When a hack is not a hack...
and it's my fault ;)
Just thought I'd share an amusing little story with
a) highlight the danger of careless page security setting, and
highlight my stupidity in this matter ;)
Yesterday I made a custom module
live on my site which required Edit rights on the module. Silly old me (in my
defense it was 12:00 am and I was tired and annoyed) - I gave edit rights to
the PAGE instead of just a module on the page, decided that I was so damn
good I didn't need to test the new stuff (all I was doing was replicating my
dev server after all ;) and went to sleep...
Wo...superreview requested: [Bug 409720] Applet called DoookChat causes a crash in Seamonkey and Firefox [@ obj_eval] : [Attachment 294541] Hack hack hack
Blake Kaplan <email@example.com> has asked Johnny Stenback (:jst)
<firstname.lastname@example.org> for superreview:
Bug 409720: Applet called DoookChat causes a crash in Seamonkey and Firefox [@
Attachment 294541: Hack hack hack
Name: John LLEWELLYN
Your browser seems to have been hacked and it is quite annoying.
I hate the thought of going back to explorer.
Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:126.96.36.199) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)
From URL: http://hendrix.mozilla.org/
Note to readers: Hendrix gives no expectation of a response to this feedback
but if you wish to provide one you must BCC (not CC) the sender for them to
I wonder if I was hacked for the first time? Two days ago as I was switching
between the 20 or so tabs I had open in Firefox 1.0.4 suddenly a file called
hostscan.cmd showed in one tabbed window. Although I cannot remember
consciously loading it, I had just before read a number of e-mails in PMMail
and probably also read some newsgroups in my newsreader and it is not
completely impossible I may have seen an interesting link in an
e-mail/newsgroup message, copied it and pasted it into a browser tab window
earlier in the day and then forgot about it. The alternative is, of course,
tha...Have I been hacked?
TO preface this i have been noticing alot of attempts to login from
China. I have been looking into ways to block an ip after a certain
amount of invalid attempts or just block china all together. Also to
preface, I was not awake at 8am this morning.
Found a file .ssh and within is a file called known_hosts
188.8.131.52 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsLW3V2jo1SGiVZMLam2Z2/7TK3LhGuFW1gkZMdQbun0OkfH7hS4fiBbiEfHLkxnYZMmrxUhB5wBky4JuYnG3634HdxCcrz6l+yBS0YBcg+y9flVopaaW1xHA36dlVhzK62dnAFf1OO3pDlZv/ukMKP5WPoYaacsMGalYQUHFZUR/vVY+yqgb+bDj0Z0tXOBTUhuER/...I was hacked :-(
And I didn't know it for 11 days :-(
I only realized because the event logs were deleted...
Browsing my registry, I found an entry to a program I never installed -
"Hide Files and Folders". I searched this on the web and found that it does
what it says - uses a vxd to hide certain directories and files.
I deleted the whole registry tree for that software and on start-up it asked
me for a new password <grin>
This revealed a hidden folder with the following software:
BitVise WinSSHD (some ssh terminal program)
VNC (remove view...what the hack....
*** nsHTMLElement::FinishDecoderSetup() mDecoder=0x7f8e7d1a0300
src=http://o-o.preferred.par08s01.v2.lscache3.c.youtube.com/videoplayback?upn=MTA1MjA1NzMxNTEyMjY2MjY4Mzk&sparams=cp%2Cid%2Cip%2Cipbits%2Citag%2Cratebypass%2Csource%2Cupn%2Cexpire&fexp=904527%2C914071%2C904821%2C914105&itag=43&ip=184.108.40.206&signature=7C43478789494C5284D4F295E8107A896E6B8633.5F9F720C9FFD80C316E71B114A6640D17F95FAC2&sver=3&ratebypass=yes&source=youtube&expire=1333310202&key=yt1&ipbits=8&cp=U0hSSFNMTl9FTENOMl9LRlJDOml4amdWdElUb0U0&id=76ae84f...How Was He Hacked?
On these overclocking forums I frequent as MrObvious, a user got hacked.
Paul Stejskal wrote:
> On these overclocking forums I frequent as MrObvious, a user got hacked.
Any way to collect the malware samples and upload them to Virustotal?
Sired, Squired, Hired, RETIRED.
Very difficult to say, given the lack of information.
On the other hand it is easy to generalize.
The user was...hacked?
I am completely new to this 'realm' bear with me please.
I see there are loads of posts here and intend to sit down after this
weekend to read as much as I can. For now I need to find out about some
I run a group online for health/fitness purposes.
I am stuck with AOHell presently v. 7.0 (pre-paid through the end of the
year) and have no way financially of switching to a real isp.
Win 98 se
PIII 500 128 mb ram
I manage over 500 members for my site. I retain all their information
off line in an access database (as well as in excel - dont' ask it's
The place I work at was hacked. Anyone know who the hacker is that goes by
'IAH' " .
The hack almost read as a Public Service Announcement. This is what was in
place of the page :
What a sorry excuse for security........IAH....HAHAHA
The page is back up this morning and we don't have control over the
server....just looking for info. It appears that the server plugged in a
backup because the page is back up this morning so people are happy.
Glad it wasn't HOOK ....no bugs left on the page.
...Have I been hacked ? !? !? ?! ?! ?!
Something strange happened to my compu a few day ago.
I was just browsing the internet and suddenly my mouse pointer went of it's
own accord to the scroll-bar and started to scroll down to the screen. I
moved up my mouse pointer but my mouse-pointer didn't want to share it's
control with me and continued scrolling down (even when I was at the bottom
of the page). I turned off my compu.
Next day I restarted my compu but it crashed in the beginning. I just saw an
hour-glass on a black background.
I restarted my compu in safety modus. I restarted it *again* in normal ...Have I been hacked?
This morning, I noticed my ftp log, from yesterday appears to have been
modified. When I checked the logs, yesterday at about 8:00AM, everything
appeared to be normal. When I checked it again, today at about 8:00AM, the
log from yesterday said it had been last modified at about 5:00AM yesterday
morning and it contained 64KB of space... nothing else.
I'm running IIS5 with all the patches and locked down using Microsoft's
> This morning, I noticed my ftp log, from yesterday appears to have been
> modified. When I ...Am I Hacked?
Hi, I have noticed my desktop machine to be slow for the past several weeks
and regardless of extensive cleaning (defrag, cookies, temp files, etc.) I
still seem to be running at less performance than normal. I have also on
occasion seen programs I cannot identify when doing a Ctrl-Alt-Del.
My setup is two machines linked together with a Linksys router, one laptop
(work) one desktop (personal). I have started researching firewalls to get
my system more secure and did the tests on Shields Up for starters. My
laptop (work computer) passed with flying colors (Stealth, all ports
Cool - add that to this:
and there's potential for something quite scary....
(though yes, I'm aware that planes don't use tracks or points :P)
If something's hard to do, it's not worth doing.
Content-Type: text/plain; charset=iso-8859-15