Results 1 to 25 of 27
-
12-20-2006, 02:36 PM #1Newbie
- Join Date
- Nov 2006
- Posts
- 20
anyone familier with the hacker JaMaYcKa's work?
Do you know how he gets in?
He has hacked a lot of sites.
-
12-20-2006, 02:53 PM #2Engineer
- Join Date
- Jan 2005
- Location
- Scotland, UK
- Posts
- 2,681
First and foremost, lets not confuse hacker with script kiddie.
If you are not sure how "he" got in then I suggest you hire an expert to have alook.Server Management - AdminGeekZ.com
Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
Check our wordpress varnish plugin. Contact us for quote: sales@admingeekz.com
-
12-20-2006, 02:53 PM #3Retired Moderator
- Join Date
- Nov 2002
- Location
- WebHostingTalk
- Posts
- 8,901
* Moved to Technical and Security Issues....
SiriusI support the Human Rights Campaign!
Moving to the Tampa, Florida area? Check out life in the suburbs in Trinity, Florida.
-
12-20-2006, 02:55 PM #4Aspiring Evangelist
- Join Date
- Mar 2006
- Location
- New York USA
- Posts
- 404
Originally Posted by skyman
Well apprently server security or site security is not taken seriously on those he got into. I'm figuring it may be insecure permissions, a rootkit, php based Vuln, or some other injection. These are just the most common attacks.
-
12-20-2006, 02:57 PM #5Engineer
- Join Date
- Jan 2005
- Location
- Scotland, UK
- Posts
- 2,681
My last response did not come across correctly so let's go over it again.
Checking his zone-h most of them appear to be running cPanel, so I assume you are too? I suggest you sniff port 21 traffic.Server Management - AdminGeekZ.com
Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
Check our wordpress varnish plugin. Contact us for quote: sales@admingeekz.com
-
12-20-2006, 02:59 PM #6Newbie
- Join Date
- Nov 2006
- Posts
- 20
Thanks I was already using "expert" services that was supposed to take care of any security holes.
-
12-20-2006, 03:01 PM #7Aspiring Evangelist
- Join Date
- Mar 2006
- Location
- New York USA
- Posts
- 404
Originally Posted by skyman
-
12-20-2006, 03:10 PM #8Web Hosting Master
- Join Date
- Oct 2005
- Posts
- 1,635
Originally Posted by JVS_Hosting
-
12-20-2006, 05:04 PM #9Newbie
- Join Date
- Nov 2006
- Posts
- 20
If anyone knows how this guy JaMaYcKa gets in please PM me and I'll you compensate you.
I've had many offers of security scans and I will get another one from a differnet company but for now I'm just to find out what this guy does.
Someone must know since he's hacked thousands of sites.
-
12-20-2006, 05:07 PM #10Engineer
- Join Date
- Jan 2005
- Location
- Scotland, UK
- Posts
- 2,681
Originally Posted by skyman
If so I suggest you have someone look over to see if any traces were left and if not to sniff the traffic for furture attempts to see if it can be found.Server Management - AdminGeekZ.com
Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
Check our wordpress varnish plugin. Contact us for quote: sales@admingeekz.com
-
12-20-2006, 05:13 PM #11Web Hosting Evangelist
- Join Date
- Jun 2004
- Posts
- 525
I would recommend ensuring phpBB installations on the server are upto date also as this is one of the main services exploited on webservers.
You will need to check your access_log and error_log at the time of the attack.
-
12-29-2006, 08:35 PM #12Web Hosting Master
- Join Date
- Feb 2004
- Posts
- 737
skyman, did you ever get any more information on this?
Vertivo :: Affordable Web Hosting Packages and Reseller Plans
We offer affordable and reliable Linux-based Reseller and Shared Hosting Plans. Accepted: All major Credit Cards and PayPal.
-
12-29-2006, 11:52 PM #13Newbie
- Join Date
- Nov 2006
- Posts
- 20
It looks like our kernel was not upgraded so a vulnerable web script allowed him to exploit it.
