ShoeMoney Hacked

33 comments

Security Warning - Do Not visit the site till fixed by Jeremy
JasonD

Shoemoney has had his blog hacked by the (TURKISH HACKER) My IM lit up 5 minutes ago ,, Hmmmm as Smiley Said lets recruit the turk for link builing :)

btw Danny Loves Flickr so you will find a screen shot there http://www.flickr.com/photos/dannysullivan/267744299/

Comments

Link Bait!

I am calling him out on link baiting! just kidding.

That was ShoeMoney's site??

Sorry about that, Ill put it back up. My bad.

Anyone care to translate it

Anyone care to translate it better than babelfish can ?

yes, link bait...

It being link bait was one the first thoughts that I got. It's pretty sure that he will be getting a bunch of links because of this, I blogged about it so at least that's one link...

That is so full of shit you

That is so full of shit you can smell it.

Is it a good or bad thing

Is it a good or bad thing that when your site gets hacked, nobody believes it?

None of what U hear and 1/2 of what you see

Quote:
Is it a good or bad thing that when your site gets hacked, nobody believes it?

Depends WHO's site it is and WHOM is involved all around the story.

If it was link bait

He would have got more links if there wasn't a redirect to a virus.

Re: Is it a good or bad thing

Must be good. Then one won't be called out for being a sucker at security... It's better to be called out as a bad ass link baiter, isn't it?

He would have got more links

He would have got more links if there wasn't a redirect to a virus.

Very true. I'm sure it's not linkbait because of that. But I did find it interesting that first reactions were to call it a publicity stunt.

a true machevellian link

a true machevellian link baiter would link to a virus, otherwise it would be too obvious as linkbait

Is this a HACK ? Or some

Is this a HACK ? Or some kind of joke ?

Doesn't Shoemoney Use Wordpress?

Probably just a fairly standard Wordpress exploit - anyone translated from the Turkish?

sorry to hear it

Sorry to hear it shoemoney. That's a bitch getting hacked like that.

Linkbait

For once I don't think this is link bait. There are discussions of other websites which have been hacked and display the same text. Example: www.zone-h.org/content/view/4464/30/

Although Jeremy could have obviously gone to the effort of looking at previously hacked websites and copied it, I think it's very unlikely.

I´ve seen this hack a few

I´ve seen this hack a few times in the past. I´m sure this is not a linkbait.

I can well believe it - had

I can well believe it was hacked - had a few Wordpress installs hacked over the past few months, installing hidden links and calling up trojans from third-party sites.

I might link to where I have covered this before, but Platinax seems to be under DDoS attack at present.

it wasnt wordpress it was a

it wasnt wordpress it was a phpbb2 that was installed on the box... nice little string to download a perl script to search and replace index.php files owned by the websever ... weee...

im just glad it was my blog and not a commercial box.

By blogging about this, you

By blogging about this, you are giving the person who cracked this site press time.

I had hundreds of sites

I had hundreds of sites defaced before, apperantly it's rather simple due to bugs in apache, and some forum and blogging software, but at least its always easy to restore everything from backups.
no matter what is was, jeremy is a master of linkbait lol

Well well

Well it appears its easily repaired..... a lesson for anyone who leaves a crappy forum software on their server....

Goog luck sorting it though i know it can be a pain.

New look?

Shoe - did you do a small makeover as well? Looks like it..

Ouch

After his post of 5 quick and easy ways to stop blog spam that were a few years out of date, I'm waiting for 5 quick and easy ways to secure your server ;)

As I am sure you know when

As I am sure you know when you choose the path of the white hat like we do you have people that want to take you down =(

Sometimes the price you pay for helping keep the searchengines free of spam!

i'm dumb - need smart

IncrediBILL, knowing your professional focus, i give a great deal of credence to your views on this subject. if you were in shoe's shoes, what would you do to protect yourself?

Update

Update update update, backup backup backup, and then I still probably miss stuff just like Shoe did.

Shoe actually did the best thing possible after an intrusion, move to a new clean installation and restore your backup because it's hard to tell what all has been compromised, and frankly not worth the time to find it.

The last time my server was compromised was many years ago with a bug in Red Hat that took RH a week to fix and release while the hackers were running amok. Best we could do was back up and pray they just didn't knock us offline until the patch came out.

IMO, even though I poked fun @ Shoe's predicament, he did all the right things to preserve his site and quickly recover from the situation.

You seem to be quite the

Incredibl, you seem to be quite the authority.

What exactly are your qualifications?

IMO, even though I poked fun

Quote:
IMO, even though I poked fun @ Shoe's predicament, he did all the right things to preserve his site and quickly recover from the situation.

Hey, thanks for clarifying that ;-)

I see you've started guest book spamming. tsk tsk ;-)

Qualifications?

Well, I only spent 4 years working for a pioneer in PC data storage, backup and recovery technology and some of my research was part of our contribution to the QIC standards.

Nah, I'm probably not qualified at all.

haha

The funniest part about this is I used the be the lead unix security admins for one of the largest banks in the US.

Lets keep this in perspective... its a blog... on a "could give a shit about" server. I did not even have monitoring checksums on it. The people that are pissed are my friends and family that were leaching on this box. Trust me I was in NO HURRY to fix it.

Now if one of my clusters got hacked.... or something that actually earned income that would hurt!

So basically, you're saying

So basically, you're saying your skillset is about 15 years out of date. QIC was dissolved in what, '98?

You must be so confident in your abilities IncrediBILL, that you host your blog on blogspot. Why don't you keep putting your incrediBLE skills to work hunting down web spam?

LOL

Cute, lame but nice try.

I was a *nix admin myself

I was a *nix admin myself for 6 years but it's hard work dealing with hacks and finding out where they got in. Sometimes wiping the machine isn't an option (with 500+ sites on it).

Best advice I can give is to hire a decent server admin team. If anyone wants a recommendation, TSS are one of the best ($75/month for their monthly package). Most of their key guys were/are mods over at the ev1 forums - I'll take 4 figure post count over any official qualification :)

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.