Jonathan Leger's Forum Hacked

It can't be prevented.

As long as safeguards can be put in place electronically, they can be broken in reverse..

Jay

Does this put members of jon legers products at risk?

What is is with these hacker's and promoting religion when they hack a website!

I really dont understand them at all (hacker's that is)!

Mark Blaze

It would obviously be likely that any of your personal information may have been compromised. However the products I have purchased in the past from Jonathan only required name and email. All vital information was submitted via Paypal, at least in my case. They of course do not transmit this information to him and therefore would not have been accessible by the rogue hacker.

Most likely these individuals are in another country and the international extradition or prosecutionary practices are weak at best.

I must qualify the above statement as a law enforcement officer that has had opportunity to work on cases that involve internet, national and international terrorism and the like. Some internet crimes of this nature can be classified or punishable as terrorism. But not knowing the implications it has had on Jonathan's end I am not qualified to comment. I am quite certain that it has effected his income!

We all know that he will do all in his power to correct this.

It is a pain for sure as I log into his forum every few days.

And yeah, what is it with the religious agenda with these fools! I am not sure God, Allah, Buddha or whomever would approve.

what a pain in the ass, such a well internet marketer get hacked as well...

Any idea how we can diversity the hacking damage if it happen that our website get hacked? Will it prevent the spreading of the hack by using a different IP address from a hostgator VPS?

Regards,
Winson

I think the real question is where the heck is Jon, to not of taken that down yet?

Doesn't anyone have his phone number to let him know what is going on.

Yes i have emailed john via paydotcom and selected to send to his personal email address as well, just to check he is aware, I am sure Amin has got his number in case of emergencies, and this definitely qualifies!

The big worry of course is our blogs, without going into too much detail i am sure user of Jon's products get my drift, i have checked a couple of mine they look ok and all quiet since yesterday when i guess this happened.

keep your eyes peeled members, and let this serve as a reminder that complex passwords are not just a good idea but essential, always, don't use the same password for everything, get a good password manager software like roboform and/or password coral and auto generate complex passwords every time you create a new account for anything.

As this forum comes up in google when you search for jon leger hacked i suggest we make this thread our temporary home until Jon returns.

Amin have you got an update for us?

Cheers team

Bodger2010

Any site can be hacked - at one point or another. All it takes is a Zero Day exploit - which is an exploit that has not been fixed yet.

The most common cause of hacks are insecure passwords - people using simple passwords, and not having brute force protection installed. What will happen, a hacker will use a program that throws thousands of passwords at the server. This is called a Brute Force attack. Servers need some kind of security software installed, which locks the root account for X number of minutes after X number of failed log ins.

Not updating the server OS, not updating the server applications - database software, php software, web server software, control panel software,,,,, can leave a server open for attack.

Not updating the website software - if your using a content management system, its critical to keep the software updated.

The guy could have got some kind of virus on his home computer that logged his admin account information, and then emailed that information to the hacker.

When you see a website that has been hacked, it might not be the owners fault. The hosting provider might have updated the operating system, so all sites on the server might have been hacked. There are maybe dozens of ways that the site could have been compromised.

Hi Guys,

I first thought it was an exploit to the forum (simplemachines) John uses, but all his sites (even some of his software) has been attacked, I think someone wants to stop John from going forward with his work!

******* John, if you read this and there is anything I can help you out with, don't hesitate to ask! *******

This is very sad, his forums provide a wealth of information.

very soon it will be prevented

@ MikeVideo - if you right click -> view source

here is a reference to http://img411.imageshack.us/img411/8074/511k.gif - they are prob using that to track hits on the front page

These are junior hackers who have found a hole in the script and used it

More than likely it was a SQL injection that gave them admin info then they updated the .htaccess to redirect to this page

As JayXtreme mentioned all systems are vulnerable to attack .. you might want to google things like "sql injection" or "sql vulnerabilities" on the scripts you are using to see if there are patches needed to close known vulnerabilities

Just so you know ... even scripts like wordpress have security holes ...
wordpress sql injections - Google Search

Thats why its important to update to the latest patches - much like a anti virus on your pc to keep all the nasties out

Hope this info helps

DaveWebSmith

Sorry for the repost - Just Googled the Hacker' name

SarBoT511 - Google Search

Servers Hacked - Preventing SQL Inject? - cPanel Forums

Its on the CPanel Forum as i suspected - SQL Injection breach

If he has backups it would probably still take a few hours to overwrite all the hacker crap so it's going to take some time to get back to normal.

1waylinks.net isn't back up yet

Well, Wilson if you want a prevention, then probably you will need a bunch of hosting that run mirror sites.

And also you will need backups on a secure remote server. So that you can recover your site in a shorter time if anything happened on your site,

Hi all,

there is a great website here called https://www.grc.com/password.htm

i use it to generate my passwords

Yes 1waylinks is back up but just tried to give me a nasty virus when I went to it! (like WendellC mentioned) Luckily Avast caught it all, but it tried spreading into a load of files really quickly and I am now having to run scans to check if anything did get through.

Hopefully Jon can get all this sorted because I was going to sign up to 3way and 1waylinks yesterday!

Just a quick note, either someone is going on a hacking rampage, or that virus which my anti-virus software tried to block (didn't manage to get it all) from 1waylinks gave the hacker access to my ftp program or something, because today all my sites have been hacked too... (we're talking 4 different hostgator accounts!)

Not cool!