Page 1 of 2 12 LastLast
Results 1 to 25 of 27
  1. #1

    anyone familier with the hacker JaMaYcKa's work?

    Do you know how he gets in?

    He has hacked a lot of sites.

  2. #2
    Join Date
    Jan 2005
    Location
    Scotland, UK
    Posts
    2,681
    First and foremost, lets not confuse hacker with script kiddie.

    If you are not sure how "he" got in then I suggest you hire an expert to have alook.
    Server Management - AdminGeekZ.com
    Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
    WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
    Check our wordpress varnish plugin. Contact us for quote: sales@admingeekz.com

  3. #3
    Join Date
    Nov 2002
    Location
    WebHostingTalk
    Posts
    8,901
    * Moved to Technical and Security Issues....

    Sirius
    I support the Human Rights Campaign!
    Moving to the Tampa, Florida area? Check out life in the suburbs in Trinity, Florida.

  4. #4
    Join Date
    Mar 2006
    Location
    New York USA
    Posts
    404
    Quote Originally Posted by skyman
    Do you know how he gets in?

    He has hacked a lot of sites.

    Well apprently server security or site security is not taken seriously on those he got into. I'm figuring it may be insecure permissions, a rootkit, php based Vuln, or some other injection. These are just the most common attacks.

  5. #5
    Join Date
    Jan 2005
    Location
    Scotland, UK
    Posts
    2,681
    My last response did not come across correctly so let's go over it again.

    Checking his zone-h most of them appear to be running cPanel, so I assume you are too? I suggest you sniff port 21 traffic.
    Server Management - AdminGeekZ.com
    Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
    WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
    Check our wordpress varnish plugin. Contact us for quote: sales@admingeekz.com

  6. #6
    Thanks I was already using "expert" services that was supposed to take care of any security holes.

  7. #7
    Join Date
    Mar 2006
    Location
    New York USA
    Posts
    404
    Quote Originally Posted by skyman
    Thanks I was already using "expert" services that was supposed to take care of any security holes.
    The problem is that most of the companies that claim to be "Security Experts" are far from it. Generally they just use some commonly found tools, scan, and send you a report and "supposedly" fix the security holes. You need someone that has been doing it a long time and is Certified.

  8. #8
    Join Date
    Oct 2005
    Posts
    1,635
    Quote Originally Posted by JVS_Hosting
    The problem is that most of the companies that claim to be "Security Experts" are far from it. Generally they just use some commonly found tools, scan, and send you a report and "supposedly" fix the security holes. You need someone that has been doing it a long time and is Certified.
    Do you reccomend any and have proof that they can be used for it. I don't need one but it will be nice to know.

  9. #9
    If anyone knows how this guy JaMaYcKa gets in please PM me and I'll you compensate you.

    I've had many offers of security scans and I will get another one from a differnet company but for now I'm just to find out what this guy does.

    Someone must know since he's hacked thousands of sites.

  10. #10
    Join Date
    Jan 2005
    Location
    Scotland, UK
    Posts
    2,681
    Quote Originally Posted by skyman
    If anyone knows how this guy JaMaYcKa gets in please PM me and I'll you compensate you.

    I've had many offers of security scans and I will get another one from a differnet company but for now I'm just to find out what this guy does.

    Someone must know since he's hacked thousands of sites.
    They all are running cPanel and just going on recently I belive it may be an unreleased cPanel ftp exploit, check your FTP logs and if it is it's possible there was only 1 straight login without guessing passwords.

    If so I suggest you have someone look over to see if any traces were left and if not to sniff the traffic for furture attempts to see if it can be found.
    Server Management - AdminGeekZ.com
    Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
    WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
    Check our wordpress varnish plugin. Contact us for quote: sales@admingeekz.com

  11. #11
    Join Date
    Jun 2004
    Posts
    525
    I would recommend ensuring phpBB installations on the server are upto date also as this is one of the main services exploited on webservers.

    You will need to check your access_log and error_log at the time of the attack.

  12. #12
    skyman, did you ever get any more information on this?
    Vertivo :: Affordable Web Hosting Packages and Reseller Plans
    We offer affordable and reliable Linux-based Reseller and Shared Hosting Plans. Accepted: All major Credit Cards and PayPal.

  13. #13
    It looks like our kernel was not upgraded so a vulnerable web script allowed him to exploit it.

  14. #14
    Quote Originally Posted by skyman
    It looks like our kernel was not upgraded so a vulnerable web script allowed him to exploit it.
    What kernel version were you running?

