Jump to content


Photo
* - - - - 1 votes

Disruption To Monachos.net Last Week


  • Please log in to reply
10 replies to this topic

#1 Ephestion

Ephestion

    Junior Poster

  • Members
  • Pip
  • 17 posts

Posted 24 January 2013 - 08:39 AM

website monachos.net has been hacked by a guy called Bogel. He claims to be from Indonesia. Although some other people state the source of his hack came from China.

This is the code of the replaced index.htm/php of the website.
<html>
<head>
<title>[†] Hacked by bogel [†]</title>
<meta name="Generator" content="Hacked by bogel,http://zone-h.org/archive/notifier=bogel">
<meta name="Author" content="Hacked by bogel,http://zone-h.org/archive/notifier=bogel">
<meta name="Keywords" content="Hacked by bogel,http://zone-h.org/archive/notifier=bogel">
<meta name="Description" content="Hacked by bogel,http://zone-h.org/archive/notifier=bogel">
</head>

<link REL="SHORTCUT ICON" HREF="http://animations.fg-a.com/indonesC.gif"></link>
<body bgcolor="#000000"></body>
<body oncontextmenu='return false;'></body>
<center><br><br>
<img width="400" src="http://carandbabe.ro/bogel.gif">
<br></center><center>
</tr>
<br><center>
<br><font color="#ff0000" face="Courier New">[†] Hacked by bogel [†]
<br><font color="#ffffff" face="Courier New">clim - Guardi4n - Dicka - ab3ncR4zy - Doddy - Batak - c4uR - XaDaL
<br><font color="#ffffff" face="Courier New">[†] Jayalah <font color="red" face="Courier New">INDONESIA<font color="#ffffff" face="Courier New"> Ku [†]</center></ br>


<style type="text/css">BODY {
SCROLLBAR-FACE-COLOR: #000000; SCROLLBAR-HIGHLIGHT-COLOR: #000000; SCROLLBAR-SHADOW-COLOR: #000000; SCROLLBAR-3DLIGHT-COLOR: #fffc00; SCROLLBAR-ARROW-COLOR: #fffc00; SCROLLBAR-TRACK-COLOR: #000000; SCROLLBAR-DARKSHADOW-COLOR: #fffc00
}
BODY {
CURSOR: crosshair
}
</style>

<Script Language='Javascript'>function keypressed() {;return false;}document.onkeydown=keypressed;// End --></script>

<!--bot.ad START-->
<SCRIPT language=javascript type=text/javascript>
//<![CDATA[
var Ovr2='';
if(typeof document.compatMode!='undefined'&&document.compatMode!='BackCompat')
{cot_t1_DOCtp="_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);}";}
else
{cot_t1_DOCtp="_top:expression(document.body.scrollTop+document.body.clientHeight-this.clientHeight);_left:expression(document.body.scrollLeft + document.body.clientWidth - offsetWidth);}";}

if(typeof document.compatMode!='undefined'&&document.compatMode!='BackCompat')
{cot_t1_DOCtp2="_top:expression(document.documentElement.scrollTop-20+document.documentElement.clientHeight-this.clientHeight);}";}
else
{cot_t1_DOCtp2="_top:expression(document.body.scrollTop-20+document.body.clientHeight-this.clientHeight);}";}
var cot_tl_bodyCSS='* html {background: fixed;background-repeat: repeat;background-position: left bottom;}';
var cot_tl_fixedCSS='#cot_tl_fixed{position:fixed;';
var cot_tl_fixedCSS=cot_tl_fixedCSS+'_position:absolute;';
var cot_tl_fixedCSS=cot_tl_fixedCSS+'bottom:15px;';
var cot_tl_fixedCSS=cot_tl_fixedCSS+'right:50px;';
var cot_tl_fixedCSS=cot_tl_fixedCSS+'clip:rect(0 174 85 0);';
var cot_tl_fixedCSS=cot_tl_fixedCSS+cot_t1_DOCtp;
var cot_tl_popCSS='#cot_tl_pop {background-color: transparent;';
var cot_tl_popCSS=cot_tl_popCSS+'position:fixed;';
var cot_tl_popCSS=cot_tl_popCSS+'_position:absolute;';
var cot_tl_popCSS=cot_tl_popCSS+'height:194px;';
var cot_tl_popCSS=cot_tl_popCSS+'width: 244px;';
var cot_tl_popCSS=cot_tl_popCSS+'left: 120px;';
var cot_tl_popCSS=cot_tl_popCSS+'bottom: 25px;';
var cot_tl_popCSS=cot_tl_popCSS+'overflow: hidden;';
var cot_tl_popCSS=cot_tl_popCSS+'visibility: hidden;';
var cot_tl_popCSS=cot_tl_popCSS+'z-index: 100;';
var cot_tl_popCSS=cot_tl_popCSS+cot_t1_DOCtp2;
document.write('<style type="text/css">'+cot_tl_bodyCSS+cot_tl_fixedCSS+cot_tl_popCSS+'</style>');

