Coffeehouse Thread

13 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

hacked again... sigh...

Back to Forum: Coffeehouse
  • User profile image
    jamie

    www.jgrant.com

    *if you remember - this site was plain html  and called: "manual blog" as i was sick of DB's getting hacked.

    now this regular html page has been hacked (this cannot be good) on my server - here - right over there

    do these people have nothing better to do?  its just family and design stuff!

    old threads about being hacked:


    - http://channel9.msdn.com/ShowPost.aspx?PostID=61636#61636

    - http://channel9.msdn.com/ShowPost.aspx?PostID=19691#19691

    - http://channel9.msdn.com/ShowPost.aspx?PostID=166476#166476


  • User profile image
    Harlequin

    Looks like it uses VML in the source, I hope you didn't just share that IE VML exploit to a bunch of C9'ers Smiley

  • User profile image
    Cannot​Resolve​Symbol

    Yeah, it does look like it might contain the VML exploit (can't find any reference as to what it looks like, though).

    Advice:  Those using unpatched IE6 should not click the link.

    (this doesn't affect IE7, does it?)

  • User profile image
    jamie

    i dunno.

    question:  to check this i needed to add back:

    http://server   www.jgrant.com

    to my hosts file in vista  - windows/system32/drivers/hosts

    it know longer works like it used to   (page not found)


    just me?  or another change?
    *does it require reboot?

  • User profile image
    jamie

    CannotResolveSymbol wrote:
    

    Yeah, it does look like it might contain the VML exploit (can't find any reference as to what it looks like, though).

    Advice:  Those using unpatched IE6 should not click the link.

    (this doesn't affect IE7, does it?)



    there were "updates waiting to be installed"  they are installed now (didnt see the ballon)

    * i never touch the server - win2003 is great

    **maybe i should turn on auto-updates for server ( i just like to see first)

  • User profile image
    jamie

    whatever-

    *im taking the server offline anyway to do a re-install for a friend so the URL above wont work for a few hours

    * it just says abunch of terrorist stuff...

  • User profile image
    Sven Groot

    Are you still running the server on FAT32?

  • User profile image
    littleguru

    You seem to give reputation in the hacking community. Usually stuff is hacked to get reputation - or to be used as a distro ('stro).

  • User profile image
    blowdart

    Jamie if you need someone to look at how the server is configured please drop me an email.

  • User profile image
    Rossj

    blowdart wrote:
    Jamie if you need someone to look at how the server is configured please drop me an email.


    Why? Do you know someone?  Big Smile

  • User profile image
    ZippyV

    If you install Service Pack 1 you get a security wizard to lockdown your server. And please use ntfs as a filesystem.

  • User profile image
    blowdart

    Rossj wrote:
    
    blowdart wrote:Jamie if you need someone to look at how the server is configured please drop me an email.


    Why? Do you know someone? 


    Arse Tongue Out

  • User profile image
    Cornelius Ellsonpeter

    CannotResolveSymbol wrote:
    Yeah, it does look like it might contain the VML exploit (can't find any reference as to what it looks like, though).

    Advice:  Those using unpatched IE6 should not click the link.

    (this doesn't affect IE7, does it?)
    And for those of us idjets who actually clicked on the link, what is the remedy? I'm a little behind in my IE "updates" unfortunately, although once I saw the opening screen of Jamie's site, I very quickly bolted.  Is there any way to check if something wacky got installed?

    Embarassed

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.