website defaced by ange78 - screencapture
Loading...
Link to this comment:
Uploader Comments (pabbananna)
All Comments (14)
-
I know how it feels. I created a website which took me like 3 weeks to make. I had loads of Flash games and videos and pics. I finally finished at about 2am and called my mate to tell him. He said, did you put security on it? I said no. I dont need it. He said that I should. I went to bed all happy, then when I went on my website the next day, It was Hacked and Defaced.
-
thanks! like this? blog.ericlamb.net/2010/02/the-
horrors-of-c99-php/ but how do i prevent it in the future?
-
Lol I was a complete noob back when I commented on this video >.>
That guy just SQL Injected your website and uploaded a C99 script.
-
@CaseClosedEpisodes is this possible because of an FTP permission or read/write permission that was left open? You cant upload without having access to ftp and there is an anonymous account enabled by default with hostgator - i thought that might be the problem.
Thanks for solving the mystery!
-
Yes. Most large hosts, like InMotion, HostMonster and HostGator all have redundant backups in case there's a problem. My host restored everything from their nightly backups.
I use Drupal on 4 of my sites, and PrestaShop on my eCommerce site. I absolutely LOVE Drupal. All CMS's have their security weaknesses, but Drupal really is one of the most secure CMS's available. WP si by far the most popular, but Drupal is on the top of the list too. Check it out. Theres learning curve, but not bad at all
3:18[Tutorial] Deface websiteby Akramses1,056 views
- 1:05How to Deface a Website Fastby pr0xzy31,154 views
- 3:21Website defaced by Anonymous | Von Anonymous Ha...by GamerCNDG8,010 views
- 6:16Website Hacking by LFI - Local File Inclusionby daliborvlaho251,440 views
- 8:55Roasting Coffee Beans in a Popcorn Popper - hom...by pabbananna1,195 views
- 1:58calcium deficiency in pepper plants - habanero ...by pabbananna3,445 views
- 5:33WordPress Admin pass hack via shell sql managerby LiquidSecurityNet12,377 views
- 2:19Bear Canister Review & How to use the Bearvault...by pabbananna576 views
- 13:12How to Manually SQL Injectby PhiberOptics3,002 views
- 7:15Wordpress under SQL Injection Attack!by 7Safe4,189 views
- 14:12How to Upload a Shell and deface a websiteby HackerExpert116,700 views
- 5:14Wordpress - Pentestingby commonexploits479 views
- 3:16How To Deface Website(Webdev) By VaShazwanPHC.by shazwan8563 views
- 1:02XCode SQL Injection Scannerby ferdianelli3,674 views
- 3:01WordPress WebShell Upload by darkfuneralby darkfuneral893,180 views
- 4:28how to shutdown a websiteby layinhacker25,951 views
- 2:12Best Hacks Everby chasevd15,019 views
- 7:39Wordpress under SQL Injection Attack!by 7Safe1,947 views
- 10:33Word Press Blog SQL Injection on DVL.movby manishthorani296 views
My host also told me that WP is VERY vulnerable. You may also wanna look into a different host. I use InMotion and they're awesome! When this happened to me, I called, they told me exactly where he got in (WP) and in less than 2 or 3 minutes, the original site was restored. Luckily I had recent backups as well... but they did it all for me. Good luck!
theparanormalsociety 2 years ago
Yes, I agree. But does the host have much to do with it? I use hostgator and their service is excellent.
RE: backups: WP backups arent straigforward at all. I guess the only real option is to FTP the whole darned site but on my connection that takes a loooong time.
Because of these issues I am no longer recommending wordpress to anyone. Time to learn drupal - and its security weaknesses! I wonder if it is more secure or if it just isnt hacked because it isnt as widespread?
pabbananna 1 year ago
The main problem is using WordPress. There are a lot of security holes in WP, and once a patch is created and applied, another hole is exploited. Don't really know what the deal is with WP, but the majority of sites hacked by this loser are WP sites. Move to Drupal or Silver Stripe and you should be fine. Just delete ALL references to WP in your server.
That's my opinion.
theparanormalsociety 2 years ago
I agree. My friends business WP site just got hacked too. In their case javascript was injected into the header.php file causing a redirect. Unless you are going to update wordpress constantly along with all the plugins - and deal with update related conflicts/compatibility, it just isnt worth the risk.
pabbananna 1 year ago