A Sassy thank you Boys Night Out - Wordless Wednesday

Wednesday, October 8th, 2008 · 13 Comments

An unexpected hack job

My mother called me one day and said “Hey, I can’t see your website (thewisemommy.com) and why do you have a big Turkish Flag waving around with a revolutionary song playing?”

Don’t worry - if you click on the link you won’t see the lovely damned Turkish Flag.

“Huh?” I quickly opened my lappy and typed in my web address and sure enough - Turkish flag waving, anthem playing, and a message YOU’VE BEEN HACKED BY CyberRoot. At that moment my heart sank.

Bastards. As if people don’t have anything better to do with their lives.

Anyway, after I stopped hyperventilating, I decided to diagnose my problem through Doctor Google. After typing in my search I found thousands of websites that were hacked in the same way mine was, but no solutions. So, I kept digging. It seemed that these sites all had one thing in common - they were all linked to and/or hosted a forum.

Okayyyyy… hmmm… let’s check the forums… Surprisingly, I was actually able to view and log into my forum and noticed that someone had registered themselves as an administrator on my forum!!!!!!! My blood was boiling now.

DELETE, DELETE, DELETE - but not before sending a colorfully worded message to the criminal.

At this time I thought everything was solved or at least on it’s way to being restored properly. I checked thewisemommy.com - nope, damn Turkish flag still there, and it continued to remain there for days while I tried in vain to find the hack and fix it…

After snooping around for two days, I found the hack!!! It was located in an obscure file in my forums root directory - “english.jsp”. I deleted the hack and was left with a blank file - ok, that’s not going to work. I don’t know what an english.jsp is supposed to look like normally! Again, Doctor Google to the rescue and my file was restored to normal, sans hack! I started doing the happy dance in my dining room, singing “HA! BUSTED! I owned you! HA!!!!”

Um yeah, that lasted all of two minutes until I tried loading my site (thinking all was well and good) and heard the dreaded music starting with the big, fat, red flag flying in my face.

&@*#^$)@^$)*&@@(&#)!*#^ <— insert appropriate expletive here.

There still had to be another hack causing all this havoc on my site. So, my search continued. Another two days of painstaking perusal of ever single 1000+ files in my root directory… and there it was, another hack in my index.php file.

I removed the hack, replaced it with the appropriate code and finally it worked! No more Turkish flag!

However, the music was still playing, but not on my laptop. I couldn’t believe I was hearing that music again. I looked up and saw my husband sitting there trying to stifle his laughter. I run over, panicked, and look at his laptop and he had downloaded the Turkish national anthem mp3 - just to torture me! The man definitely has a sick sense of humor.

Finally, I am free of the hack. However, my forums are now deleted and I am no longer letting people register on my website, until I find a way to fix the loophole. So, word of warning, if anyone here has a forum associated with their blog, just be very careful - screen every new registrant and don’t let them do to you what they did to me.

 

13 responses so far ↓

  • 1 rachel // Oct 8, 2008 at 4:02 pm

    You’re my hero for figuring that out all by yourself. You rock woman.
    Damn hackers. Some people just suck.

    Glad you got it figured out.

    rachel’s last blog post..Firecracker, Firecracker, Boom Boom Boom

  • 2 Maggie's Mind // Oct 8, 2008 at 4:26 pm

    Oh my gosh! I would have been freaked out and so very mad. Glad you got it resolved. And that you have a man with sense of humor. Hope you find a way to get back at him, though, too! :)
    Maggie’s Mind’s last blog post..Weekly Winners Sunday 10/5/08

  • 3 Miss // Oct 8, 2008 at 4:30 pm

    dooood that sucks. Glad you got it fixed!

    Miss’s last blog post..Please! Don’t act like you didn’t know?

  • 4 MomBabe // Oct 8, 2008 at 5:06 pm

    Wow. I would’ve cried big tears and had to pay someone to fix it. Good job!

  • 5 Write From Karen // Oct 8, 2008 at 5:18 pm

    It’s so SATISFYING when you thwart hackers, isn’t it?? Good for you for figuring it out!

    Would you mind telling us what forum program you were running? I’m currently running Simple Machines and if that was the program that was hacked …

    Write From Karen’s last blog post..Revealing 25 (More) Things About Me

  • 6 mamawise // Oct 8, 2008 at 5:46 pm

    It was Simple Machines Forums unfortunately. Apparently there is a loophole where pretty much anyone that registers can give themselves administrative privledges.

  • 7 Kim // Oct 8, 2008 at 11:40 pm

    It amazes me that people have nothing better to do with their time.. so happy you saved the day.. :)
    Kim’s last blog post..Hi, My name is Kim. I am NOT Perfect.

  • 8 dysfunctional mom // Oct 9, 2008 at 2:47 am

    I don’t get people who live just to screw with people. I’m glad you fixed it!

    dysfunctional mom’s last blog post..If You Give a Kid a Camera…

  • 9 Tom Raef // Oct 9, 2008 at 7:24 am

    Defacement of websites is considered lame in the world where these people live. Obviously I’m glad that’s all they did to your site, but you may want to consider looking at security a little closer.

    I’m not defending what these people do - I don’t. I fight them everyday.

    I’m not looking to get into a flame war here, but I know that most website owners look at providing valuable content, SE rankings, etc. but spend very little time, effort or money on security.

    If this perpetrator would have decided to modify your website instead with some little line of redirect javascript obfuscated to make it unreadable to many, your site may have earned the “This site may harm your computer” from Google, been blocked by Yahoo/McAfee and ended up on many corporate/ISP blacklists for being a distribution point for malware.

    Luckily that didn’t happen - this time. Do you watch that to make sure that all of your website software is always updated? Every application on your site needs to be monitored and updated constantly. Otherwise people like this can use your traffic to make tons of money. They do it all the time.

    Cybercriminals also like to use websites to infect visitors - all without detection.

    If you ever need help (no charge) finding the holes in your site, please do not hesitate contacting me.

    Just an FYI…

  • 10 Domestic Extraordinaire // Oct 9, 2008 at 3:28 pm

    Dude, your husband is indeed evil. Sounds like something mine would do to me if I was having issues like that. Hopefully you get everything resolved soon.

    Domestic Extraordinaire’s last blog post..Car Seats, Shoes and blankets…..Oh my!

  • 11 Tara R. // Oct 10, 2008 at 12:02 am

    Wow! I would not have known what to do. That’s really scary.

    Tara R.’s last blog post..Flutterbyes

  • 12 sascha // Oct 12, 2008 at 2:13 pm

    thanks for the support on my blog, i really appreciate it. if you know anyone else trying to lose weight, feel free to point them to my blog.
    have a good one.

    sascha’s last blog post..Day 40

  • 13 traci // Oct 18, 2008 at 9:40 pm

    Nothing feels better than doing your own debugging!!! Congrats to you!!

    traci’s last blog post..Friday Confessional

Leave a Comment