Opaque, Biskie's Site Keeps Getting Hacked! And I know exactly who did it.

It's never anything I can't repair with a simple rebuild of my homepage, but it's annoying. First, it was a guy named Cecen and I PMed you about him. Now, it's http://www.spyhackerz.com/ - they're apparently having hacking tournaments? For the rest of you guys, is there anything I can personally do to stop these attacks from happening? It's annoying to know that while I'm away, people are utilizing free reign over my site for FUN. I put work into this; it isn't fair that they should try to destroy that. These guys are apparently Turkish hackers, and this is probably the third time total I've been hacked in the past month period. Last time, I made a long article about it: http://forums.xisto.com/no_longer_exists/

You know, legal action would be nice. I think I can have their domain shut down or something, but that might provoke a full scale assault, I don't know. I'm vehemently against these guys.

Any tips would be appreciated! I'm on the verge of absolutely pounding these guys. Mentally.

Which version of Wordpress have you been using? Or any other blog scripts?Just to cover all bases, are you free from any spyware within your computer?Some web scripts have huge security wholes and I believe this is one of key methods these "hackers" are exploiting. It's not hardly any hacking...it's just knowing how to inject "cheat" codes to gain access to edit your files. Otherwise they could have deleted all your sub-domain (if you have any) and modified your password etc. But since it's only a deface of your page(s) it is most likely a security exploit.Let me know which web scripts you have been using and let's see if we can beef it up a bit.

First of all, after your site is hacked once, unless you use an older backup of the site before it was hacked, you are an easier target to hack again since many times they leave themselves a back door back into your site. To prevent them from hacking, you need to get rid of all traces that you use a system like phpnuke or wordpress since the security issues are publicly known and any hacker can get the source and find ways to exploit it. The best way to do this is just to write your own code because no hacker can see it then. If you cant write all your own code either utilize this forum or search google for security issue "name of prewritten code here" and there should be numerous postings on how to fix those holes. Good luck.

that sucks alot! but the advice given is good,m i asumme you already keep good backups as you reversed the damamge, just make sure you keep on top of backups and do them every day for now to make sure. You should check all your access logs in the cpanel to get the IP's if possible and then block those IP's in the cpanel, and if you really wanted you could ask for help on creating some sort of report, like a whois lookup and other traces on the offending IP's and then send this to their ISP's if you can find that out so they can get disconected from the net and then maybe the ISP will so a fllow up of legal action and keep you in the clear. to find their IP address try and work out exactly when the last attack was and what pages were used during that attack and then look at the raw access logs for that time and for those pages you belive were edited or used and you should find their IP address.

Legal action can be dicey. For starters, even though they had a US registered domain. If the site is hosted outside of the United States or the EU, good luck on enforcement. Although most of these people are really idiots, like most criminals, the smart ones will have an array of shell and dummy corps to protect themselves. That being said, if you can get at the legally, it is the best way to do it because you can go after their money supply. Of course this also comes from someone in Law School who's area of interest is internet and international law..l.

Are you sure they were those script kiddies from that site?Did they defaced your Xisto.com website?If so, maybe someone will deface their website very soon, no one defaces the Xisto websites without suffering consequences!

i know what these hackers do as i happen to know one who has talked to me in the past (netural of course).They will never actually properly hack the system they will just deface a page but it can get annoying so remember to back up your files every day change the passwords frequently, also back up the Database. maby change your domain.

Thanks for all the advice! I use Movable Type, which I figured was fairly safe. HOWEVER, I didn't clarify - they're simply editing the shell of the home page - index.php - and filling it in with their own crappy code. So when I rebuild, it changes it to the saved version I have through Movable Type. Because they can't access the backend, they can't change the original code, but I'm worried they'll learn how. I virus check once a week, and check spyware and adware a little more often than that. Even if it was something on my computer, I don't save any of my files on my computer. I edit them all through the FTP. I don't think it's a server vulnerability, so there's probably no reason to get alarmed, but I'd like to be able to beef up what I do have going. Thank you guys again, let's fix this together and kick some butt!<3 Biskie

Just remember to have a backup on your computer as well do that on a daily basis just in case they do tap into the backend of your files.I also suggest you start ip banning through your site which i doubt it won't do much but it will make it a little better.Also look into htaccess security as well it could help out as well depending how good they are. From what I read the guy is a script kiddy. Also look into securing your files as well making them hard to locate.Although I could name a site to help you, I doubt it won't be much since it is a very public site.

I always have a backup of the layout on my computer, updated every week or so. The databases, however, are going to a *BLEEP* to retain if anything happens. If you can't give me the URL, can you give me any tips to secure my site? I'd hate to put the love into my site that I do and still know there was a gaping hole somewhere.

MERGINGI installed an MT security patch, but I guess I'm going to have to wait and see if it actually works. It's kinda funny, waiting for something bad to happen so you can see if whatever you're doing is actually helping.