Hey everyone,
Thanks to all for notifying me that the forum got hacked. The person somehow changed the index.php page to his own. I'm looking into it to see how he did it exactly.
I'll keep you posted here. 8)
I didn't see it but Deloria was good enough so send me a screenie. Most of that was originally arabic, or at least some language written in that script. I recognize the letters. They do not add up to any word I know, but if you like might be able to get it translated. :) Actually I might anyway, it probably just says pwned or something but I am a little curious anyway. :P
someone at work knew some words. It was something of terroristic organization. and let free or die or something like that.
That guy/girl had the wrong forum I think.
I am lodging a request for a translation at some middle eastern\Islamic forums I know of, I should have a translation soon. :)
Well, I still have the file. :P Personally, I think it's just someone that found an SMF security exploit and used it. But if anyone can translate it, here ya go:
A Êã ÇáÏøÚÓ ãä ÞÈá A
a l . i r h a b i
ÇáãÏäíÜÜ ÈÇáÍÈÇá ¡ÇáÌäÏíÜÜ ÈÇáÑÕÇÕ ¡æÇáÊåßíÑ ááÚÈÇÞÑåÜÜ
ÓæÝ ÇÏãÑ æ áä ÇÊæÞÝ : ÇáÓøÌä Çæ ÇáãæÊ
ãÑåÈíä ÇáÚÇáã ÈÇÐä Çááå ... ÌÇÑí ÓÍÞ ÇáãÌÑøÉ
ÇáÇÎÊÑÇÞ ÇåÏÇÁ áßá ãä íÍÈ ÇáÇÑåÇÈíÜÜ
ÇáÓÈÈ: ãÒÇÇÇÇÌ æ ÊÍÏí æÇááå ÊÑÇäí ÒãÇä ãÇ ÔÝÊ ÇáßáÇÈ ÊäÈÍ
ÇáÔÑØÉ Ýí ÎÏãÉ ÇáÔÚÈ 911
al.irhabi@hotmail.com
XD XD XD I doubt anyone living can read that. :P That's just gibberish computers put out when they have to try and write Arabic script when it's not programmed into them. :P I know, I have a couple of arabic songs I put into real player and their titles are shown as similar gobbdlygook. :P Frankly, this smells a lot more like a prank that anything a real militant group would do. :P
I do know the word irhabi though. It means terrorist, and not in a good sense. It implies illegitimacy, murders not holy fighters. No group would use it of themselves.
Oh, XD. Yeah, I guess I don't have any Arabic fonts installed, so it just appears like that.
And yeah, I think it's more like a prank that some script kiddie used to hack into forums. The site admin said the file permissions weren't set correctly, so the used the forum itself to do it. Still, I'm trying to find out how exactly.
Not to mention the source code was a mess. Geez. :P
I mean, it was centered text and an image with a few line breaks. There was no reason it needed to be that complicated. :P
Though...still...they did hack the site. ;P I'm a bit freaked out, but uber bonus points for Petra for getting it translated. XD
Precise translation was rendered as
Terrorist
Prison or death
Quote from: Petra Rocks on August 13, 2007, 11:24:33 AM
Precise translation was rendered as
Terrorist
Prison or death
Well, that's probably the strangest kind of hack I've ever seen. I'm not sure how they connected terrorism with the TSL forum... ::) Oh well, at least the site's now secure. :)
Whew, I saw it last night but I don't actually have people's emails to contact so I couldn't do anything to contact anyone. I'm just happy it was nothing too serious that couldn't be fixed. Good work, Yonkey!
The group of assheads that are responsible are called a l . i r h a b i, and from the sound of their name, I'd say that they are Arabic. However the text on the hacked site is actually Korean! I know this because I was able to translate it with Babelfish. Some of the things I saw were: Under the Song it will bloom, System blood, it broke, point, Grudge. 911 is also visible on the hacked page. There was also a picture which contained what looked like Arabic writing, also it is hosted on an Arabic site. The site is http://www.m5zn.com/
BTW, the full translation is:
A hya hyul A
hya Hool Hool hya Gwon Hool hya Pyob $$ln
Under the Song it will bloom, hya hyos hya $$ln hya
Hool ya... Answer hya $$ln
hya Ping Pyob it broke, point hyeyl hya Grudge hup $$ln
hya hyeyl System blood blood Gwon hya Hug Hug Dong ya hyeylhwen
hya hya hyeyl_911
al irhabi means the terrorist in Arabic, as I think I mentioned before. I confess to being mildly amused by the whole affair. XD And the link you gave leads to what looks to me like a 503 Service Unavailable message in Arabic. ;P
Hmmm! I saw the site and was one of the ones to notify Neil. I checked on the web link provided and 2 Arabic sites came up on my computer. Very Interesting! I wonder if this was the work of a script kiddie or two or something more serious. Now, I am sure Say sees why I am so careful with my information. Shoot! I have already had to deal with identity theft in the U.S.A. I am following through with the authorities here. Neil, do you know about installing support for other languages in Windows? Thanks!
