I think I know it as well. Why are you so surprised? Someone hacked you. Improve your security!!!
Please Watch this, How is this possible?
01/03/2009 15:19
KraHen#16
01/03/2009 15:24
_Emme_#17
Someone that wants to prove your server isnt as good as you say it are , lmao:P
And newduude, the code tanel coded ( his personal number ) just drops the table coproj, so that cant be it.
And newduude, the code tanel coded ( his personal number ) just drops the table coproj, so that cant be it.
01/03/2009 16:17
plasma-hand#18
It should not be hard to figure out nowQuote:
Someone that wants to prove your server isnt as good as you say it are , lmao:P
And newduude, the code tanel coded ( his personal number ) just drops the table coproj, so that cant be it.
01/03/2009 16:33
sherwin9#19
plasma....
01/03/2009 16:34
koio#20
and close the mysql port in u router
01/03/2009 16:54
plasma-hand#21
Sherwin, If you think its me you are the dumbest person i have ever seen
01/03/2009 18:27
tao4229#22
Tbh, that website CMS isn't the most secure website....
Not like I could make one my self though.
Not like I could make one my self though.
01/03/2009 19:01
sherwin9#23
Hmmm nvm, I think it's H4x0r if you know who it is, my friend just caught up a pm from him which included the message that he was selling GM and PM accounts at my server :P And that he hacked it.... So... Guess.. it's him...
01/03/2009 19:06
KraHen#24
I knew it since the beginning, he changed his name to H4x0r not too long ago...
01/03/2009 19:08
plasma-hand#25
you said the person that did it knows php well and is a good coder...
Whoever did it just typed in ur mysql pass which was prob either conquer,sherwin,admin,adminadmin,conquer4life
Whoever did it just typed in ur mysql pass which was prob either conquer,sherwin,admin,adminadmin,conquer4life
01/03/2009 19:15
!DeX!#26
[Only registered and activated users can see links. Click Here To Register...]
idiot Delete This File
idiot Delete This File
01/03/2009 19:15
KraHen#27
Or RAT-ed the host PC?
01/03/2009 19:19
!DeX!#28
lolmaster ... Did that [CoNorth]
01/03/2009 19:20
Kiyono#29
lolmaster did it
01/03/2009 19:22
Tw3ak#30
lol i can tell you probably how he /did it.
for one cms = horrible to use and it also helps if you remove the install files lol.
and for 2 if you read the thread tao4229 made describing lotf exploitations you will see unknown talk about injecting sql commands into lotf servers.
Most likely the person simply injected whatever he wanted into your database tables by exploiting it not being secured.
i'll give you a few tips on this so it won't happen again because i'm in a generous mood today lol.
1) do NOT ue the default lotf db names and passwords.
You would be surprised how many idiots use the standard "coproj" as db name such as you did in this case lol
2) Don't use root access to run your server as underlined to do in setup in every guide to a private server i have seen.
your probably using "root" "yourpass" for your db conection which is NOT ever a good idea to use root as your main db connection it is designed to be used for administration purposes not to have server use it.
3) most importantly set up new user/pass that is not root and set your sql permissions to specific host/dns and deny all from anyone else.
If your server is communicating to sql only your server is allowed to do so anyone else trying to run remote injection commands to the sql from outside ip will just get denied access as it isn't set in permissions.
This will prevent most of the script kiddies that call themselves a "hacker" from screwin with your server i hope it helps you in the future good luck.
for one cms = horrible to use and it also helps if you remove the install files lol.
and for 2 if you read the thread tao4229 made describing lotf exploitations you will see unknown talk about injecting sql commands into lotf servers.
Most likely the person simply injected whatever he wanted into your database tables by exploiting it not being secured.
i'll give you a few tips on this so it won't happen again because i'm in a generous mood today lol.
1) do NOT ue the default lotf db names and passwords.
You would be surprised how many idiots use the standard "coproj" as db name such as you did in this case lol
2) Don't use root access to run your server as underlined to do in setup in every guide to a private server i have seen.
your probably using "root" "yourpass" for your db conection which is NOT ever a good idea to use root as your main db connection it is designed to be used for administration purposes not to have server use it.
3) most importantly set up new user/pass that is not root and set your sql permissions to specific host/dns and deny all from anyone else.
If your server is communicating to sql only your server is allowed to do so anyone else trying to run remote injection commands to the sql from outside ip will just get denied access as it isn't set in permissions.
This will prevent most of the script kiddies that call themselves a "hacker" from screwin with your server i hope it helps you in the future good luck.