Yeap I got defaced

inbetween 7am and 10am this morning the website looked like this:

shoemoney defaced

As soon as I saw it had been defaced I took the server off line (about 10am). Imaged it then had the drive reimaged with a fresh clean OS. Then I started to restore from tape backup. While restoring I went through the old logs and figured out the person got in from a phpbb2 exploit. Basically they were able to exectute code on the server as the webserver user and this also means they were able to delete files and replace files owned by the webserver user…

Now why would I run phpbb2 ? well… I was hosting for a friend =(. Its probably a good thing this happened cause I also realized I was hosting about 80 other sites for free that were for family and friends but I am responsible for keeping them updated (which of course i lapsed) so ok everyone off!

shoemoney defaced
I REALLY want to thank all the readers and friends out there who put out the ShoeSignal to notify me that my site had been defaced. I had been up all night working on some stuff and did not notice it until someone called my home number.

I had 52 emails, 16 voice mails, 13 SMS text messages from friends telling me my site had been defaced. Thank you 😉

About The Author

Comments 35

  1. SEOidiot
  2. RSnake
  3. Aaron Shear
  4. brad
  5. Nils
  6. dillsmack
  7. Aaron Shear
  8. Dave
  9. Mike Seiler
  10. Nils
  11. Tracy
  12. Eolai
  13. Mike
  14. mascix
  15. Chis
  16. arthur
  17. alek
  18. Abhishek Tripathi
  19. GeorgeB
  20. Can
  21. Kn10
  22. Hsufeng
  23. kemal
  24. sandossu
  25. Aaron Shear
  26. Jonathan
  27. ShoeMoney
  28. Fredto
  29. john
  30. wesley
  31. Zeeshan
  32. Richard Overvold
  33. Mike Mothner
  34. coop