Hacked By MDHr : MaD Hacker - MDHr BEATS YOU ALL

[darkcurves]

http://www.keretapi.com/guestbook/index.php

WTF? This idiot hacked one of sites.

 

[Nick]

Some 13 year old kid thinks he's ------.

 

[trenzterra]

Pretending to be elitist.

 

[Ignite]

They seem to enjoy hacking WebWiz Forums & guest books..

 

[Decker]

And left the link to his site in the source

http://madoz.jeeran.com/hack.gif

twit

 

[Corazu]

Someone want to report him to his host ? Sure, it's practically harmless. But I'd like to ssee this idiot get busted ^^

Regards,

 

[Robert]

I've already sent a letter to the upstream provider located in the U.S. Asked them if they wonder if the FBI would be interested in knowing that one of the clients that is hosted within their network performs illegal activities.

 

[Decker]

One of those - 'We don't care' and it's not in our terms and conditions places.

I spend a load of time reporting attempts to hack into servers and get nothing back or really lame 'thank you' responses.

I recon that anyone who hosts should ban the IP

 

[Techrad]

What a SFI.

 

[Decker]

SFI - where are you seeing that SFI Techrad

 

[stabme]

LOL. that's not a hack. not even close. it's called.. your guestbook script is a pos that allows html in it

 

[trenzterra]

LOL. that's not a hack. not even close. it's called.. your guestbook script is a pos that allows html in it

In that case, one poor bloke is getting reported for performing illegal activities when what he did was to post HTML.

 

[jmiller]

The kid exploited a well-known hole in a script, what's the big deal ?

Happens all the time.

Just check OSVDB for vulnerabilities, then Google for instances of the script -- I guarantee you will find the same thing.

 

[Decker]

Who know's what they'll try next though, if they get away with it it can become clumsy and damaging. Even if it's just having their connection pulled it shows them they've been caught.

 

[darkcurves]

The kid exploited a well-known hole in a script, what's the big deal ?

Happens all the time.

Just check OSVDB for vulnerabilities, then Google for instances of the script -- I guarantee you will find the same thing.

That's doesn't mean everything will be ok.

Btw, does anyone know how to remove that. I think that shit is in my MYSQL database. Please, somebody.........

 

[Decker]

Check the source of the page for his stuff and search your db for it, I doubt it'll be hard to find as it's a pretty amature attempt, if you really hit a prob finding it mail me an sql dump and I'll see if I can find it

 

[darkcurves]

Thanks man, i will PM you.

 

[stabme]

In that case, one poor bloke is getting reported for performing illegal activities when what he did was to post HTML.

it's not hacking. hacking is illegal access to a machine. (actually, that's cracking; hacking are programming shortcuts).

all he did was exploit a bad-written script that allowed html... that's not hacking, as he didnt intrude or abuse a machine. all it is is showing off, and also it is other people's stupidity.

it doesnt actually break something. it's not even as severe as other xss things, just a simple html code that doesn't affect anything or pose any security risks or alter any hard coding or data.

 

[Decker]

What he did was 'deface' a site, we know everyone normally get's the terms the wrong way round and that's not the real problem. It can more clearly be referred to as 'malicious damage' which is an ilegal activity. So showing off or not as you can see it's caused the site owner problems invloving clean up work which at least would normally allow a civil case to reclaim expenses for that and a punative amount for other reasons.

There's no reason to try and justify this type of thing, it should be actively discouraged, lets face it at least half of the costs of any webhosting resource is due to costs involved in protecting infrastructure & systems - if it stopped they wouldn't be necessary. In my book a good reason to discourage it and report any offenders.

 

[FTWebD]

I googled to find information on this "attack" after a client of mine had his website defaced via this "attack". We've reported all the information we have gathered and sent a report to the FBI. Regardless of whether it is "hacking", which it could be becuase you are still changing and editing data on a remote machine without permissions.

Anyways, just floating around the Internet.

Nick