Delgine 3D Tools & Content DeleD Community Edition
Forums
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

delgine.com possibly hacked

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    DeleD Community Edition Forum Index -> DeleD Community Edition
View previous topic :: View next topic  
Author Message
Jeroen
Site Admin


Joined: 07 Aug 2004
Posts: 5332
Location: The Netherlands

PostPosted: Sun May 10, 2009 6:33 am    Post subject: delgine.com possibly hacked Reply with quote

We might be victims to a website hack. A trojan horse might have been installed into our main website, delgine.com. The index.html and index.php files seem to have been altered on may 9th, 9:56.

Please, for you own best interest, do not enter the main site until further notice. We are investigating right now.
_________________
Check out Figuro, our online 3D app! More powerful 3D tools for free.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Jeroen
Site Admin


Joined: 07 Aug 2004
Posts: 5332
Location: The Netherlands

PostPosted: Sun May 10, 2009 7:17 am    Post subject: Reply with quote

All seems to be OK now. You can login to the main site again.

It was, indeed, a trojan virus that was inserted into several files of our website. I found out that the following files were infected:

login.php
main.php
index.html
index.php
home.php

Seems that the attacker scanned our whole site and whereever he found these files, he inserted a little javascript at the end of the file. Evil or Very Mad I replaced those files with the originals and told our webhoster about this problem.

Thanks go out to tatts and adr for warning us immediately (and Avast virusscanner too). All should be fine now. If not, please do tell us by email (jeroen at delgine.com and paul at delgine.com)!
_________________
Check out Figuro, our online 3D app! More powerful 3D tools for free.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
tatts
DeleD PRO user


Joined: 21 Dec 2006
Posts: 94

PostPosted: Sun May 10, 2009 1:51 pm    Post subject: Reply with quote

Hi guys, glad to see everything worked out. I had no warnings and problems getting in to the site just now. Smile I seriously hope you'se find whoever is responsible for this attack on your site, though it will be nearly impossible but you never know.

As I said a couple weeks ago, I will be here more often now so if I ever see anything again like this, You can always be for certain that I will inform you'se immediately. Again I'm glad to see you'se got this figured out. Smile

.......Tatts Smile
Back to top
View user's profile Send private message
Paul-Jan
Site Admin


Joined: 08 Aug 2004
Posts: 3066
Location: Lage Zwaluwe

PostPosted: Mon May 11, 2009 6:40 pm    Post subject: Reply with quote

Although Jeroen summed it up nicely, I just wanted to post my thanks for your support, Tatts.

It's simply great and heartwarming to see how much our users are on the opposite side of the human spectrum from those timewasters who hacked the site!
Back to top
View user's profile Send private message Visit poster's website
adr
Member


Joined: 23 Jul 2005
Posts: 165

PostPosted: Tue May 12, 2009 12:05 pm    Post subject: Reply with quote

This sounds sorta dum, but cant you just track the person by their ip address? I mean, it be going out of your way to do it, but all pc have a ip and a mac address so it be as simple as calling up their isp and then checking to see who using this ip address and find their mac address so it be easy to block and call 911 on them... but idk lmao XD
Back to top
View user's profile Send private message Yahoo Messenger
bobbel
DeleD PRO user


Joined: 22 Jan 2009
Posts: 48
Location: Good question *Looks around*

PostPosted: Tue May 12, 2009 1:15 pm    Post subject: Reply with quote

glad you guys fixed "The hax". This thing F*** scared me!
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
chronozphere
DeleD PRO user


Joined: 20 Jun 2006
Posts: 1010
Location: Netherlands

PostPosted: Tue May 12, 2009 3:17 pm    Post subject: Reply with quote

Quote:

This sounds sorta dum, but cant you just track the person by their ip address? I mean, it be going out of your way to do it, but all pc have a ip and a mac address so it be as simple as calling up their isp and then checking to see who using this ip address and find their mac address so it be easy to block and call 911 on them... but idk lmao XD


It's a waste of time trying to track persons down on the net. Blocking the IP is a good idea though, but how can you be sure which IP belongs to the attacker? And 911 shouldn't be used to report hacking attempts, especially not when the server is located in europe. Wink
Back to top
View user's profile Send private message
Paul-Jan
Site Admin


Joined: 08 Aug 2004
Posts: 3066
Location: Lage Zwaluwe

PostPosted: Tue May 12, 2009 5:59 pm    Post subject: Reply with quote

We have the ip number of the machine that performed the final ftp "attack", but it most likely belongs to an infected machine of an innocent user (botnet or a single remote-activated trojan). The important part is that whoever triggered it already had their hands on our FTP password (either through a previous hack, sniffing, infected machines, etc). We're still investigating.

Taking legal actions is unfortunately a lot more complex and time-consuming than dialing a number, and reponse is prioritized based on financial damage (in other words: there won't be any, the best we could hope to achieve is contributing as a auxiliary evidence if the same people pull of bigger jobs).
Back to top
View user's profile Send private message Visit poster's website
sjevadoraa
Member


Joined: 21 May 2009
Posts: 2
Location: netherland

PostPosted: Thu May 21, 2009 9:03 am    Post subject: Re: delgine.com possibly hacked Reply with quote

Jeroen wrote:
We might be victims to a website hack. A trojan horse might have been installed into our main website, delgine.com. The index.html and index.php files seem to have been altered on may 9th, 9:56.

Please, for you own best interest, do not enter the main site until further notice. We are investigating right now.


some security holes ?

Paul-Jan wrote:
We have the ip number of the machine that performed the final ftp "attack", but it most likely belongs to an infected machine of an innocent user (botnet or a single remote-activated trojan). The important part is that whoever triggered it already had their hands on our FTP password (either through a previous hack, sniffing, infected machines, etc). We're still investigating.

Taking legal actions is unfortunately a lot more complex and time-consuming than dialing a number, and reponse is prioritized based on financial damage (in other words: there won't be any, the best we could hope to achieve is contributing as a auxiliary evidence if the same people pull of bigger jobs).


easy chance the password every 3 months to something like fish123dog456

ftp attackers can't get a long password that easy
when you play whith the words and numbers if posible use @%^*)(&^%$@. to in your passwords

and a lot more sercure agains hack attacks

its just a tip to help you out
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    DeleD Community Edition Forum Index -> DeleD Community Edition All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum