Development site has been hacked!!

[Gabba]

Hello people,

I don't have much time to hang around the forums anymore, but I went to check out the "new" development forum at http://taspring-linux.berlios.de/, and as of now it redirects to a hacker site: http: // naryech.by.ru / index / index.htm (hit CTRL-A to see the hidden text).
(edit: I voluntarily messed up the URL 'cause I don't want to link to it... google ranking etc. If you want to see the hacker's signature you can always copy the url and remove the spaces to make it work.)

My personal guess is that the CMS that was being used hasn't been kept up to date - the typical cause for hacker attacks.

AF, you better check this out!!

[BvDorp]

E: being stupid here..

[Tobi]

took the thing offline

[AF]

I put it up as maintenance, but forgot the direct path to the login page

edit:
Oh crap I thought you were referring to the maintenance, I hadnt read the post properly....

[Tobi]

AF, do you still have a copy of configuration.php locally?

[AF]

It shouldnt be that hard to setup a new config.php. Did they replace the existing config.php with the defaced webpage?

[Tobi]

They/he replaced the files' contents with a <script>location=blah;</script> tag.
Maybe I have a backup myself tho, will look tomorrow.

[AF]

I have the stuff to fix it but its saying permission denied, I cant upload anything or change any of the files around

[Caydr]

Moron. That'll really be something to write home about. "Today I hacked a defenseless open-source game project's web site! I am L33T!!!!111"

[LOrDo]

Just...why?

[Das Bruce]

Felony 9, first warning I would say. -- SinbadEV

[HawkMan]

insecure CMS systems... this happens all the time to sites runnign e107 since they can just google for sites runngin it, and then run their automated scripts.

Guess whatever CMS that site where runnign has the same security problems.

[Neddie]

Well - that was unexpected.

[Snipawolf]

That's pathetic, go hack a bank site, nub..

[Dwarden]

any important data loses or just frontend and pain in ass (timesink) ?

[AF]

I need to uplaod a new configuration.php, and I have the original copy that was used after it was all installed. However I cannot do anything to the dev sites files, I get permission denied. The database is all intact though.

[Guessmyname]

...

why?

Why hack someone's site. If you're just pointing out a flaw in their system (which is the only real / sensible reason I can think of, but then, this is the internet - hardly renowned for reason and sensibility) would it not be best to simply notify the web host / owner / html script monkey?

[Snipawolf]

Cuz they are soooo 1337 that they think it would be awesome too...

/Sarcasm/

They can't go and hack a bank to get rich or something, they waste their time playing with an open-source game site..

[Dwarden]

it shows it were lame crackers w/o honor...

they not contacted admin / owner with informations about security hole (usually in exchange for credits mentioned somewhere on site after being fixed) ...

and if they erased / damaged data , twice lame ...

in such case , it's just crime, nothing less nothing more ... same like someone take baseball bat and demolish Your car ...

if You got logs , share with some local authorities ...

[Acreo Aeneas]

Hmm. This is interesting.

First time I've heard a Open-Source site, much less a gaming site, come under attack by kiddie-hackers or the likewise. I truly wonder if there was some unseen motivation for this very stupid attack?