Is this article directory got hacked or intentional?

by keivn2
17 replies
  • SEO
  • |


Is this article directory got hacked or it is just a prank from the owner of that site?

Oh man..I have at least 6 articles in this article directories.

What do you guys think?
#article #directory #hacked #intentional
  • Profile picture of the author hotftuna
    Site owner would never do that.
    Signature
    HeDir.com ranks #1 for "human edited web directory"


    {{ DiscussionBoard.errors[1787506].message }}
  • Profile picture of the author dvduval
    Someone was telling me there was a zero day exploit on Article Dashboard last night. Can anyone confirm this?
    Signature
    It is okay to contact me! I have been developing software since 1999, creating many popular products like phpLD.
    {{ DiscussionBoard.errors[1787684].message }}
  • Profile picture of the author nettech
    Page title looks very much hacked!!!!
    Signature

    Thanks
    Zaheer

    {{ DiscussionBoard.errors[1787721].message }}
  • Profile picture of the author Marakatapolis
    Yep, I was using directory bot and ran into at least a dozen or more directories with "hacked by skull hacker" and his "spooky" logo on the pages.

    I put that phrase (can't remember it verbatim) into Google and it came back with almost 7000 sites currently hacked by him, most of them were crappy directories/forums.

    For example, from my run of 25 directory bot directories, about 12 of them were hacked by skull hacker LOL.... prolific little *******. Although, how hard is it really to hack crappy directories and forums? Not exactly "Zero Cool" elite


    Haker By kasper Haker By kasper Haker By kasper
    usatodayarticles.info

    Hacked By SkuLL-HacKeR
    wellnessarticles.net
    {{ DiscussionBoard.errors[1789005].message }}
    • Profile picture of the author Bruce Hearder
      Originally Posted by Marakatapolis View Post

      Although, how hard is it really to hack crappy directories and forums?
      Actually it not really that hard at all..

      What usually happens is that people set their files and root dirctory to have a permission setting of 777.

      This means that anyone can write to that folder. So they simply edit the files on the server, quite easily done via PHP and insert their own stuff into the title tag.

      Many hackers use this same technique to quitely sneak a link to some other site into the main template of site. The web owner never notices the link and it can stay their for months or even years before its discovered.

      Take care, and make sure your /public_html/ folder is not set to 777

      Bruce
      {{ DiscussionBoard.errors[1790514].message }}
      • Profile picture of the author sadekjake
        Originally Posted by Bruce Hearder View Post

        Actually it not really that hard at all..

        What usually happens is that people set their files and root dirctory to have a permission setting of 777.

        This means that anyone can write to that folder. So they simply edit the files on the server, quite easily done via PHP and insert their own stuff into the title tag.

        Many hackers use this same technique to quitely sneak a link to some other site into the main template of site. The web owner never notices the link and it can stay their for months or even years before its discovered.

        Take care, and make sure your /public_html/ folder is not set to 777

        Bruce
        Thanks a lot for the advice. I usually set it to 666 but did not know 777 could make it hackable.
        Signature

        Brand mentions and exposure on reputed news and online media sites. WSO here.

        {{ DiscussionBoard.errors[1802433].message }}
      • Profile picture of the author Crew Chief
        I received this note via AAS on 2-24-10 concerning the hack attack on Article Dashboard directories:

        Hello Crew Chief
        Important: 5 directories or more got hacked on 24/02/2010. You ARE NOT in any danger. The attacker has chenged the sites to include some music, animation and 4 pop ups but there IS NOT MALICIOUS code aimed at the users. If you go to these sites just press Enter 4 times to close all 4 pop ups and the control is back to the browser (and the program). The message is aimed at the directory owner, you HAVE NOT been hacked and nobody attempted to hack you. If the owners don't fix their directories over the weekend these will be replaced in AAS.


        It is important to not for "ALL" Article Dashboard users that you implement changes in the script to avoid being hacked. The one method mentioned by Bruce is crucial. Infant hackers build hacking credentials in their communities by attacking scripts in which the owners and/or webmasters fail or refuse to implement security measures to protect their sites from such attacks.

        If you are using Article Dashboard, let this be a lesson! If you know people using AD, inform them ASAP!

        Also recognize that you can make your AD site safe with some simple changes such as altering your permission settings. Another thing you can do is RENAME your Admin access to some ridiculous 17 to 20 character name. For example, if your login looks like this:

        http://www.hackerslovethis.com/admin/

        You are pretty much a sitting duck for hackers. If you take a look at some of the major Article Dashboard directories you will find that they:

        (1). Renamed their admin access folder
        (2). Change their permissions
        (3). Created a new username, (not "admin")
        (4). Created a super strong password

        Your admin access where YOU login to gain access to your control panel should look something like this:

        http://www.hackershatethis.com/Qi?$rR&k#lp9vuiil?##$2dwQ0O/

        Also, I've noticed that many Article Dashboard owners never changed the default login of admin and admin??? Once again, those individuals are inviting hackers. Both your username and you password should pass the strength test as being super strong.



        Originally Posted by Bruce Hearder View Post

        Actually it not really that hard at all..

        What usually happens is that people set their files and root dirctory to have a permission setting of 777.

        This means that anyone can write to that folder. So they simply edit the files on the server, quite easily done via PHP and insert their own stuff into the title tag.

        Many hackers use this same technique to quitely sneak a link to some other site into the main template of site. The web owner never notices the link and it can stay their for months or even years before its discovered.

