Hi there,
I'm shouting out there that I've been away for a few days and upon my return I receive this beautiful message on my e-mail account notifying me I've been hacked!
This is the work of $n!per_Pal for the ZaidoohNet team, I'm done a quick search online to find that ZaidoohNet is an active arabic hacking community. They've had access to my e-mail in order to send me the e-mail (I didn't open the e-mail all this text was on the 'preview') and I'm afraid to know what information they have on my. and just as I logged on this forum, a 'lady' contacts me telling me she's interrested and she gives out her personnal e-mail. My apologies if she's real, but this is a lot...
so... am I a first? is this common? how much do they have on me? is it people that only does this for fun or am is my identity going to be stolen? haha I know i'm exagerating but I'm actually quite concerned. any help/advice/reassuring would be very appreciated!
Full Version: I've Been Hacked!
Zymic Webmaster Forums > Zymic Free Web Hosting > Zymic Free Web Hosting - General Discussion & Help
LOL...did your page look something like this? If so then only your account was hacked and most likely they implanted something within your files. I would not use that account again.
To be honest, I am a little proud of this hacking group. THEY DID NOT USE TABLES IN THEIR HACKED CODES.
I tried tracking them for you through the ads they placed on their sites but I realized in the middle of it that it was going to take a while, so I kinda gave up. Sorry, you're on your own on this one.
Best suggestion, reset your account and use a better and stronger password such as: 19~n3d$j/dw9d=(&. You don't have to memorize it. Just save it to your computer and paste it when you want to login. Or even better, just have your FTP remember your password for you. I know CyberDuck for mac has that feature.
//EDIT
I found few other accounts on Zymic that were hacked by ZaidoohNet. So its not just you.
On Trap17, we had a discussion on how to protect yourself from these hackers. I think you should have a read. http://www.trap17.com/index.php/Defend-Hacked_t64302.html
For those who are are interested, this is my favorite reply:
To be honest, I am a little proud of this hacking group. THEY DID NOT USE TABLES IN THEIR HACKED CODES.
I tried tracking them for you through the ads they placed on their sites but I realized in the middle of it that it was going to take a while, so I kinda gave up. Sorry, you're on your own on this one.
Best suggestion, reset your account and use a better and stronger password such as: 19~n3d$j/dw9d=(&. You don't have to memorize it. Just save it to your computer and paste it when you want to login. Or even better, just have your FTP remember your password for you. I know CyberDuck for mac has that feature.
//EDIT
I found few other accounts on Zymic that were hacked by ZaidoohNet. So its not just you.
On Trap17, we had a discussion on how to protect yourself from these hackers. I think you should have a read. http://www.trap17.com/index.php/Defend-Hacked_t64302.html
For those who are are interested, this is my favorite reply:
QUOTE
The following message is by truefusion of Trap17
The easiest way for a person to modify a file on a website which he doesn't own is if the file has permissions to allow anyone to modify the file and if the file can be accessed through a browser. Another way is through SQL injection due to either bad or ignorant coding methods. These are the common methods of "hacking" a website. If you're using a flat-file CMS, one method you can take in protecting your website is by placing all editable files outside of your public_html folder; that is, place them in the parent folder of public_html and just have files include them, by (for example) PHP's include statement. That way, the only other method of accessing these files would be by exploiting any CMS that edits these files. If you're using an SQL based CMS, make sure it's up-to-date. However, being up-to-date doesn't get rid of all security issues (probably even the one you want solved) and my introduce new ones, since introducing new features can have that effect on scripts. But these modifications don't always cause new security issues, and tend to fix other known issues, and if new security issues are introduced, it may be small or insignificant. The 100% sure way of not being hacked is to disconnect yourself from the internet, but since that is obviously not desired, you'll have to rely on these methods.
The easiest way for a person to modify a file on a website which he doesn't own is if the file has permissions to allow anyone to modify the file and if the file can be accessed through a browser. Another way is through SQL injection due to either bad or ignorant coding methods. These are the common methods of "hacking" a website. If you're using a flat-file CMS, one method you can take in protecting your website is by placing all editable files outside of your public_html folder; that is, place them in the parent folder of public_html and just have files include them, by (for example) PHP's include statement. That way, the only other method of accessing these files would be by exploiting any CMS that edits these files. If you're using an SQL based CMS, make sure it's up-to-date. However, being up-to-date doesn't get rid of all security issues (probably even the one you want solved) and my introduce new ones, since introducing new features can have that effect on scripts. But these modifications don't always cause new security issues, and tend to fix other known issues, and if new security issues are introduced, it may be small or insignificant. The 100% sure way of not being hacked is to disconnect yourself from the internet, but since that is obviously not desired, you'll have to rely on these methods.
Ah I'm kinda relieved that I'm not alone and, yeah like you said IamShipon1988 I admire how they did that. I mean, looking at the glass half full, I'm glad this happened, I've always appreciates the art of hacking, NOT what it does but HOW it's done, like it or not it takes a damn good knowledge to go through all the security loops and stuff of a system like this... unless of course you use an open source hacking program lol...
I haven't read your link yet but I will definitely take a look at it, like I said, I'm curious to see how they did it. and lol I'm only using this web space to fiddle with my PHP homework, so it's not a big loss for me.
One thing that still preoccupies me though, they did hack into my acocunt wha kind of information do you think they managed to out of it? just the fact that they sent me an e-mail really got me concerned for my info... do I need to change my name and passport?
Anyways, I really want to thank you for the info, like I said this is gonna be one more reason for me to read about hacking and security!
I haven't read your link yet but I will definitely take a look at it, like I said, I'm curious to see how they did it. and lol I'm only using this web space to fiddle with my PHP homework, so it's not a big loss for me.
One thing that still preoccupies me though, they did hack into my acocunt wha kind of information do you think they managed to out of it? just the fact that they sent me an e-mail really got me concerned for my info... do I need to change my name and passport?
Anyways, I really want to thank you for the info, like I said this is gonna be one more reason for me to read about hacking and security!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.