Thread: Hacker Blackhawk, anyone know him?

Anyone else have esyndicat directories that are getting picked off by this asshole? Here is one of my unused directories annuitydirectory.net that he attacked nicely, the otherones look as if they have nasty viruses attached so I won' even list those address. Is it just me under attack here or is anyone else that uses esyndicat having the sam hacker crash their directories?

Never piss of a coder as a worker I guess!

Never heard of him, must be a nice security hole in that software! mg:

supposedly crazy x-coder of the software, a little disgruntled I guess LOL

Originally Posted by Kaos

supposedly crazy x-coder of the software, a little disgruntled I guess LOL

Not good at all, more than likely has back doors in the software for the developers. If that's the case he's not even hacking but using the software as it was intended! mg:

Who knows though, could also simply be because of his understanding of the software he's able to pick it apart, and or simply talented

Are you running a firewall? Sure it wont help but hey any protection is better than nothing.

Yeah I'm freakin thrilled! Why do people spend or better yet WASTE there time on this pointless BS. I mean he accomplished nothing but proving he could do it to a bunch of esyndicat directories. Hackers are a waste of skin and talent!

He accomplished ruining the name of the software, if I was pissed off at my former employers such as this, it's about the most damage you can do. Damage the rep of an online software.

Thats true, and now what, I (no offense), am not a fan of other directory scripts out there. Its just annoying to me, I can' login, he changed all my admin logins on the ones he was nice too, the other ones lead to a crazy virus site, with stupid music to boot on them. Those I have crashed my sites on so as not to infect others with his BS, but my virus scanner loved the quick visits LOL.
Not sure what I'll do about the others yet, have to somehow recover db info so I don't lose and reinstall for now I guess, although without the solution from the software, I will undoubtedly keep getting hit and waste my time with this. UGH! What a night.

That sucks.
Don't have backups? If you did you could simply delete the domain and recreate and then install again.

I can imagine it's gotta be a nightmare.

I'm sure it will not help as he's hitting a security hole in the script itself but I believe you run a VPS with WHM correct?

http://www.configserver.com/cp/csf.html

Easy to setup firewall

He must be pathetic to spend his time... wasting his time... sorry to hear Kim.

Ok I am way over-editing this post...

Is anything else touched on your server....other scripts ....other passwords?

No he only attacked the scripts apparently, no other site of mine has been effected luckily, nor my server compromised. Just annoying to have to rebuild these directories that I want nothing to do with anyway. I only let them mature to eventually sell, I want out of the directory business, too much time involved with them and it just isn't a priority for me anymore, but I can't leave up virus sites or corrupted directories either, thats not fair to those that paid for top listings etc. What a boring day it will be redoing all the directories, luckily I only have 5 left to do

Well hopefully it won't take too long.

I was just about to point you to the esyndicat forum where there is a thread about hacked directories... but I see you have beaten me to it!

Thanks for your help, its nice to know you tried to help. Yeah, I've seen their threads but they don't seem to have a real solution as this guy continues to find the holes in the script. But my main ones have been reinstalled atleast for now, hopefully it won't just be rehacked but I worry it will

See if your host can do something.
I had an ongoing problem with someone adding iframes to all my sites, the ones with index pages that were html.
My host did something to stop that.

Problem is the 'hacker' is getting through the script not actually into the server as it would appear. Not much the host could do more than likely besides removing the script.

The guy could even have a bot doing it automatically! mg:

A firewall more than likely will not help but still again recommend installing one asap.

I am running a scan on my server though just to be safe, it has come up with 7 possible trojans on it, not sure how I should know if they are real or not but thank god for CS :-) Yeah Dawg, like Grim said though, this dufus is invading through the script though not my server luckily. I'm just now getting overly cautious about everything. I am sick of getting attacked, this is like my 4th hack job of different sites in the past couple of months. I find it so annoying to keep cleaning up this crap.

Yeah that scan on WHM is pretty much worthless, it finds 'possible trojans' on a fresh install.

If the script has holes then its a fair bet that he will have been making strange page requests via GET and/or POST. You could try checking your logs for anything odd. If you manage to track down the page, you can then track down the files used and search them for dodgy code.

Might be worth a go

Originally Posted by Mark

If the script has holes then its a fair bet that he will have been making strange page requests via GET and/or POST. You could try checking your logs for anything odd. If you manage to track down the page, you can then track down the files used and search them for dodgy code.

Might be worth a go

Why I keep recommending a firewall, and if you do not already have it modsecurity.

Some of these instances can be blocked as the firewall/modsecurity blocks common exploits.

Originally Posted by Grim

Yeah that scan on WHM is pretty much worthless, it finds 'possible trojans' on a fresh install.

Grim's right, I found that out after making an idiot of myself with tech support. OMG I have trojan? Fix it Fix it, now! The techs must of had a good laugh over that. :sick:

--
Sorry to hear about your trouble Kim, I'd port over to another directory script.