xoops forums

Serap

Just popping in
Posted on: 2008/6/9 18:20
Serap
Serap (Show more)
Just popping in
Posts: 28
Since: 2007/9/4 2
#1

My website has been hacked and I believe a mod from here did it

I don't know what to say except that I'm so sorry... I run a cancer support website. All the e-mail address has been ripped and apprx 15000 spam e-mail has been sent from my website, server company locked down my webspace, they just gave me an access today and all the patients went crazy, for some people this is the only place that they can talk...

I really don't understand the mentality of these people... I have strong guess abt the person who did it and I believe he's a moderator here

Anonymous

Posted on: 2008/6/9 19:03
Anonymous
Anonymous (Show more)
Posts: 0
Since:
#2

Re: My website has been hacked and I believe a mod from here did it

Quote:
Serap wrote:

I have strong guess abt the person who did it and I believe he's a moderator here


I assume you're refering to me?

That's a pretty strong accusation to be making in public and I will be very upset if you're referring to me after I spent hours trying to help you a few evenings ago.

For the record and so everyone knows, I did see the details contained in your mainfile.php (db username, db password, etc) when we were trying to install protector on your site so yeah, I suppose I could have hacked your site.

However:
1. I don't know where your site is hosted
2. I don't know the hosting account username and password nor the FTP username
3. I'm not interested in hacking anyone's website and condemn those who do
4. I'm not clever enough to do what you describe, neither do I have the tools
5. I deleted your emails the same day that we were chatting; I no longer have your mainfile.php information

You've seen my website. Compare the contents of it and the nature of the organisation that I run it for. Is it in anyway comparable with the content of the spam emails?

Rather than make wild accousations, ask your ISP for the server access logs for week in which your site was hacked. Look for the IP address from where the hacking took place; look for someone uploading a file of some sort.

I'm on a fixed IP address: 78.151.193.176 - any of the admins on here can check my recent posts (like this one) and confirm this. Search your access logs for this IP address - you won't find it because I haven't visited your site except, perhaps on the day that we were trying to install protector because I was interested.

My IP address will have changed about a week ago when I rebooted my wireless router. However, if you put my IP address into ip-adress.com you'll see that it's based in Dudley, UK.

I'm really disappointed if your post was aimed at me. All I've ever done on here is try to help people.

I'm out of here. Goodbye.

Anonymous

Posted on: 2008/6/9 19:19
Anonymous
Anonymous (Show more)
Posts: 0
Since:
#3

Re: My website has been hacked and I believe a mod from here did it

Serap,

I've offered my resignation as a Moderator here on x.o as a result of your accusation. I can't keep my position here if there are doubts as to my integrity.

Ask the admins and everyone else on here to help you get to the bottom of what happened to your site. Like I said, start with your site's access logs.

I can't believe that anyone on here would think me capable of hacking another xoopsers site; it's deeply disappointing after all the time I've spent on here helping folks.

That's it for me on here.

jobrazo

Just popping in
Posted on: 2008/6/9 19:36
jobrazo
jobrazo (Show more)
Just popping in
Posts: 46
Since: 2007/9/26
#4

Re: My website has been hacked and I believe a mod from here did it

Here we go again
Everything was going well and now it starts again.
Can't we have a team to deal with does things?
So they can be looked at before accusations are trown into the forums.
True or not everybody deserves a trial before getting shot.

Serap

Just popping in
Posted on: 2008/6/9 20:04
Serap
Serap (Show more)
Just popping in
Posts: 28
Since: 2007/9/4 2
#5

Re: My website has been hacked and I believe a mod from here did it

I did not give names. Of course everyone has to have a chance to defend themselves...

trabis

Core Developer
Posted on: 2008/6/9 20:17
trabis
trabis (Show more)
Core Developer
Posts: 2268
Since: 2006/9/1 1
#6

Re: My website has been hacked and I believe a mod from here did it

Quote:

Serap wrote:
I did not give names. Of course everyone has to have a chance to defend themselves...


If you have something to say just say it. This only demonstrate how unsure you are and being so, you should have not started this thread.

I would like now to ear an apologise to the moderators of this site or a real acusation.
Wouldn't we all?

Serap

Just popping in
Posted on: 2008/6/9 20:22
Serap
Serap (Show more)
Just popping in
Posts: 28
Since: 2007/9/4 2
#7

Re: My website has been hacked and I believe a mod from here did it

I'm not 100% sure. As I said in the subject line and in my message I guessed it was somebody from here and as JAVesey wrote he has all the information since I sent him my mainfile.php with all the information in it by mistake... You make up your mind. I do not lie, this thing happened and you have all the facts. I'm not saying he did it, but I am giving you the facts.

Anonymous

Posted on: 2008/6/9 20:27
Anonymous
Anonymous (Show more)
Posts: 0
Since:
#8

Re: My website has been hacked and I believe a mod from here did it

I've sent the following to Serap following a PM from him:

"Hi,

Rather than post as you have, you should have asked for help/advice in tracking down the source.

Please do as I ask and get the access logs for your server and look for someone uploading a file. You have my IP address, compare the two.

Have you found the file that was used to propagate the emails? If not, look in the /uploads folder.

Please, in the thread that you have started, post a list of the modules/versions that you use; most hackings take place via a vulnerable older module and others on the Forums will point out if one of them is suspect.

Ask yourself one question:
Why would I have spent hours trying to help you install Protector if I wanted to hack your site?

You're also deeply misunderstanding my ability to do the things you're accusing me of."

I'm not asking for folks on here to defend me - I can do that for myself. Rather, I'd prefer it if the good folks here on x.o would help Serap sort his site out and secure it a bit better. I'd prefer not to be involved for obvious reasons.

Like I said, I've offered my resignation as Forums Moderator. It seems like the right thing to do until my name is cleared.

McDonald

Home away from home
Posted on: 2008/6/9 20:43
McDonald
McDonald (Show more)
Home away from home
Posts: 1072
Since: 2005/8/15
#9

Re: My website has been hacked and I believe a mod from here did it

@Serap,

The chance that your website has been hacked by a XOOPS.org moderator is 0!

The chance that one of your modules contains vulnerabilities (and I guess it's eXtCal) is 100%!
You should upgrade to eXtCal 2.0.17 or higher.

Also other options are open to make it possible to hack your site.
Their's a group of turkish hackers who might have done this by the way. They are pretty active with hacking attempts.


@JAVesey,

Go back in your chair!

seolio

Not too shy to talk
Posted on: 2008/6/9 20:49
seolio
seolio (Show more)
Not too shy to talk
Posts: 196
Since: 2005/11/2
#10

Re: My website has been hacked and I believe a mod from here did it

Why accuse someone on here? Hackers are very smart people, I really do not think if Javesy was a hacker he would have seen your mainfile as an easy ride, therefore would have known it is too obvious to you that it was him.

I think it would have been a co-incidance and Javesy did not do it, he has helped me out before and is very helpful to everyone as far as I know, I don't think he is the hacking type!!!!

I also think if you are going to run such an important community you should be very careful about what you send to people and think twice before doing anything, I have learnt to do that from previous mistakes, then you will have no doubts about anyone who has blatantly done you a favour.

I think you need to think before you accuse people, just my opinion of course.