24khost hacked?

peterw

New Member
If you look to this file: http://24khost.com/images/log/killer.php

It doen't look good.

Code:
--==[[ Configuration File Killer By Team IndiShell ]]==--
	
#############################################################################################################################################################
-==[[Greetz to]]==--
Guru ji zero ,code breaker ica, Aasim shaikh, Raman kumar rana,INX_r0ot,Darkwolf indishell, Chinmay Pandya ,Silent poison India,Magnum sniper,Atul Dwivedi,ethicalnoob Indishell,Local root indishell,Irfninja indishell
cool toad,cool shavik, Ebin V Thomas,Dinelson Amine ,Mr. Trojan,rad paul,Godzila,mike waals,Neo hacker ICA, Golden boy INDIA,Ketan Singh,Yash,Reborn India,Alicks,Aneesh Dogra,silent hacker,lovetherisk
Suriya Prakash,cyber gladiator,Ashell india,Cyber Ace,hero,Minhal Mehdi ,Raj bhai ji,cold fire hacker,Prashant Tanwar, VikAs ViKi ,Rakesh, Bhuppi,Mohit, Ffe ^_^,Ashish,Shardhanand,Bhuppi and rest of TEAM INDISHELL
--==[[Dedicated to]]==--
# SH.Kishan Singh Tanwar and my Ex Teacher Mrs. Ritu Tomer Rathi #
--==[[Interface Desgined By]]==--
Deepika Kaushik
#############################################################################################################################################################
 

maounique

Active Member
That looks like a regular defacement, not really a hack.

Getting to the web page is a thing, downloading solus db is another.

Our forum has been attacked successfully twice, the attackers managed to upload some scripts in avatars and images section, that does not mean even the site had a problem, not to mention whmcs or solus or hb.

But, as I say everywhere, nothing is safe. Doing online business poses a serious risk from which you can only run for a while and do your best for damage control and disaster recovery when it caught up with you.
 

serverian

Well-Known Member
Verified Provider
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>24KHOST THE GOLD STANDARD IN HOSTING</title>
<style>
body{
background-image:url('background.jpg');
text-align:center;
}
</style>
</head>
<body>
<br />
<br />
<br />
<br />
<br />
<br />
<br /><br /><br />
<br />

<img src="images/logo.png">
</body>
</html>


Holy moses!
 

SeriesN

Active Member
Verified Provider
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>24KHOST THE GOLD STANDARD IN HOSTING</title>
<style>
body{
background-image:url('background.jpg');
text-align:center;
}
</style>
</head>
<body>
<br />
<br />
<br />
<br />
<br />
<br />
<br /><br /><br />
<br />

<img src="images/logo.png">
</body>
</html>


Holy moses!
BRO! Do you even css?
 

vanarp

Active Member
I feel sad for such things done by Indian skids. Not sure what they really gain out of it.

Recently two of my dot in sites running WP on cPanel hosting were defaced/hacked too. Now I have moved them to a VPS where I feel comfortable with security measures taken by me.

I think everyone using WP should read this http://codex.wordpress.org/Hardening_WordPress
 

JDiggity

New Member
Well our website was not defaced.  I did that a while back.

Second there was no data lost, thanks to mod_security.
 

MCH-Phil

New Member
Verified Provider
Well our website was not defaced.  I did that a while back.

Second there was no data lost, thanks to mod_security.
Would you elaborate more on this?  More specifically how mod_security saved you from data theft...  And how that applies to the script that was uploaded aka killer.php.
 

Kruno

New Member
Verified Provider
If they were able to upload a php script there is nothing mod_security could possibly do for you. Data is on their hands most likely. 
 
Last edited by a moderator:

wlanboy

Content Contributer
I don't know whats worst. That he got defaced or how he handles it.

Bet on the latter.
 

Slownode

New Member
I'm a customer of 24k... I wonder who has my details now, would like some clarity on what happened... I wonder who used their CC.

I assume jon is working on an in-house solution like he's doing with the vps control panel... but if you don't really know what you're doing that's still at risk.
 

SeriesN

Active Member
Verified Provider
I'm a customer of 24k... I wonder who has my details now, would like some clarity on what happened... I wonder who used their CC. I assume jon is working on an in-house solution like he's doing with the vps control panel... but if you don't really know what you're doing that's still at risk.
VPS control panel is actually a proprietary control panel of RockMyWeb(cloud3k) and not "his" inhouse panel. As for his site, I have one thing to say "WOW". It has been down for long, too long.
 

wdq

Quade
VPS control panel is actually a proprietary control panel of RockMyWeb(cloud3k) and not "his" inhouse panel. As for his site, I have one thing to say "WOW". It has been down for long, too long.
I used to be a 24kHost customer (I had a storage VPS). Overall things were pretty good, although I couldn't stand that control panel. It was nearly impossible to navigate, and most of it just plain didn't make sense. I guess a control panel for me is something that I don't use very often so I was still able to get by with the panel. 

On the other hand the website is starting to get ridiculous. He should have at least something up. Even if it's just something that says "We've been hacked and we're working to fix things."
 

MCH-Phil

New Member
Verified Provider
On the other hand the website is starting to get ridiculous. He should have at least something up. Even if it's just something that says "We've been hacked and we're working to fix things."
Is he working on fixing it or sweeping it under the rug...

I think that is the big problem.  It appears his customers don't even know whats going on?  
 
Last edited by a moderator:

wdq

Quade
Is he working on fixing it or sweeping it under the rug?
 

I have no idea, from the looks of it he must be either really busy with something else, or just completely forgot about it. 

You'd think that he'd already have something up there considering he is probably losing a lot of potential business by not having a website. Maybe has a day job and does this on the side so he doesn't consider it critical. 
 

Slownode

New Member
Last host I used was fedorait.net and he bailed, didn't like the work of a startup... a shame, I was going to work with him, he came back later inviting me to do the same thing, but I don't trust he'd stick to it now.


-


It's such a pain, I have the skills to be my own host, write all of the panel and site software, not a skiddy using PHP, I use C for work, run VMs, moving to Go for web things, do it securely, but do I make the time and miss out on making money for a pipe dream... although, it appears my security is at risk trusting hosts who think using complicated closed third-party software is a good idea.
 
Last edited by a moderator:
Top