Main Menu

Forum Hack

Started by Yonkey, August 13, 2007, 07:52:21 AM

Previous topic - Next topic

Yonkey

Hey everyone,

Thanks to all for notifying me that the forum got hacked.  The person somehow changed the index.php page to his own.  I'm looking into it to see how he did it exactly.

I'll keep you posted here. 8)
"A wish changes nothing. A decision changes everything."

Petra Rocks

 I didn't see it but Deloria was good enough so send me a screenie. Most of that was originally arabic, or at least some language written in that script. I recognize the letters. They do not add up to any word I know, but if you like might be able to get it translated. :) Actually I might anyway, it probably just says pwned or something but I am a little curious anyway. :P

icarus

someone at work knew some words. It was something of terroristic organization.  and let free or die or something like that.
That guy/girl had the wrong forum I think.
I am the lord of the underworld
member of APRETT
(Association of Patient's Rights to Eat Tasty Things)

(\_/)
(O.o)
(> <)

This is Bunny.
Copy Bunny into your signature to help him on his way to world
domination

Petra Rocks

I am lodging a request for a translation at some middle eastern\Islamic forums I know of, I should have a translation soon. :)

Yonkey

Well, I still have the file. :P  Personally, I think it's just someone that found an SMF security exploit and used it.  But if anyone can translate it, here ya go:


A Êã ÇáÏøÚÓ ãä ÞÈá A

a l . i r h a b i

ÇáãÏäíÜÜ ÈÇáÍÈÇá ¡ÇáÌäÏíÜÜ ÈÇáÑÕÇÕ ¡æÇáÊåßíÑ ááÚÈÇÞÑåÜÜ

ÓæÝ ÇÏãÑ æ áä ÇÊæÞÝ : ÇáÓøÌä Çæ ÇáãæÊ

ãÑåÈíä ÇáÚÇáã ÈÇÐä Çááå ... ÌÇÑí ÓÍÞ ÇáãÌÑøÉ



ÇáÇÎÊÑÇÞ ÇåÏÇÁ áßá ãä íÍÈ ÇáÇÑåÇÈíÜÜ

ÇáÓÈÈ: ãÒÇÇÇÇÌ æ ÊÍÏí æÇááå ÊÑÇäí ÒãÇä ãÇ ÔÝÊ ÇáßáÇÈ ÊäÈÍ

ÇáÔÑØÉ Ýí ÎÏãÉ ÇáÔÚÈ 911

al.irhabi@hotmail.com
"A wish changes nothing. A decision changes everything."

Petra Rocks

XD XD XD I doubt anyone living can read that. :P That's just gibberish computers put out when they have to try and write Arabic script when it's not programmed into them. :P I know, I have a couple of arabic songs I put into real player and their titles are shown as similar gobbdlygook. :P Frankly, this smells a lot more like a prank that anything a real militant group would do. :P

I do know the word irhabi though. It means terrorist, and not in a good sense. It implies illegitimacy, murders not holy fighters. No group would use it of themselves.

Yonkey

Oh, XD.  Yeah, I guess I don't have any Arabic fonts installed, so it just appears like that. 

And yeah, I think it's more like a prank that some script kiddie used to hack into forums.  The site admin said the file permissions weren't set correctly, so the used the forum itself to do it.  Still, I'm trying to find out  how exactly.
"A wish changes nothing. A decision changes everything."

Rosella

Not to mention the source code was a mess. Geez. :P

I mean, it was centered text and an image with a few line breaks. There was no reason it needed to be that complicated. :P

Though...still...they did hack the site. ;P I'm a bit freaked out, but uber bonus points for Petra for getting it translated. XD
I'm a princess even if my kingdom is pixelated.

Official Comfort Counselor of the TSL Asylum © ;D

It's funny how you find you enjoy your life when you're happy to be alive.

Petra Rocks

Precise translation was rendered as

Terrorist
Prison or death

Yonkey

Quote from: Petra Rocks on August 13, 2007, 11:24:33 AM
Precise translation was rendered as

Terrorist
Prison or death
Well, that's probably the strangest kind of hack I've ever seen.  I'm not sure how they connected terrorism with the TSL forum... ::)  Oh well, at least the site's now secure. :)
"A wish changes nothing. A decision changes everything."

PirateKingChris

Whew, I saw it last night but I don't actually have people's emails to contact so I couldn't do anything to contact anyone. I'm just happy it was nothing too serious that couldn't be fixed. Good work, Yonkey!
"Take it from someone who knows sick:  licking corpses is going waaay beyond demented."

