Pasarel Posted November 22, 2012 Posted November 22, 2012 To put it simply, I got hacked... again. This time, the ones I angered were a group of Bangladeshi Islamic extremists, known as "Team Haxorsistz".While visiting my site today, I was left with this message instead of my nice homepage: "rebon test" Pretty nice, eh? As you may be expecting, I didn't try to figure out "what did the author want to say", instead I immediately googled the word "rebon". I found nothing. Going deeper into the problem, I realised they also changed my site's title with "+ADw-/title+AD4-rebon testo+ADw-DIV style+AD0Alg-DISPLAY: none+ACIAPgA8-xmp+AD4-". As far as I can tell, that looks like some weird HTML combined with random letters. But, then again, what am I waiting for, I said to myself, and googled that too. Luckily, I did find some information. As I already told you, these guys are from Bangladesh and are part of Team Haxorsistz. Seems like they're either only taking down websites because their security is low, or they're doing something similar to an Internet jihad. Well, I'll confess: I don't believe in Allah or Muhammad or any other Muslim figure, but I don't see how these guys could've known about that. However, if I'm thinking about my site's security, then, indeed, it was low. So what? I also noticed my website is now significantly bigger in size, about 300 MB bigger. I guess in Bangladesh they are feeding websites more than they are feeding people. :rolleyes:/&--#62;/&--#62;/&--#62; BTW, here's the URL: http://revista-floyd.tk/ Is there anything to be done? Shall I find the hackers' stamp and throw their bodies in the Brahmaputra? :rolleyes:/&--#62;/&--#62;/&--#62; Really now, what is to be done, if anything?
Shinryuu Posted November 22, 2012 Posted November 22, 2012 My guess, if you have a working backup delete your /public_html and use that, otherwise check for hinky nonsense in your .htaccess and delete large files that you know aren't yours. Also consider making some super ridiculous password for your account, obviously what you're using is totally easy to find in dictionaries or rainbow tables.
wolstech Posted November 22, 2012 Posted November 22, 2012 Shinryuu's suggestions are a good first step: Use a clean backup if you have one, inspect things like htaccess, and change your password. Also, since WordPress tends to be prone to hacking, make sure it and anything (plugins, mods, etc.) you've added to it are up to date. The actual "rebon test" message that replaces your page is caused by the below JS, which the hacker's code inserts into your page's body: document.documentElement.innerHTML = unescape('%72%65%62%6f%6e%20%74%65%73%74'); That code above just sets the contents of the javascript "document" element (which represents the entire page) to "rebon test".
Pasarel Posted November 23, 2012 Author Posted November 23, 2012 Thanks guys, I'm not quite sure why I didn't tried to look in the source code in the first place. I deleted that JS and it's working fine now. BTW, my password wasn't that easy to break, mainly because it was not in English, but, well, I'm not getting into more detail Thank you again! (those crappy hackers also messed up the words with diacritics, but I'll deal with it)
Recommended Posts