Honesty Rocks! truth rules.

Antilost pwned

HOME      >>       Staff Room


this has been discussed in the shoutbox yesterday. antilost.com has been hacked apparently. and the culprit? SPYHACKERZ.com.


similar reports on attacks of this group on sites hosted on Xisto can be found here.


any news on this group? there is a somewhat similar group, which has attacked my old phpbb forum. thankfully, it is not an active forum anymore, but they pwned it anyway. even the admin control panel is affected. i say it's somewhat similar, since it's also a forum like antilost's community, with a redirection taking into effect when the index is accessed.


any staffers here know any developments on counteracting attacks as these, especially from the spyhackerz.com group which is taking a grand time online? (see google results... antilost is coming up HIGH up there, just below the spyhackerz.com main site.


As I understand it Antilost was running IPB forum. Which version was it?And it seems like these guys are not only defacing Xisto related accounts but world wide. So the question is how do we combat this? Is sending a complaint to server provider do any good?OpaQue is aware of this defacing issues. But I have not heard of any solution as of yet.


These random groups who like to hack.... suck. Seriously.??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????Whois their name, and get a lawyer to start suing their "*bottom*" lol... seriously...??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????btw.. testing... assasin...??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????woah it doesn't censor it??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Notice from BH:
Yes... :) because I was smart about censoring not just any word.


I think the best thing we can do at this point is to alert there provider. Well, normaly if they're hacking like such, they're going to be there own provider. That might not help. Would calling some high police athourity help?As for protecting Xisto from this;PASSWORDS!We need to make it MANDATORY for members to include symbols, numbers, letters, punctionation, aliens, whatever it takes, to make there password more difficult. Passwords are simply to easy and need to be made harder.I know it's possible to make it so you must have numbers and symbols in your password, as many places do it.


i don't suppose it's something to do with passwords, the way they get away pwning other sites.

i did a little search:

Attacked by Spyhackerz.com: 677 of which 205 are single IP and 472 mass defacements

that's a lot of passwords they cracked, up to this date, if that is the case.

a search on Xisto.com "affected" sites:

there's a recent spate of attacks on Xisto.com subdomains, not including those which use a separate subdomain like me (uni.cc), and top-level domains (which i can't search one by one to check). i think the most recent attacks are perpetrated by spyhackerz.com, while the earlier ones are done by other groups, but with perhaps the same methodologies.

a special mention to saint-michael, if you're reading this, you're on the list above.

maybe it has something to do with php, or mysql injections of sorts, as what stmike has been trying to confirm in the shoutbox before. but there is no definite resource i can find online which can help us on this. :) been trying different keywords relative to spyhackerz on google, and there is not much to resolve this from my search.


I doubt they cracked any passwords, since if they did, the whole site would be changed. Apparently, I got pwned too lol

http://forums.xisto.com/no_longer_exists/ (actually I added some htaccess to slightly decrease the chances)

I'm leaving that there mainly because it's funny lol
I don't really care about my site anymore, so hack all you want :)

Never use popular scripts on your website, and never give the script names out. It's usually some kind of exploit they're taking advantage of.

And I highly doubt that they would take so much time to hack such a crappy website. It's probably an automated script.

As a scare tactic, I made up some BS (some of it is true) on my home page.... lol

Tips: Your cpanel lets you have 128 characters in your password. Use at least 20 of them. Example password

qQqQ,]172301this is an additional protection. Putting sentences that you can remember is helpful in your passwords, since it's allowed, and I doubt anyone can crack it.qQqQq


lol their domain is up for sale for 100$..... shameless bunchI doubt anyone will buy it.... their pagerank is 0, their unique visitors are less than mine, and their site is currently being targeted by many angry webmasters...I hate those sites that add lots of line breaks though... you know those who spam and get good Google ranks by doing so...