my poor little website was hacked

**Daggarjon** · 03-18-2008, 12:22 AM

Ok, in my time hear at CoinTalk, i have realized there are some very smart folks that hang around here. Alot are wizards at coin, and alot are wizards at currency. One thing i noticed are some very smart folks about computers, networking and other stuff that lie beyond my reach.

Today, i noticed my site had been hacked. Now, the hackers did not access my hosting acount. They did not access my ftp acct. They did not access anythign on my site that requires any type of the 400 or so passwords needed to maintain it all (ok, slight exaggeration on quantity of passwords, but very slight).

The area that was hacked was my poll section. For those of you who have visited my site in the past, may have seen one of the few polls i put up. nothign big, they are more for kicks and giggle then anything else. I could do it.. so i did.. sorta thing. To access the polling feature, one must know the exact folder string down to the last file. this is not 1 folder deep. not 2 either. and because my site is not windows based, but linux (or unix, i just cant remember) any capitalization must be followed in all folder names - and i use them - to gain access. Any missed capital.. any mispelled folder name or file name.. and you get a '404 page not found' error.

so my question to all you smart folks out there... please tell me How. how could anyone sit at a pc long enough to go through all the possible combinations possible to do this? I know there are automated programs to hack passwords. But to figure out a folder string to gain access to a file? I admit i am not the smartest man for web site design, or much else for that matter. But im not dummy when it comes to computers. I just dont know how it would be possible for someone who has never seen the layout or site map to my site ... to just walk in, and start messing with my site.

the hacker did little damage, thank goodness. Since all they could access (at least, i think it is all they could access) was my polling section ... all they could do was muck up current or past polls, or create a new poll. Which is what they did. They created a poll advertising their name or something similar, and their home country (i assume). Everything they did, i was able to fix in a matter of about 30 seconds or so.

But how to stop it from happening again. I know icould remove the polling feature completely frommy site, and have little problems from the perpertrators again. But i would rather not. I know i could just bury the folder 20 folders deeper to make it harder for these folks to gain access... but this only makes it harder, it wont stop them. Especially since i have no idea as to the methods used to gain the access they had.

very little damage was done. And for what i can tell, no lasting damage was done at all! What was done was easily fixed! but still .. i feel so violated. My site is very small, offers very little, and attracts very few. I dont see the point for anyone to sit and try to hack my site, or any site for that matter, but such a small site such as mine. Is it really that easy, where very little effort was exerted by the hackers to do what they did?

im just very confused .. the usual question ... Who? Why? How? When? .. the What? and the Where? really doesnt matter to me. How to prevent another issue does.

I dont want folks to take this as self promotion to the site. I thought about taking the whole site offline for a bit to prevent this thiking, while it was discussed here, but i didnt want the folks who did it to get the idea they won .. if such a feeling is what they are after. So please understand, that it just really bothered me what was done.

Sorry to rant so much! i am going to bed .. hopefully a nights sleep with wash it all away.

I appologize to the mods if this is not the appropriate section ... but in a coin related fashion .. my site is about coins and currency. feel free to move the post as needed.

Welcome to Coin Talk! Register Now, it's easy and FREE!