-
12-30-2006, 01:10 AM #14Disabled
- Join Date
- Oct 2005
- Posts
- 515
Originally Posted by skyman
-
01-09-2007, 08:50 PM #15Junior Guru Wannabe
- Join Date
- Oct 2004
- Location
- New York
- Posts
- 51
umm you may want to read this:
http://nukem.wordpress.com/2007/01/0...on-the-hacker/
I was also attacked by this guy. I had backups of my customers accounts so the primary drive was formatted and there was a OS reload. Rack911, took over from there, Steven secured the server to the teeth, and we have not been affected anymore. Unfortunately, my other server which was scheduled to be secured by Rack911 on Friday, was attacked today. This guy has taken over the server, im waiting for the NOC to reset the password, get a OS reload and put the server in Steven's hand....Abraham R.
abraham (at) datasegura.net
-
01-10-2007, 11:19 AM #16Disabled
- Join Date
- May 2006
- Posts
- 1,426
script kiddy or not him and these other turk and brasillian hacking groups have 0day exploits, lot of which they found themselves, a lot of them are simply script kiddies but a lot aren't. Lets not try to get in the whats a hacker vs script kiddy debate, the minute you underestimate these guys you get owned.
And secondly you can have a FULLY patched server, good passwords, web apps you think are secure and still get hacked. Does that mean you are a bad admin ? No it just means some of your software is unpatched or someone was very determined to get in your system.
About 75% of defacements are from admin mistakes then other 25% are from 0day exploits and things you cant control.
Zone-H look there for all defacement mirrors and attack statistics.
But you should thank a defacer especially if they left evidence, becuase Id much rather be defaced then someone hack me and send spam, ddos attacks, and other nasty stuff from my server under my nose.
Im sure there is always gonna be a few of these self proclaimed experts say if you do this and that you will NEVER or CANNOT ever be hacked. Simply not true, most of these experts have been hacked themselves or going to be one day.
Keep backups, stay as secure as you can be. Luck will take care of the rest
PS: Also on zone-h you can search for attack stats by ip, may come in handy
-
01-10-2007, 06:08 PM #17Web Hosting Master
- Join Date
- May 2003
- Location
- Kirkland, WA
- Posts
- 4,448
He uploads a script through an insecure PHP script. This script has a few 'buttons' that let him do all kinds of random things through other insecure scripts. If your PHP scripts are secure, you'll be fine.
-
01-10-2007, 06:20 PM #18Disabled
- Join Date
- Jun 2005
- Posts
- 588
Hello,
From above link you can get more information about JaMaYcKa
http://old.zone-h.org/en/defacements...facer=JaMaYcKa
Thank you
-
01-11-2007, 10:25 PM #19WHT Addict
- Join Date
- Apr 2006
- Posts
- 113
So is this exploit actually a hole in cPanel ? If it is, has it been fixed by cPanel and was any update released ?
-
01-12-2007, 12:03 AM #20Disabled
- Join Date
- May 2006
- Posts
- 1,426
I dont know I had someone trying to sell me a supposed cpanel 0day about 2 weeks ago, I didnt think much of it then, thought it may be that xss taht they last had but the word in the underground is that there is a cpanel 0day.
From what Ive heard it only can take the user account though. The people that have this are keeping it private, hopefully one of them will slip up and not cover their tracks.
But I tell ya what, cpanel about scares me anymore.
-
01-14-2007, 10:48 AM #21Disabled
- Join Date
- Jun 2005
- Posts
- 588
Hello,
The hacking happens due to vulnerable scripts with PHP, CGI, Perl etc.. you can always be secure if you use the stable version of Cpanel.
Also check the server, if any ports are kept open which are not used.
For any further assistance, please do not hesitate to contact us.
Thank you.
Regards,
-
01-14-2007, 01:47 PM #22Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
Originally Posted by hostechsupport
Not all of it happens through vulnerable php / cgi / perl scripts. Recently had a client get hacked which all he was hosting was HTML files.Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
01-27-2007, 02:06 PM #23Junior Guru
- Join Date
- Nov 2005
- Location
- Denmark
- Posts
- 189
And it is not a kernel exploit, unless he has an undisclosured 0day for it, since a client was running the latest kernel and he still got hacked..
Systems Developer/Programmer
-
01-27-2007, 03:27 PM #24BANNED!
- Join Date
- Jan 2007
- Posts
- 1
But any one wants to help contact me
Originally Posted by skyman
-
01-27-2007, 03:34 PM #25LORD OF THE RINGS
- Join Date
- Dec 2005
- Location
- Internet
- Posts
- 1,352
Originally Posted by JaMaYcKa