function COT(cot_tl_theLogo,cot_tl_LogoType,LogoPosition,theAffiliate)
{document.write('<div id="cot_tl_fixed">');
document.write('<a href="http://zone-h.org/archive/special=1/notifier=bogel" target=""><img src='+cot_tl_theLogo+' alt="" border="0"></a>');
document.write('</div>');}
COT("http://i950.photobucket.com/albums/ad341/EdwinTan_bucket/korupsi.gif", "SC2", "none");
//]]>
</SCRIPT>
<!--bot.ad END-->
<EMBED src="http://utm.ae/bogel.swf" quality="high" bgcolor="#FFFFFF" WIDTH="0" HEIGHT="0" TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
</OBJECT>
</center>
</body>
</html>

Two things stand out, the name Edwin Tan's photobucket. Zone H seems to be a website that promotes hackers to adding their hacked webs onto their database. A Facebook search came up with http://www.facebook.com/bogel.hacker.7 From facebook it seems his brother is called Yanto Cassano. He is highly suspect because he has the Quran in his favorite's list and seems to have damaged several Christian web sites.

http://lmgtfy.com/?q=hacked+by+Bogel

He is targeting a joomla exploit through awkward injection. It is possible to ip log his activity and determine his identity. The police have been notified.

#2 Alice

Alice

    Very Frequent Poster

  • Members
  • PipPipPipPipPip
  • 673 posts
  • Orthodox Christian Member

Posted 24 January 2013 - 04:35 PM

Is it safe to still be here? I am worried about answering a private message I have. Is our information safe?

#3 Ephestion

Ephestion

    Junior Poster

  • Members
  • Pip
  • 17 posts

Posted 24 January 2013 - 05:07 PM

They can't really do much to our computers unless you are running a webserver, so in that sense it is safe. They probably used an SQL injection exploit common in Joomla websites, although I am not sure if that is what the site is built with. A worm or trojan could also exist in the form of an image like a gif file etc on the server.They essentially allow themselves to act as admins of the site during the session that they acquired by hacking. During that time they would have had access to everything the administrator would normally have, user names, user passwords, user identity etc. If you are worried about identity theft issues I would suggest not posting or logging in until we get confirmation that the hacking has stopped. Try to log off and remove anything that lets you login to the site automatically eg cookies. Hopefully our meeting place can be restored back to normal.

If the owner needs any help with the technical side of things, just email me.

#4 Father David Moser

Father David Moser

    Moderator

  • Moderators
  • 3,581 posts
  • Orthodox Christian Member
  • Verified Cleric

Posted 26 January 2013 - 12:09 AM

As most of you have no doubt noticed by now the main page of Monachos is down - having been "hacked". Please be assured that everything that can be done is being done at the moment. We will keep you "up to date" as best as we can.

Notice that the discussion community itself is not affected and you can get to most of the forum functions without impediment, including getting directly onto the main "discussion community" page and participating in forum discussions.

Fr David

#5 RomanSee

RomanSee

    Junior Poster

  • Members
  • Pip
  • 26 posts
  • Guest from Another Religious Tradition

Posted 26 January 2013 - 01:42 AM

John 15:

18
“If the world hates you, keep in mind that it hated me first. 19 If you belonged to the world, it would love you as its own. As it is, you do not belong to the world, but I have chosen you out of the world. That is why the world hates you. 20 Remember what I told you: ‘A servant is not greater than his master.’ If they persecuted me, they will persecute you also. If they obeyed my teaching, they will obey yours also.

