Old website & domain was hacked!

[Rico]

Well, I was making some changes to my older domain (treksf.com) this morning and discovered it had been hacked!  Some Turkish hacker had changed it so it would redirect people to I guess his site.  Made me pretty mad.  I still use that domain to redirect people here and to store older podcasts, etc.  I contacted Powweb (the host for that domain) and told them about it.  I did some Googling and I guess this hacker has hit thousands of web sites.  Anyway, thought I would pass along the fun news.  For those technically inclined, here is a copy of the index.html (the root file on a web site) that this goof put up on my old site:

<html>

<head>
<meta http-equiv="Content-Language" content="tr">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<title>iskorpitx</title>
</head>

<body bgcolor="#000000" text="#808080">
<meta http-equiv="refresh"content="10;URL=http://www.dubravavillage.us/bilder">
<p align="center">&nbsp;</p>
<p align="center">&nbsp;</p>
<p align="center">
<img src="http://www.mavideniz.org/atam.gif" width="152" height="108"></p>
<p align="center">&nbsp;</p>
<body onUnLoad="xopentr('http://www.mavideniz.org')">
<p align="center"><font size="6">BY iSKORPiTX</font></p>
<p align="center"><font size="4">(TURKISH HACKER)</font></p>
<p align="center">FORUM AÇILIÞTIR</p>
<p align="center"><font size="5">iscorpitx, marque du monde, présente ses
salutations à tout le monde.</font> </p>
<body onUnLoad="xopentr('http://www.mavideniz.org')">
<Script Language=JavaScript Type="Text/JavaScript">
function xopentr(url_pop)
{
var PopWidth=400;
var PopHeight=300;
var PopLeft = (window.screen.width-PopWidth)/2;
var PopTop = (window.screen.height-PopHeight)/2;
xopenvar=window.open(url_pop,'xopenvar','toolbar=yes,status=yes,menubar=yes,location=yes,directories=yes,resizable=yes,scrollbars=yes,width='+PopWidth+',height='+PopHeight+',top='+PopTop+',left='+PopLeft);
}
</Script>

By the way, don't visit those URL's listed, it will just give him more hits.  I'm still investigating how he got in exactly.  Maybe Powweb will have some thoughts.

[jedijeff]

Wow, that is not good, I checked my website that is still hosted on powweb and fortunately it is ok. I had not had any issues with them for the past half year, and had actually renewed my service with them, as I did not want to go through the effort of moving my site. Looking like that might have been a wrong decision, thanks for the heads up, tonight I will go through my site and make sure nothing has been hacked. Good thing my other sites are a much more relaible service.

[Rico]

It's definitely not just Powweb Jeff.  There is a whole thread on it here:  http://www.lunarforums.com/lunarpages_webhosting_help/site_hacked_help-t34877.0.html

Lunarpages was hit hard.  This guy has attacked even corporate sites.  Not sure why he bothered with little old me.  Maybe he listens to my podcast.  LOL!  Anyway, if I learn of any safety measures from Powweb I'll be sure and pass them on to you.

[jedijeff]

Thanks Rico, yes, that is maddening for it to happen, the internet has many great things such as your show, but unfortunately it has a lot of bad things and people as well.

[iceman]

This doesnt surprise me all that much as their are alot of people out their who enjoy doing this stuff, at least you caught it, wonder how long he had hacked your site for. You would think they would have some type of firewall to prevent this.

[Rico]

This doesnt surprise me all that much as their are alot of people out their who enjoy doing this stuff, at least you caught it, wonder how long he had hacked your site for. You would think they would have some type of firewall to prevent this.

It's quite a bit more complicated and many things won't be stopped by a firewall.  The internet by it's nature is two-way communication.  That can leave certain "doors" open.  Oh, he didn't really have much control of my old site, he was just redirecting certain traffic away from it.  I would of caught it much faster if I was still using things there much.