Ok, in my time hear at CoinTalk, i have realized there are some very smart folks that hang around here. Alot are wizards at coin, and alot are wizards at currency. One thing i noticed are some very smart folks about computers, networking and other stuff that lie beyond my reach. Today, i noticed my site had been hacked. Now, the hackers did not access my hosting acount. They did not access my ftp acct. They did not access anythign on my site that requires any type of the 400 or so passwords needed to maintain it all (ok, slight exaggeration on quantity of passwords, but very slight). The area that was hacked was my poll section. For those of you who have visited my site in the past, may have seen one of the few polls i put up. nothign big, they are more for kicks and giggle then anything else. I could do it.. so i did.. sorta thing. To access the polling feature, one must know the exact folder string down to the last file. this is not 1 folder deep. not 2 either. and because my site is not windows based, but linux (or unix, i just cant remember) any capitalization must be followed in all folder names - and i use them - to gain access. Any missed capital.. any mispelled folder name or file name.. and you get a '404 page not found' error. so my question to all you smart folks out there... please tell me How. how could anyone sit at a pc long enough to go through all the possible combinations possible to do this? I know there are automated programs to hack passwords. But to figure out a folder string to gain access to a file? I admit i am not the smartest man for web site design, or much else for that matter. But im not dummy when it comes to computers. I just dont know how it would be possible for someone who has never seen the layout or site map to my site ... to just walk in, and start messing with my site. the hacker did little damage, thank goodness. Since all they could access (at least, i think it is all they could access) was my polling section ... all they could do was muck up current or past polls, or create a new poll. Which is what they did. They created a poll advertising their name or something similar, and their home country (i assume). Everything they did, i was able to fix in a matter of about 30 seconds or so. But how to stop it from happening again. I know icould remove the polling feature completely frommy site, and have little problems from the perpertrators again. But i would rather not. I know i could just bury the folder 20 folders deeper to make it harder for these folks to gain access... but this only makes it harder, it wont stop them. Especially since i have no idea as to the methods used to gain the access they had. very little damage was done. And for what i can tell, no lasting damage was done at all! What was done was easily fixed! but still .. i feel so violated. My site is very small, offers very little, and attracts very few. I dont see the point for anyone to sit and try to hack my site, or any site for that matter, but such a small site such as mine. Is it really that easy, where very little effort was exerted by the hackers to do what they did? im just very confused .. the usual question ... Who? Why? How? When? .. the What? and the Where? really doesnt matter to me. How to prevent another issue does. I dont want folks to take this as self promotion to the site. I thought about taking the whole site offline for a bit to prevent this thiking, while it was discussed here, but i didnt want the folks who did it to get the idea they won .. if such a feeling is what they are after. So please understand, that it just really bothered me what was done. Sorry to rant so much! i am going to bed .. hopefully a nights sleep with wash it all away. I appologize to the mods if this is not the appropriate section ... but in a coin related fashion .. my site is about coins and currency. feel free to move the post as needed.
Well, I hope I'm right, but I honestly don't think you have much to worry about. From your description, I can think of two explanations: 1. It was a "challenge" or a "test" for someone. They get a URL and are told to do x and y to it. If they pass, they get to be part of some hacking group or whatever. This was certainly very, very common when I was much more into the darker side of computing. 2. You said you put the polling section in because "you could". Same rationale for a hacker. Why did he/she do it? Because he/she can. I wouldn't lose too much sleep unless it happens again.
Ouch! I really don't have any ideas for you....but I'll ask our tech guy about it and see if he has any that might help. We use linux as well on our servers. Speedy
the poll software has a problem - use better polling software? hacking a website is dreadfully simple. -steve
Which only shows how sick some people are. It's like breaking and entering to me. If you do not belong in the process of creating a website you should stay out. People have done some serious damage with their "games". I fully support SEVERE punishment for this. It's a crime. A crime that spans the globe. Sorry for what happened to you Daggarjon but in a somewhat related story I read yesterday that the "king" spammer is facing 26 years in jail! He's 28 and I hope he gets out------when he's 54.
I personally don't understand how something like this can be done. I can barely get into the site at work that I have access to. In car terms, I can drive but I'm not a mechanic. But I would be mildly worried that the hacker will return and see if he/she can go deeper next time.
Another point that makes me sick. Toss him in jail without a computer. Course that would probably be "cruel and unusual" punishment. Can't neglect a criminals rights can we?
No doubt it's someone who you've cyberly acquainted yourself with. This site not excluded. Example, I've posted a few times here over the past three years that I live on a farm in South Dakota. One day out of the blue (2-3 months ago) we get a call asking if they were speaking to Blake of Bonedigger's Farm, WTH??? LMAO... BTW, I only use Bonedigger on two forums, both numismatically related. The caller wanted to know all sorts of harmless (if taken individually) tidbits of information. How many cows we have, how many dogs, horses, chickens... I finally got a word in edgewise to ask whom I'm speaking to. Apparently (they said) it was some sort of Reverse Rural 911 directory. I immediately smelled BS but played along. When the question about the physical address of where we were located and the number of doors to the house was broached, I quoted the phone number from which the call originated from and immediately they hung up. When I tried to call back all I could get was a busy signal. I won't divulge anything else, but it was an area code that surprised me... If you can do a massive password change I'd do so immediately. Take Care & Good Luck Ben
Actually some of those things are becoming easier all the time. You must remember that people that build or repair anything have learned how to take them apart and put them back together again. An example is my car. I have a built in burglar alarm, a factory alarm and a electric shutoff switch. Since all were installed at a dealer, someone in that dealership knows how to do and undo all that. My car just stopped one day. We called the dealer and they sent a person out to tow the car in. The tow truck driver entered my car, started it, drove it onto a truck and all without any alarms sounding and I wasn't there to give him my key. HMMMM. Back to computers. I'm no computer person for sure, but I do have a separate hard drive for stored info in this computer. No not a partitioned main drive, two completely separate hard drives. This was done to no hacker could access my personal files. I challanged someone I know that is a computer nut to try to enter my second hard drive from where ever he was at. He did. HMMMM. He built my computer so he knew how to access anything from who knows where. Someone I kneow had to go to school to learn alarm systems. No he didn't get a job installing them. He did however, eventually get caught robbing houses with alarm systems. As already noted if you try to NOT have someone mess with your stuff, someone will. Human nature.
