Today I was working diligently on one of my five websites that I've just setup. I'm still in the works of getting them all on my own server for my own support and making sure the site's are properly monitored. I just happened to want to get some information off of one of my websites, and i saw this really, really odd image in the place of my index page:
So I frantically contacted my assistant administrator and we started working on it right then. Turns out I caught the guy right in the middle of his attack. Another one of my friend came online and I asked him to help as well, he's a security professional who works very well in attacks. Another friend came online (all of this is in MSN btw) who is good with virus attacks and such, as well as website security. So here we are, a team of four Computer technicians working against what seems to be just one hacker to me.
I contacted my host site immediately, demanding them to turn off the servers, just to stop the guy (he was right in the middle of writing a shell to exploit our our other sites). He swiftly degraded our site's mybb version to an older version so that he would have other exploits to use.
I had one thing he didn't have, cpanel access. I promptly got into the sql database and started messing with his multiple accounts he was creating until i also denied access in the .htaccess file files to everyone but our ip addresses. The attacks stopped. The message DIDN'T go out.
This hacker has attacked over 8,000 different websites. There's even a news story on him here:
http://www.p2pnet.net/story/23929
and here's a list of all of his posted attacks:
http://zone-h.org/archive/defacer=NobodyCoder
There's one thing I forgot to mention. This guy's not too bright. He didn't cover his tracks and left himself wide open. He left his REAL ip addess in my sql database, which is listed in a comment I made in the news article above. His attack was fruitless, compeltely scripted, and to me an utter disgrace to see something like this. Yes, he got into my site, with scripts. He doesn't know how to hack. He just scripts his stuff, so when something happens, he doesn't know how to defend against it. We stopped his attack, took all of our sites on that server offline from public access, recorded all of his information.
I am more than willing to assist anyone out there who wishes to press charges on this attack or others like them. If you feel that you have been attacked by this hacker or his group, please contact me as soon as you can at the following email address (note that this is an official government email address, anything you send to this account will be scanned and is being monitored, so don't send anything you don't want monitored):
shawn.wrightatfe.navy.mil (note: edited to stop spambot harvesters, replace the at - Admin) -ThanksI appreciate the protection.
If you have any information at all on this attacker please provide it either in this thread or to the email above. The more we get on this guy the more we have as a case.
Thank you for your time.
meka Spam post ekak kiyala namm kiyana epaa
dain lanka veth web ehma hack karla thiyanwa..
mang danaa katiyageth web ehma hack karla thiyanwa..
meka thmi hacker gey mail id eka [email protected]
api ta dain elakiri ekath nathi karganda baha..
katiya mokada kiyaney.. elakiri ekath spam post mrng ehma balana kota pririlaa..
dain lanka veth web ehma hack karla thiyanwa..
mang danaa katiyageth web ehma hack karla thiyanwa..
meka thmi hacker gey mail id eka [email protected]
api ta dain elakiri ekath nathi karganda baha..
katiya mokada kiyaney.. elakiri ekath spam post mrng ehma balana kota pririlaa..