I'm sure Neil knows about support for other languages in Windows; he knows everything!
Yeah, he does know a lot but not everything of course.
::) :P ;)
I MIGHT have gotten some viruses from the hacked site, so I need everyone who saw it to check their computers(unless they saw it with a Mac, of course).
I plan on doing that with AVG antivirus soon but I think I will be okay.
I have lots of protection and redundant themes in my system as well as backups.
Heck, I like beta testing too. 8)
On this end --- so far --- Spybot Search and Destroy --- checked out okay
SpywareBlaster is working fine --- nothing disabled
Have not checked with Adaware --- too many false positives in the past
Will enable and check with further programs to determine payload potential
If you want a good safe site to download freeware stuff that is unlikely to be hacked then please instant message me and I will determine your request. I would rather not have this particular site know to everyone of course --- don't want to give potential hackers more sites to try and bring down --- <grin>
Posted on: August 13, 2007, 11:32:46 PM
* --- AVG scan complete and all files scanned ---- okay on my end ----- how are other people doing
* --- Slept only a few hours since lots on my mind with work and other stuff
* --- Clicked on foreign webpage and indeed linked to foreign webpage --- strange how the scroll bar is on the left rather than right --- opening one page caused other pages to be opened --- I do not bother with blocking popups since I like to know when my computer is infected
* --- Page provided courtesy of pirateking Chris which is http://www.m5zn.com/
* --- 1 other site opened by popup and 2 other sites opened when closing the 2 sites
* === http://www.qssun.com/vb/
* === http://www.kingsof3rb.com/
* === http://www.bnorama.com/vb/
It will be interesting and thrilling to see whether these sites are linked with terriorism or whether it was just a script kiddie.
Quote from: dew7 on August 13, 2007, 06:45:29 PM
Neil, do you know about installing support for other languages in Windows? Thanks!
Yes, but since I can't read Arabic, East Asian or Oriental languages, I usually don't install those. :P
If you guys are extremely interested in translating, I'll install those once I get back and post a screenshot or something. I'm not too concerned, because it obviously has nothing to do with our site and seems more like a completely random attack.
Quote from: Boogeyman on August 13, 2007, 08:09:52 PM
I MIGHT have gotten some viruses from the hacked site, so I need everyone who saw it to check their computers(unless they saw it with a Mac, of course).
I don't believe there were any viruses in that file (since nothing popped up prompting a download or anything), but I'll examine the source in more detail once I get home.
Quote from: Yonkey on August 13, 2007, 12:30:49 PM
Quote from: Petra Rocks on August 13, 2007, 11:24:33 AM
Precise translation was rendered as
Terrorist
Prison or death
Well, that's probably the strangest kind of hack I've ever seen. I'm not sure how they connected terrorism with the TSL forum... ::) Oh well, at least the site's now secure. :)
They didn't that is just the hacker name that person uses.
No need, I seriously doubt it says anything important d I may as well not bother the folks at shia chat anymore. XD
If someone is gonna hack into the forum, they may as well do something funny rather than make it their own page which is stupid. Some people just have too much time on their hands.
I am looking forward to Neil's analysis of the corrupted page when he returns home and look forward to the official report.
Hi there
I'm new here and i registered when i saw that the forum got hacked. I'm from Egypt and i can translate what he said if you like. I can't remember what he wrote except prison or death and something about being a soldier. I don't think he meant anything about terrorism he did it for fun that's all.
Salamu aleikum mfarag. :D Most of it was reduced to jibberish, the forum is not designed to show Arabic. :P According to the person at the forum I asked on, it said Terrorist, Prison or Death. It had al.irhabi written on it several places. However, here is the image I got, if you wish to see it. :)
(http://img158.imageshack.us/img158/7844/saveqv2.png)
I have little doubt this is a prank. This is a bad spot for militant groups to recruit. :P
Hey Petra,
I was able to read it because i have the Arabic text installed but i can't read this because it's also jibberish if anyone can't send it as a text maybe it could be read.
