Tilted Forum Project Discussion Community

- Tilted Technology (https://thetfp.com/tfp/tilted-technology/)

- - My site was hacked (https://thetfp.com/tfp/tilted-technology/104082-my-site-hacked.html)

My site was hacked

Apparently someone got into my gallery script, and used it to commit credit card fraud.. don't ask me how, I have no idea how that even works.. but I got an email from ebay saying this was taking place and that I should take action right away..

Well anyway as of yet this only means I loose my gallery and my site aswell as all sites hosted by the server are down untill tomorrow.

Hopefully this wont develop into anything bigger :mad:

Sorry to hear that. Is this your ebay store that got hacked? You would think that ebay would have better security but then again, nothing is 100% effective......

Do you have any evidence of it apart from the email from eBay? If not, are you sure that email isn't phishing?

Please verify that it is eBay - you might be getting phished!!!!!

When I back from the movies today friend Bastiaan, who hosts my site, dropped a message on my msn, saying my site got hacked, and the server has been taken down because of it.

This happened to me a couple of years ago - I had noticed a sudden *massive* increase in hits, all from a website that didn't seem to link to mine - I figured it was some kid trying to boost his site-status by doing lots of referral spamming and so didn't give it much thought. Then, months and months later, I tried to get onto my site and it was down - I called the provider who accused me of phishing and said that due to misuse, they'd taken my site down at the request of the police and their various policies.

I don't know what happened, but I guess that the massive load of hits was some automated crack attempt, trying to break into the portion of my site that ran scripts, once a password with rights was found, they loaded up a fake banking site, and then had a bunch of spam sent out, asking people to fill in their credit card details - you know, the usual scheme.

Anyway, the moral of the story is, I guess, if you have access, or are responsible for a site that is open to the internet, make sure that any usernames and passwords are strongly secure - mixes of letters, numbers and 'other' characters. It took about 3-4 months for them to break my password on my site - but it was a simple one - with properly secure password, it could take years and years.

With a real proper password they won't be able to crack it for hundreds of years. :)

That's an absolutely ridiculous assumption. Fifteen digit alphanumeric randomized passwords nonwithstanding, there are hundreds of exploits for common web software that don't involve brute-force hacking of a password at all.

Just because you have a good password doesn't make you immune for "hundreds of years."

So then, what do you recommend?

Jinn, yotta: Two words: Rainbow Tables.

MikeSty: Make your password a combination of lower, uppercase letters, punctuation and numerals. You can only go so far, but the longer the password, the better.

Not to mention log in attempts by IP address.
Still isn't fool proof but will slow the process.

Amen trache ;)

Yotta:

Quote:

charset [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+= ]
keyspace 915358891407 (2^39.7)
table size 24 GB
success probability 0.99909
This table set is capable of cracking windows password(up to 14 characters) of charset "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()-_+= " in a few minutes, with the success rate 99.91%.