DNS Hijacked :(

[Ghost]

Yes, that's what they did Deathstarr. I got to provide a lot of information, but I will most likely get the account back.
If I do not I am prepared to do the following...
Just so you know, I come from a very wealthy family. One of the domains on my account belongs to a nonprofit organization (backed financially quite well too), and Purp has personally pissed me off.

I will be contacting an agency, the police, and a lawyer. I WILL be taking this to court if needed, getting my domains back, and treating this theft the same way robbing the Apple store for a new iPhone would be treated.

 

[Deathstarr]

I believe once you get the account back move and check your files and chmod all files to the correct chmod. Also if you used an auto-installer check all of those files.

He said He used a SQL injection to get to your domains. So I am confused on what he really did.

 

[Dean]

My assumption would be he used a mysql injection to retrieve the admin password..and got lucky and used the same password for all other accounts?

 

[Deathstarr]

If that is the case then its bad admining.

 

[Ghost]

I have used variants of my passwords, but not the same.
For example if a password is:
password3
then id do:
password3
password3popular5
password3ectasy6

kinda like that.
However, the Admin CP password was nothing like the admin pws for GF and GP.
The password to the email address associated may have been similar, but I have not used it in years so I'm not sure.

 

[Deathstarr]

Since you were running MYBB when was the last time you updated the software, because up to this point there was not any known sql injections at this time.

 

[Gio]

Since you were running MYBB when was the last time you updated the software, because up to this point there was not any known sql injections at this time.

Good point! Always make sure you update your software.

 

[Geoffrey]

Guess this is going around.

Odd how both of our promotion topics on this forum were sponsor'd/pinned in the same sub forum and we both get the same hacking. lol.

I just contacted Namecheap's risk management department, gave them a picture of my state issued driver's license, screenshot of my paypal information that shows I bought the domain and another domain I've bought with them and they change my name servers back and gave me control of the domain again. I don't know who you're registered with, but I'd say you can probably do something similar.

I've still yet to do it with godaddy, cba to bother with it atm

 

[CyberFreak]

Since you were running MYBB when was the last time you updated the software, because up to this point there was not any known sql injections at this time.

Good point! Always make sure you update your software.

Also think about plugins aswell. The more plugins you have installed, the more chance there is of introducing security issues. Some people go crazy and install loads just because it is easy to do and do it just because they can.

 

[Fergal]

My mistake, it is 000webhost.com

I've corrected earlier posts in this thread to ensure that the wrong host is not associated with this, thanks for the clarification.

 

[Ghost]

Thanks Fergal. 000webhost.com has done nothing wrong as all they've done is host a member. I'm sure they do not support hacking and hopefully they will remove the deface page from their server.

I had yet to update phpBb and mybb WAS updated. I believe it was a plugin.
I have contacted my host and will send a state id and cc information when I get ahold of it. (not at home atm)

 

[master412160]

The best way to hurt this hacker is to get his host to shut down his forum.

His host is Hawk Host. So you should send all evidence you got and hopefully Hawk Host will do the right thing.

The owner of that .us gaming forum should learn actions have consequences.

 

[Ghost]

I've already reported him for using false whois information. I will be doing this the legal way, and if taking down his site is what needs to be done then I will legally do that; like you suggested.

Right now I am hoping he will be reasonable. I will get the account back pretty soon, but I'd rather not have to submit a ticket; send info/scan of ID/etc.

 

[Geoffrey]

Is purp banned from this board? I'd feel a heck of a lot safer if he was.

 

[CyberFreak]

He was permanently banned last week for reasons unrelated to this.

 

[Ghost]

Purp is refusing to cooperate at the moment. If anybody has any ideas to get the account back that'd be great. I can get it in due time, but it's annoying to have to submit all this info to my host in order to do that.

You can see that at generalforum.org it now redirects directly to his site.
I will be doing this the legal way.
However, if some homies and some peeps want to disrupt his natural flow of online browsing...I wouldn't be upset 😉 Though I don't condone it!

 

[Geoffrey]

He was permanently banned last week for reasons unrelated to this.

Interesting. I wonder if he is angry and retaliating against sites advertised here then? Wouldn't surprise me tbh.

Ghost: Just do this through your domain registrar. It doesn't take too long to prove to them you own the domain, assuming they respond quickly that is.

 

[NaXuh]

I would contact his host ASAP and hand over all evidence. Show that he is redirecting that site. The fastest way to make him cooperate is to hit him where it counts - his beloved forum.

 

[master412160]

That sucks he doesn't cooperate.

What do you mean with: "distrupt his natural flow of browsing"?

You mean that someone DDOS his provider?

 

[Ghost]

I mean if someone were to take down his site, screw with his site, I wouldn't really care. I'm not going to do it though.

My host is cooperative and can give me my account back, but I need to get files that are literally on the other side of the country. My parents are getting them, but it is annoying as I dislike the fact that right now my sites are defaced instead of up and running.