.
OrgID: BELL
Address: 575 Morosgo Drive
City: Atlanta
StateProv: GA
PostalCode: 30324
Country: US
Network id#: 5
OrgName: Level 3 Communications, Inc.
OrgID: LVLT
Address: 1025 Eldorado Blvd.
City: Broomfield
StateProv: CO
PostalCode: 80021
Country: US
Network id#: 6
OrgName: Level 3 Communications, Inc.
OrgID: LVLT
Address: 1025 Eldorado Blvd.
City: Broomfield
StateProv: CO
PostalCode: 80021
Country: US
Network id#: 7
Senior Network Engineer
Telia Network Services
123 86 Farsta
Sweden
********************************
Abuse & intrusion reports should
be sent to: abuse@telia.com
********************************
Network id#: 8
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
Network id#: 9
Turk Telekom
Bilisim Aglari Dairesi
Aydinlikevler
06103 ANKARA
Network id#: 10
Turk Telekom
Bilisim Aglari Dairesi
Aydinlikevler
06103 ANKARA
Network id#: 11
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
Greg@GLD
09-15-2006, 07:16 AM
This one did a much nicer job... Complete with music...
The attack originated on Paul's High Performance and the breech was thru the Photopost DATA folder...
Karps TA
09-15-2006, 07:45 AM
That same hacker got another private messageboard I belong to. Not even sure how they found it.
Greg@GLD
09-15-2006, 07:50 AM
Probably used a script in conjunction with Google to find the version of your forum. Example- Say your forum is "Generic BB Version 2.9"
It will usually say that in text at the bottom of your forum. Let's say also that that the particular forum software has a known exploit amung the hacker commmunity. They know for SURE that this exact version is exploitable if not "patched"
When search engines spyder the website, they index that text and "bookmark" it in a manner of speaking. When someone else googles that exact phrase, Google will return results with all sites it has indexed with that exact line of text. Now the hacker can launch the attack. It's like clubing fish in a barrel...
animal
09-15-2006, 09:16 AM
The only solution surely is to block all spyders and bots from viewing your website :goof
wikked
09-15-2006, 09:21 AM
robots.txt FTW
well... if you don't care about not being able to be found by way of search.
Feature Pony
09-15-2006, 09:28 AM
People are just plain stupid they always have to wreck stuff for other people and think they are "cool" for doing it.. Just stupid..
animal
09-15-2006, 09:44 AM
robots.txt FTW
well... if you don't care about not being able to be found by way of search.
Heh, security by obscurity :D
Seriously, people are so stupid. "Yay, let's destroy a website tonight!!!"
Powered by vBulletin® Version 4.2.0 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.