  15. #15
    Join Date
    Oct 2004
    Location
    New York
    Posts
    51
    umm you may want to read this:
    http://nukem.wordpress.com/2007/01/0...on-the-hacker/
    I was also attacked by this guy. I had backups of my customers accounts so the primary drive was formatted and there was a OS reload. Rack911, took over from there, Steven secured the server to the teeth, and we have not been affected anymore. Unfortunately, my other server which was scheduled to be secured by Rack911 on Friday, was attacked today. This guy has taken over the server, im waiting for the NOC to reset the password, get a OS reload and put the server in Steven's hand....
    Abraham R.
    abraham (at) datasegura.net

  16. #16
    Join Date
    May 2006
    Posts
    1,426
    script kiddy or not him and these other turk and brasillian hacking groups have 0day exploits, lot of which they found themselves, a lot of them are simply script kiddies but a lot aren't. Lets not try to get in the whats a hacker vs script kiddy debate, the minute you underestimate these guys you get owned.

    And secondly you can have a FULLY patched server, good passwords, web apps you think are secure and still get hacked. Does that mean you are a bad admin ? No it just means some of your software is unpatched or someone was very determined to get in your system.

    About 75% of defacements are from admin mistakes then other 25% are from 0day exploits and things you cant control.
    Zone-H look there for all defacement mirrors and attack statistics.

    But you should thank a defacer especially if they left evidence, becuase Id much rather be defaced then someone hack me and send spam, ddos attacks, and other nasty stuff from my server under my nose.

    Im sure there is always gonna be a few of these self proclaimed experts say if you do this and that you will NEVER or CANNOT ever be hacked. Simply not true, most of these experts have been hacked themselves or going to be one day.

    Keep backups, stay as secure as you can be. Luck will take care of the rest

    PS: Also on zone-h you can search for attack stats by ip, may come in handy

  17. #17
    Join Date
    May 2003
    Location
    Kirkland, WA
    Posts
    4,448
    He uploads a script through an insecure PHP script. This script has a few 'buttons' that let him do all kinds of random things through other insecure scripts. If your PHP scripts are secure, you'll be fine.
    Nick Nelson
    Sr. Director & GM, VAS
    Demand Media
    425.298.2282 nn@demandmedia.com

  18. #18
    Hello,

    From above link you can get more information about JaMaYcKa

    http://old.zone-h.org/en/defacements...facer=JaMaYcKa

    Thank you

  19. #19
    So is this exploit actually a hole in cPanel ? If it is, has it been fixed by cPanel and was any update released ?

  20. #20
    Join Date
    May 2006
    Posts
    1,426
    I dont know I had someone trying to sell me a supposed cpanel 0day about 2 weeks ago, I didnt think much of it then, thought it may be that xss taht they last had but the word in the underground is that there is a cpanel 0day.

    From what Ive heard it only can take the user account though. The people that have this are keeping it private, hopefully one of them will slip up and not cover their tracks.

    But I tell ya what, cpanel about scares me anymore.

  21. #21
    Hello,

    The hacking happens due to vulnerable scripts with PHP, CGI, Perl etc.. you can always be secure if you use the stable version of Cpanel.

    Also check the server, if any ports are kept open which are not used.

    For any further assistance, please do not hesitate to contact us.

    Thank you.

    Regards,

  22. #22
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    Quote Originally Posted by hostechsupport
    Hello,

    The hacking happens due to vulnerable scripts with PHP, CGI, Perl etc.. you can always be secure if you use the stable version of Cpanel.

    Also check the server, if any ports are kept open which are not used.

    For any further assistance, please do not hesitate to contact us.

    Thank you.

    Regards,

    Not all of it happens through vulnerable php / cgi / perl scripts. Recently had a client get hacked which all he was hosting was HTML files.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  23. #23
    Join Date
    Nov 2005
    Location
    Denmark
    Posts
    189
    And it is not a kernel exploit, unless he has an undisclosured 0day for it, since a client was running the latest kernel and he still got hacked..
    Systems Developer/Programmer

  24. #24

    * But any one wants to help contact me

    Quote Originally Posted by skyman
    Do you know how he gets in?

    He has hacked a lot of sites.
    Hiiiii to everybodyI have read all the responses, but unfortunately did not reach one of you to answer correctlyBut any one wants to help contact me

  25. #25
    Join Date
    Dec 2005
    Location
    Internet
    Posts
    1,352
    Quote Originally Posted by JaMaYcKa
    Hiiiii to everybodyI have read all the responses, but unfortunately did not reach one of you to answer correctlyBut any one wants to help contact me
    hmmmm

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •