Home » Hacking » I got hacked

by comment

Well, not this sites server, which has never been hacked (not because it's running a secured OpenBSD stack but because it's a small target and why hack a hacker), but a server hosted with hostgator. I've used hostgator for about 8 years now as they are very cheap pricing for very large disk space, not the best bandwidth but good cpanel-free linux hosting. I highly recommend them for sites where processing speed isn't as important (which it is on WordPress sites) and where large disk space and long-term stability is important. Aside: I will never ever ever recommend using cpanel.

Got P0wned

hackedThe interesting thing is the one who achieved access via some clever php exploitation of some outdated php scripts I had left up was someone who values knowledge and hacking for the hack value over childish vandalism of technology. I'm not denigrating political hacktivism, I'm all for that, just saying this wasn't an exploit malware farm bot but an actual humanoid.

I know because of how I became aware of the hack, I received an email using PGP from the security researcher who detailed the vulnerabilities exploited and also left an mp3 file in my root directory. They were anonymized fairly well, but I didn't want to pursue that angle at all due to the polite nature of this user.

I'm all for getting hacked like this, and hacking like this, as much as possible, it may appear on the surface to be a pain, but the net result of this attack is just that my server is now locked down to prevent that specific type of attack from happening again.

MP3 left in root

This hacker left an audio file in my root directory to prove that they attained full 100% ownership and control of my system. They had gained root access after elevating from the initial hack and then used ssh authorized keys to attain full console access without needing the password. It was a nice way to do that, and I enjoyed the unusual act of leaving an mp3 which I don't see often. Much nicer than those stupid txt files that malware bots have been leaving around as much as possible lately, plain text files that contain stupid text like "pro-isis hackers have owned your box" and also "anti-isis hackers have owned your box".. and french hackers, russian hackers, iran hackers, blah blah so stupid. So old-school but they don't realize its oldschool which is w (lol).

I put that mp3 online at not sure where it is from but reminds me of the audio files commonly embedded in cracking software such as the one I grabbed out of a key cracker and put up at which is actually a very sophisticated and tiny file (I made it large by stream ripping it).

Oh and don't worry about analyzing the boom mp3, I re-encoded it after ripping from a raw stream, so it's not the actual file left in my root.

All Good

Hacking should be like this. Respect for the technology and respect for the team. It's unlikely that one of my servers will be hacked by some autobot exploit farm, but of course its very likely that a dedicated team or individual can hack into anything that isn't powered off. So I'm glad that this entity had respect and didn't cause me pain :) That all said, this is a rare event for me and was quite fun! In the event of your WordPress site getting hacked, see: FAQ: My site was hacked on the WordPress codex.


Comments Welcome

Information is freedom. Freedom is non-negotiable. So please feel free to modify, copy, republish, sell, or use anything on this site in any way at any time ;)

My Online Tools

Popular Articles
Hacking and Hackers

The use of "hacker" to mean "security breaker" is a confusion on the part of the mass media. We hackers refuse to recognize that meaning, and continue using the word to mean someone who loves to program, someone who enjoys playful cleverness, or the combination of the two.
-- Richard M. Stallman

It's very simple - you read the protocol and write the code. -Bill Joy

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. NCSA HTTPd.
UNIX ® is a registered Trademark of The Open Group. POSIX ® is a registered Trademark of The IEEE.

+Askapache | |

Site Map | Contact Webmaster | License and Disclaimer | Terms of Service | @Htaccess

↑ TOPMain