        Take care, and make sure your /public_html/ folder is not set to 777

        Bruce
        Signature
        Tools, Strategies and Tactics Used By Savvy Internet Marketers and SEO Pros:

        ProSiteFlippers.com We Build Monetization Ready High-Value Virtual Properties
        {{ DiscussionBoard.errors[1803068].message }}
        • Profile picture of the author agallod
          I own an AD directory and it recently got hacked by the same idiotic skull hacker or whatever his name is.

          The AD script has some major issues for sure but let me tell you why most ppl don't change their permissions and leave them on 777. Most AD dirs are automatic and they receive articles from isnare and articlemarketer so the permissions are set like this to be able to automatically receive articles. If you close that gap, you can no longer get articles so your site cannot grow. 98% of the AD dirs follow this concept, there is only a handful of them that get articles from actual ppl visiting their websites.

          On a side note, reversing the hack is nothing difficult. The hacker changes the templates so you just to upload yours back and you are done. Sometimes, they add a category of their own and somehow that redirects the home page to a page that says "hacked by blah blah".

          It is a pain in the neck but it can be resolved.

          I'm currently in the process of tracking down this idiotic kid that keeps doing all this. We have teemed up with a bunch of other AD dir owners and have spoken with about 5 hosting companies that host those dirs to help out to track this trouble maker as he seems to be a newbie in the hacking world so he doesn't really cover his tracks...I'll keep u updated...
          {{ DiscussionBoard.errors[1819646].message }}
      • Profile picture of the author aborana
        Originally Posted by Bruce Hearder View Post

        Actually it not really that hard at all..

        What usually happens is that people set their files and root dirctory to have a permission setting of 777.

        This means that anyone can write to that folder. So they simply edit the files on the server, quite easily done via PHP and insert their own stuff into the title tag.

        Many hackers use this same technique to quitely sneak a link to some other site into the main template of site. The web owner never notices the link and it can stay their for months or even years before its discovered.

        Take care, and make sure your /public_html/ folder is not set to 777

        Bruce
        Bruce,

        Where do they place the php code?
        {{ DiscussionBoard.errors[1822278].message }}
        • Profile picture of the author arunseo
          Hi !

          Thanks for supporting......

          Now I am facing problem to admin login...it shows "INVALID LOGIN".
          Either My database have same login/pwd.

          Thanks
          Arun
          {{ DiscussionBoard.errors[1917635].message }}
  • Profile picture of the author keivn2
    So I guess that it is the best for me to avoid using those hacked directories?
    {{ DiscussionBoard.errors[1790129].message }}
  • Profile picture of the author firstdandy
    From my programming based, It seems that It's got hacked. Usually It's because the script that can rewrite the index.php part of the website. It's caused by folder that's not change back to 755 or someone that have the cpanel or FTP of the website from password exploiter. Maybe You can use the website again after the hacked part is fixed.
    {{ DiscussionBoard.errors[1793652].message }}
    • Profile picture of the author Lee MacRae
      There looks to be 4 different hackers or groups of hackers that are showing up on a ton of sites. Wish there was a way to shoot a flame thrower back through to their computers and fry the #@%%$##'s
      {{ DiscussionBoard.errors[1801654].message }}
  • Profile picture of the author arunseo
    Dear Guys !

    Thanks for supporting......

    Now I am facing problem to admin login...it shows "INVALID LOGIN".
    Either My database have same login/pwd.
    {{ DiscussionBoard.errors[1916736].message }}
  • Profile picture of the author robognome
    They replaced the template files in the 'templates' and 'admintemplates' directories. Both these directories and the files in them are left publicly writable after articledashboard is installed, apparently. The index.php is not changed but I would upload the entire set of site files again.

    After that Set all the dir to read 755 and all php and template files to 644, except for the 'photoimages' directory. Then login as admin (mysite.com/admin - you can't login as admin at the normal user login screen - go figure) and set your site name back to whatever instead of the 'hacked by 7FaanX h4ck3r dipsticks'. This is what makes that show up in the page title.

    Then make sure your cgibin dir is NOT writable. it should be 755 not 777. Mine was writable. I should know better.

    They might of changed other stuff in the database (added profanity to articles, scrambled categories, etc.) so if you are running adsense on your site you probably want to restore your database to a known good version so you don't run the risk of losing your adsense account - or you can just just remove adsense and be cavalier about the whole thing.

    Or you could have your webhost restore your site (and database) to a known good copy. Maybe you web host will do that if they make nightly backups and you catch it soon enough before they overwrite the old backup.

    Regardless, make sure you change the directory permissions afterward or you get to do it all again.

    Now wasn't this a wonderful learning experience?

    Edit:
    Oh, yeah. One very critical addendum: change your database and admin passwords.
    {{ DiscussionBoard.errors[1943827].message }}
    • Profile picture of the author aneesh
      Hi Friends,

      My AD is hacked by some Turkish hackers. When I browse to my home page and reviewnewarticles page, it automatically redirects to their site and showa message like this:

      =======================================
      Hacked By _-SeRveR-_

      _-Explorer-_ _-S.W.A.T-_ Turksecurty.Us|

      | YaptıkLarımız YapacakLarımızın Güvencesidir !
      =======================================

      I learned from another forum that it is a meta refresh code injection in the databse and I should remove that injection to make the site working. Could anybody please tell me how to remove the database injection? Thank you.

      -aneesh
      {{ DiscussionBoard.errors[2622766].message }}

Trending Topics