spoken for

hmmm… what?

 

More Grr. Arg.

December 2nd, 2005
 

It’s now 2.42am. Thank you, you @#$%^& for hacking Sheila’s website. Thank you for making me take more time out of my night to fix your idiocy. Thank you for making my Norton Internet Security 2006 accidentally block me from my whole server. Thank you, you @#$%^&. I hate you. Idiot hackers.

So, yes, Sheila, contact me for your new password to, like, everything concerning your site. Not that you’ve updated in over a month anyway… ;-)

Sometimes I hate doing this “webhosting stuff.” :|

 
Posted in How to tick me off, tagged: , , , , ,
Leave a reply
 

6 Responses to “More Grr. Arg.”

  1. Azurae · (subscriber)
    December 2nd, 2005 at 3.07 am
     

    :( A quote from a forum I read and will never forget:

    “I wish you could stab over the internet.”

    Hackers are sucky.

  2. Christine
    December 2nd, 2005 at 9.32 am
     

    LMAO @ that quote!

    That’s happened to a couple of my sites lately. I contacted Site5 and they said it was because a php script I was running wasn’t up to date or something. :/

  3. owen · (subscriber)
    December 2nd, 2005 at 10.08 am
     

    Wow, cool (in a perspective-induced sense relating to it having nothing to do with me). How’d they get in?

  4. Val
    December 2nd, 2005 at 11.47 am
     

    She was only running WordPress 1.5, so…. ????

    I don’t know enough about this, but here’s what the log says:

    ___ - - [02/Dec/2005:01:48:39 -0500] “GET /wp-rss2.php HTTP/1.1″ 200 9227 “-” “Mozilla/5.0 (Sage)”
    220.231.66.27 - - [02/Dec/2005:02:17:41 -0500] “GET /images/bom.php HTTP/1.1″ 200 1040 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5″
    220.231.66.27 - - [02/Dec/2005:02:17:45 -0500] “GET /images/ HTTP/1.1″ 200 1021 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5″
    220.231.66.27 - - [02/Dec/2005:02:17:47 -0500] “GET /icons/blank.gif HTTP/1.1″ 200 148 “http://younwhagirl.com/images/” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5″
    220.231.66.27 - - [02/Dec/2005:02:17:48 -0500] “GET /icons/back.gif HTTP/1.1″ 200 216 “http://younwhagirl.com/images/” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5″
    220.231.66.27 - - [02/Dec/2005:02:17:48 -0500] “GET /icons/unknown.gif HTTP/1.1″ 200 245 “http://younwhagirl.com/images/” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5″
    220.231.66.27 - - [02/Dec/2005:02:17:49 -0500] “GET /icons/text.gif HTTP/1.1″ 200 229 “http://younwhagirl.com/images/” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5″
    220.231.66.27 - - [02/Dec/2005:02:17:50 -0500] “GET /images/email.txt HTTP/1.1″ 200 1594 “http://younwhagirl.com/images/” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5″
    220.231.66.27 - - [02/Dec/2005:02:17:53 -0500] “GET /images/emailer.php HTTP/1.1″ 200 4735 “http://younwhagirl.com/images/” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5″
    220.231.66.27 - - [02/Dec/2005:02:19:55 -0500] “POST /images/emailer.php HTTP/1.1″ 200 4742 “http://younwhagirl.com/images/emailer.php” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5″
    220.231.66.27 - - [02/Dec/2005:02:20:11 -0500] “GET /images/ HTTP/1.1″ 200 1021 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5″
    220.231.66.27 - - [02/Dec/2005:02:21:25 -0500] “GET /images/bom2.php HTTP/1.1″ 200 1442 “http://younwhagirl.com/images/” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5″
    220.231.66.27 - - [02/Dec/2005:02:23:38 -0500] “POST /images/bom2.php HTTP/1.1″ 200 1442 “http://younwhagirl.com/images/bom2.php” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5″
    220.231.66.27 - - [02/Dec/2005:02:24:18 -0500] “POST /images/bom2.php HTTP/1.1″ 200 1442 “http://younwhagirl.com/images/bom2.php” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5″
    _____ - - [02/Dec/2005:02:36:13 -0500] “GET / HTTP/1.1″ 200 207 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7″

    the ___… is me. I apparently loaded Sage about the same time, then when I got down to her site, I caught it about a half an hour after the hacker, 220…, started making requests. I don’t get the icons folder though, that was never up there. But they had:

    public_html
    > > banner.jpg
    > > des.jpg
    > > destroyer_hcv.html
    > > index.html
    > > cgi-bin
    > > > > cgitelnet.pl
    > > images
    > > > > bom.php
    > > > > bom2.php
    > > > > email.txt
    > > > > emailer.php
    > > wp-images
    > > > > cc99.php
    > > > > des (no extension)

    “des” is the file I was trying to download via ftp (I have all the rest of these files) when my Norton freaked out leading to the blockage of my sites’ IP address.

  5. Val
    December 2nd, 2005 at 11.50 am
     

    Oh, so she is now running WordPress 1.5.1.3. Man, this sucks having to upgrade everyone’s sites.

  6. spoken for: a love divine » I’m dreaming of a white Christmas
    December 9th, 2005 at 12.41 am
     

    [...] Remember when Sheila was hacked on Dec. 1st? Well apparently the same guy that did that, also got into my Super Administrator account at stegenevieve.net on Dec. 3rd. I didn’t notice it until today, the 8th, when I saw the forum post he left: [...]

Leave a Reply