Anyone Have Info On "spyhackerz.com"? failed hacking attempt at my site by these guys

[shadowx 0]

Hi all


I just checked my site, hosted here at Xisto.com, and my guestbook was full of html code, when i checked the file used to store the content of the guestbook i notice the HTML was as follows

<html>
<head>
<meta http-equiv="Content-Language" content="tr">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<title>Hacked By Spyhackerz.com</title>
</head>

<body bgcolor="#000000">

<p align="center"><a href="http://www.spyhackerz.com/;
<img border="0" src="http://forums.xisto.com/no_longer_exists/; width="503" height="387"></a></p>
<p align="center"><font face="Verdana"><b><font color="#FFFFFF">
<a href="http://www.spyhackerz.com/ color="#FFFF00">http://www.spyhackerz.com/ color="#FFFF00">
</font></b></font></p>
<p align="center"> <EMBED
src=http://forums.xisto.com/no_longer_exists/
width=20 height=15 autostart="true" loop="true"></p>
<p align="center"> </p>

</body>

</html>

So im just wondering if anyone has any info on these people. I recommend not going on the website incase they trace your IP etc....I haven't visited yet either, i might use Google to check them out but was hoping someone might know something? Thankfully it failed as scripts wont work in my guestbook but id like to know who they are. It seems nothing else has been affected but ill keep checking things. Any info would be great

[krap 0]

the website is like this

spyhackerz.com

This domain may be for sale by its owner!


For technology try these sponsored results

boring

[shadowx 0]

the website is like thisboring

strange...im not too worried as nothing else seems to have been damaged, just wanted to know which script kiddie had a pop at my site! I notice a lot of other people have been hit by these guys too which is irritating. Why wont they put their knowledge to good use.

[jlhaslip 4]

Yes, some script kiddies have been causing some grief around the 'net.They appear to only be defacing index pages, so take a backup of your site, change passwords for your ftp and cpanel access, etc as pro-active security measures.Several other sites have been affected, none seriously, though. And it is way beyond this Domain. They are pretty busy little individuals.

[Albus Dumbledore 0]

yeah, they hit mine :(But they seem to be only targeting Xisto accounts from what ive heard/seen so yeah.........they also hit a friend of mines... lovely eh?anywho, they only got something on mine that anyone in the world could have done.. it is one of those scripts that are in the ACP of IPB for admin updates.... and i had a friend write this script because i wanted one like it, and they decided to paste their HTML for that page into the box and clicked save no real damage to my site, nor my friends...lmao

[Saint_Michael 3]

They also seem to know the scripts as well, or they can get to the directory somehow. The site is German but they seems to use a Turkish IP as once of it's back ups IP's.

[shadowx 0]

Script kiddies is right then methinks! I was searching the net and it also said there was a vulnerability in SMF forums so if you use one of those best to update it if possible, not sure how credible it is but its a precaution at least. They could be trying to make people distrust Xisto and xisto network websites for some hidden agenda or just "fun" i guess. But the problem doesn't lie here on the servers its just vulnerable code, i might google for vulnerabilities in SMF forums and see what comes up. I didnt know it was mainly localized to Xisto though, interestingEDIT searched for SMF vulns and i cant find hardly anything, all the ones i did find were related to version 1 of the forums. Plus i wasn't using SMF so methinks SMF is safe

Edited October 28, 2006 by shadowx (see edit history)

[truefusion 3]

They tried to deface a site i have hosted on my account. But they failed to make it publicly viewable. The index.php page had more priority than the index.htm page they managed to make. Though, i found it funny when i saw that index.htm file. That's all i've seen them do, really, though.But yeah, SMF 1.0.8(+) is safe.

[Saint_Michael 3]

Just a small hint any web pages that don't have like a guest book or a comment section put it to 666 or 775 this will prevent people from changing the code and also it would be good to password protect you files though the use of either a htaccess file or the password protection that comes with the cpanel.

[shadowx 0]

Ah chmod'ing one thing i haven't done. Ill have to check that, thanks. They arent really good at 'hacking' this lot Just an annoyance!

[MusicOnly 0]

But yeah, SMF 1.0.8(+) is safe.

what do you mean by this?

[Dooga 0]

Apparently, these people just take advantage of script exploits, and don't really know any of your passwords or anything like that, so you have nothing to worry about. Just strengthen the security of your site!

And also, all these "hacked" websites are on http://www.zone-h.org/ and the hackers themselves submit hacked websites there, so you can check that often to make sure your site isn't on there.

What I would do is get another guestbook!

[serverph 0]

just to clear little bits of info, as written about in previous messages, the attacks made by spyhackerz.com is not concentrated on Xisto member sites. although there have been attempts and subsequent success in defacing member sites here, it is not limited to ours. here is an extensive listing of digital attacks the group has accomplished to date, on varied sites:

http://forums.xisto.com/no_longer_exists/

 

affected sites on Xisto subdomains are filtered here (though the earlier ones are not by spyhackerz.com per se, only the most recent ones which thankfully ceased on 10/10/06 [let's keep our fingers crossed that those will be the last]):

http://forums.xisto.com/no_longer_exists/

 

naturally what are listed attacked above are just those under Xisto.com, as that's what the search filter is defined to search. you may want to try your own domain name to find out if any of your pages have been defaced (if you haven't discovered it by now), by replacing Xisto.com with your own domain name in the search above.

[truefusion 3]

But yeah, SMF 1.0.8(+) is safe.

what do you mean by this?

I mean that Simple Machines Forum (SMF) 1.0.8, and maybe above, is safe enough to use; without the spyhackerz group successfully messing around. I have SMF 1.0.8 installed in my hosting, in the same directory that was engaged by a "spyhacker".

[Absolute 0]

Yes, some script kiddies have been causing some grief around the 'net.They appear to only be defacing index pages, so take a backup of your site, change passwords for your ftp and cpanel access, etc as pro-active security measures.
Several other sites have been affected, none seriously, though. And it is way beyond this Domain. They are pretty busy little individuals.

Heres something that you should consider. Try reporting them to Xisto and if it continues then press charges against the group. Trust me it works. You will have to take the time to go to the police station and file a report but it just depends on how much time you want to spend on the issue. If it really is a bother then take the time. Trust me i've seen it happen myself where a group of people on a game and decided to hack my clans and some others websites and then brag about it on their own. Unfortunately for them im an *bottom* and i got everyone together that was affected and filed a complaint with the police and they were arrested for it and now its on their permanent record. They had to pay for damages to everyones website and pay the hosts for time spent correcting the problem and had to do community service and were banned from any computer for six months. You just have to take the time. It may seem funny to them but it is a crime and if the people that did it to my groups site do it again they will have to spend time in jail. Now thats funny to me.