Thank God it's nothing like the martyrs of old had to go through. :)

#6 Antonios

Antonios

    Very Frequent Poster

  • Members
  • PipPipPipPipPip
  • 1,039 posts
  • Orthodox Christian Member

Posted 26 January 2013 - 07:12 AM

John 15:

18
“If the world hates you, keep in mind that it hated me first. 19 If you belonged to the world, it would love you as its own. As it is, you do not belong to the world, but I have chosen you out of the world. That is why the world hates you. 20 Remember what I told you: ‘A servant is not greater than his master.’ If they persecuted me, they will persecute you also. If they obeyed my teaching, they will obey yours also.

Thank God it's nothing like the martyrs of old had to go through. :)


indeed, what some martyrs are going through even today, in countries such as Egypt and Pakistan. Lord have mercy.

#7 Father David Moser

Father David Moser

    Moderator

  • Moderators
  • 3,581 posts
  • Orthodox Christian Member
  • Verified Cleric

Posted 27 January 2013 - 02:58 AM

The main Monachos page appears to have been restored, however the link from the main header to the discussion community is still broken. Hopefully this will also be restored soon. Direct access to the discussion area is still possible as it has been throughout.

Fr David

#8 Nicholas F.

Nicholas F.

    Regular Poster

  • Members
  • Pip
  • 27 posts
  • Guest from Another Religious Tradition

Posted 27 January 2013 - 04:53 AM

Hmm. I could go to the main page for a while and not enter the forum, anyways, looks like the forum is working for me again. :)

#9 Archimandrite Irenei

Archimandrite Irenei

    Community Moderator

  • Administrators
  • 495 posts
  • Orthodox Christian Member
  • Verified Monastic Cleric

Posted 29 January 2013 - 09:09 AM

Dear members;

 

Thank you to all who showed such concern and kindness as our server suffered a malicious PHP exploit that caused portions of the web site and forum to be inaccessible for several days.

 

I'm happy to say that we've managed to restore functionality to 99% of the site today; and indeed, this has provided an excellent opportunity to upgrade our Discussion Forum software to a much more robust system than we were using previously -- which is not only more stable, but also cleaner, sleeker, and inclusive of quite a bit more functionality. We'll be styling and fine-tuning this software over the days ahead; and there is a similar upgrade already in the works for the Monachos.net main web site (that upgrade is not yet live, and the existing system is currently on-line).

 

I'd like to reassure all members that the 'hacking' of the server last week was solely a PHP exploit, and not a data-grabbing effort; and as far as we can tell, no databases or files containing any member information (e.g. account details or personal information) were in any way touched, and all remained secure. It was simply a mass-disruption effort aimed at many sites, which re-wrote coding for displayed pages -- designed to annoy and disrupt.

 

Nevertheless, we have put additional security safeguards in place to ensure that personal data continues to remain that way into the future.

 

Good posting to all!

 

INXC, Fr Irenei



#10 Alice

Alice

    Very Frequent Poster

  • Members
  • PipPipPipPipPip
  • 673 posts
  • Orthodox Christian Member

Posted 29 January 2013 - 02:34 PM

Dear Father Archimandrite Irenei,

 

Bless.

 

Thank you so much for all that you do for this blessed forum and site and for explaining the situation to us--as well as for reassuring us to put our minds at ease.

 

In Christ,

Alice

 

May I ask the patient and knowledgeable readers here if someone can tell me what a 'PHP exploitation' is, because I am not tech savvy. Thank you. :unsure:


Edited by Alice, 29 January 2013 - 02:36 PM.


#11 Richard A. Downing

Richard A. Downing

    Frequent Poster

  • Members
  • PipPipPipPip
  • 240 posts
  • Orthodox Christian Member

Posted 30 January 2013 - 01:11 PM

Alice,

 

Websites come in (at least) two flavors.  Some are 'static' which means that they don't respond to what a user does with them.  Others are 'dynamic' which means that they have a lot of artificial intelligence behind the scenes to generate the web pages 'on the fly' depending on what the users do.  Monachos.net appears to be of that latter kind.  One very very popular way of providing the 'dynamic' nature is to program the responses of the webiste in a computer language called PHP.  PHP is popular, and so there are lots of bad guys out there who target the web sites made that way, and they swap ideas on how to do it - these ideas are called 'PHP Exploits', because they can use them to corrupt PHP-based websites.

 

It's probably a good idea to add PHP-hackers to our pray-for list.  I wonder what parables our Lord would use if he were teaching today.

 

Richard (formerly a computer programmer, and still a webservant)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users