Defender Of All Things Against Connor  :stabs:

Long Hair 4 Life XB

TEAM COCO

Boogeyman

#11
The group of assheads that are responsible are called a l . i r h a b i, and from the sound of their name, I'd say that they are Arabic. However the text on the hacked site is actually Korean! I know this because I was able to translate it with Babelfish. Some of the things I saw were: Under the Song it will bloom, System blood, it broke, point, Grudge. 911 is also visible on the hacked page. There was also a picture which contained what looked like Arabic writing, also it is hosted on an Arabic site. The site is http://www.m5zn.com/


BTW, the full translation is:
A hya hyul A

hya Hool Hool hya Gwon Hool hya Pyob $$ln

Under the Song it will bloom, hya hyos hya $$ln hya
Hool ya... Answer hya $$ln


hya Ping Pyob it broke, point hyeyl hya Grudge hup $$ln
hya hyeyl System blood blood Gwon hya Hug Hug Dong ya hyeylhwen
hya hya hyeyl_911
I don't narrate for stinky kings!

Petra Rocks

al irhabi means the terrorist in Arabic, as I think I mentioned before. I confess to being mildly amused by the whole affair. XD And the link you gave leads to what looks to me like a 503 Service Unavailable message in Arabic. ;P

dew7

Hmmm!  I saw the site and was one of the ones to notify Neil.  I checked on the web link provided and 2 Arabic sites came up on my computer.  Very Interesting!  I wonder if this was the work of a script kiddie or two or something more serious.  Now, I am sure Say sees why I am so careful with my information.  Shoot!  I have already had to deal with identity theft in the U.S.A.  I am following through with the authorities here.  Neil, do you know about installing support for other languages in Windows?  Thanks!
Carpe Diem  Trying to help all of us including myself understand the merry-go-round of life.

awesomeasapossum

I'm sure Neil knows about support for other languages in Windows; he knows everything!
-Proud member of the Kelsey fan club!
Long live The Silver Lining!

dew7

Yeah, he does know a lot but not everything of course.

::)  :P  ;)
Carpe Diem  Trying to help all of us including myself understand the merry-go-round of life.

Boogeyman

I MIGHT have gotten some viruses from the hacked site, so I need everyone who saw it to check their computers(unless they saw it with a Mac, of course).
I don't narrate for stinky kings!

dew7

I plan on doing that with AVG antivirus soon but I think I will be okay.

I have lots of protection and redundant themes in my system as well as backups.

Heck, I like beta testing too.  8)

On this end --- so far --- Spybot Search and Destroy --- checked out okay

SpywareBlaster is working fine --- nothing disabled

Have not checked with Adaware --- too many false positives in the past

Will enable and check with further programs to determine payload potential

If you want a good safe site to download freeware stuff that is unlikely to be hacked then please instant message me and I will determine your request.  I would rather not have this particular site know to everyone of course --- don't want to give potential hackers more sites to try and bring down --- <grin>

Posted on: August 13, 2007, 11:32:46 PM

* --- AVG scan complete and all files scanned ---- okay on my end ----- how are other people doing

* --- Slept only a few hours since lots on my mind with work and other stuff

* --- Clicked on foreign webpage and indeed linked to foreign webpage --- strange how the scroll bar is on the left rather than right --- opening one page caused other pages to be opened --- I do not bother with blocking popups since I like to know when my computer is infected

* --- Page provided courtesy of pirateking Chris which is http://www.m5zn.com/

* --- 1 other site opened by popup and 2 other sites opened when closing the 2 sites

* === http://www.qssun.com/vb/

* === http://www.kingsof3rb.com/

* === http://www.bnorama.com/vb/

It will be interesting and thrilling to see whether these sites are linked with terriorism or whether it was just a script kiddie.
Carpe Diem  Trying to help all of us including myself understand the merry-go-round of life.

Yonkey

#18
Quote from: dew7 on August 13, 2007, 06:45:29 PM
Neil, do you know about installing support for other languages in Windows?  Thanks!
Yes, but since I can't read Arabic, East Asian or Oriental languages, I usually don't install those. :P

If you guys are extremely interested in translating, I'll install those once I get back and post a screenshot or something.  I'm not too concerned, because it obviously has nothing to do with our site and seems more like a completely random attack.

Quote from: Boogeyman on August 13, 2007, 08:09:52 PM
I MIGHT have gotten some viruses from the hacked site, so I need everyone who saw it to check their computers(unless they saw it with a Mac, of course).
I don't believe there were any viruses in that file (since nothing popped up prompting a download or anything), but I'll examine the source in more detail once I get home.
"A wish changes nothing. A decision changes everything."

Shades2585

Quote from: Yonkey on August 13, 2007, 12:30:49 PM
Quote from: Petra Rocks on August 13, 2007, 11:24:33 AM
Precise translation was rendered as

Terrorist
Prison or death
Well, that's probably the strangest kind of hack I've ever seen.  I'm not sure how they connected terrorism with the TSL forum... ::)  Oh well, at least the site's now secure. :)

They didn't that is just the hacker name that person uses.
Knight of Queen Deloria since 24-Jul-06 ;D
Duke of Lancaster of Queen Deloria since 09-Sept-06
Bestowed "Captain of Calais" on 08-Nov-06

Bestowed Kingdom of Bohemia by Queen Deloria on 06-Jan-07

Does anybody even remember who Wormy is?
Bring WORMY BACK!!!!!!!