I can't, I never saw it to begin with. :-\ Yonkey might be able to, you would have to ask him. :) You might have to wait though, it's midnight here. XD Good luck. :)
sure i'll wait but i also remembered something. In the last two lines he wrote"The police force is in the service of the community 911". this is a common expression in Egypt even on banners on every police building and that"911" was a bit strange.
The whole thing was strange indeed. This is not the place to recruit for terrorists that is for sure. ::) Anyway, the reference to 911 could somehow be terrorist related but it does appear that it could be a script kiddie.
Anyway, after the incident I got an email from majordomo@seul.org. I researched the email and the associated information about it and it could be related to someone trying to use that service to access my email account through a ListServ service. This was up there with the strangest email that I have received. I always laugh at the usual garbage about a business deal in Nigeria. The Cia scam I got from Cia.com was cute and had me puzzled for a second but the .com gave it fully away. Anyway, I reported that email and if I really did think it was from the Cia then I would go to their website and send them an email to see if they were indeed trying to contact me which would be strange since I am but an individual. Neil is busy and has told me he will analyze the page when he returns so everyone including myself will have to be patient. It is actually really exciting to me that something like this happened since the forums were getting kind of boring and now we all have something new and exciting to talk about. 8)
Anyway, in regards to security could we put in place SSL encryption for when we log in via our passwords to the forum. In addition, it would be awesome to implement Microsoft suggestions of using minimum password strength for more security to our forum. The hack has showed us that it would be useful. Fortunately, Neil has put in place the proper protocol to make sure at least this particular hack cannot happen again. Thank you Neil, Say and everyone for your support of this forum and your interest in keeping our identities secure from crazies. BTW, Say the only reason I am very careful now about keeping my identity a secret is that I already have had to deal with identity theft in the U.S.A. and let me tell you it really stinks. I wanted to use stronger language but I realize that would not be appropriate for the forum.
Dew7 (aka real first name is Daniel which refers to God being my Judge)
Ok, after a bit of character detection changes, here's what the text says in Arabic:
A تم الدّعس من قبل A
a l . i r h a b i
المدنيــ بالحبال ،الجنديــ بالرصاص ،والتهكير للعباقرهــ
سوف ادمر و لن اتوقف : السّجن او الموت
مرهبين العالم باذن الله ... جاري سحق المجرّة
الاختراق اهداء لكل من يحب الارهابيــ
السبب: مزااااج و تحدي والله تراني زمان ما شفت الكلاب تنبح
الشرطة في خدمة الشعب 911
al.irhabi@hotmail.com
All hail the Yonkinator. :D If that means anything... :P Anyhow, good show. ;D I can make out several words, (mostly wa (and), and Allah (you all know what that means) :P I really can't tell what it means though. :-\
A previously been Aldas A
A l. I r h a b i
Civil ropes, a soldier shot and Althkir of genius
Admr and will not stop : prison or death
Terrorizing the world, God ... Ongoing galactic smash
Hack autographed each loves terrorist
Reason : Mzaaaaj and challenge me and God long ago saw dogs may bark
The police serve the people 911
I think it was the work of a kiddie scripter (or an immature adult, with nothing better to do than hack random sites and watch Youtube all day in his Mom's basement.) judging from the dialogue.
Yeah. Sounds like a completely random attack.
I know this is probably going to sound weird and all, but one good thing did come out of this: In my few months of being a TSL forum member I can't ever remeber a thread being this active with chatter, I mean 2 rows of posts withing 2 days. :o I'm not saying that we should be hacked again, :( but it would be really cool to see other threads this chatty. ;D
Ah, I have been logged in now. I had login issues earlier. Perhaps it had to do with Neil's security protocol. Anyway, it does indeed sound like a random attack and even if the attack had some remote connections with terrorism --- it is not like classified secrets are talked about here
LOL
lol this site got wtfpwnedbbqhax!
:P
Will this KEY do --- LOL --- I Kill myself in an Alf sense on days like this
Ey4wGrozKuKc1oBviTV09aQvsNcuLqHfFM8hnTng39mfETqLr36XGvVQvpvd
:suffer: :suffer: :suffer: