Comments on: The Texas Rainmaker site has been hacked

By: Phil

Phil — Wed, 22 Nov 2006 07:05:59 +0000

Hi ST

Would you mind removing the comment by the link below.
http://sistertoldjah.com/archives/2006/11/21/the-texas-rainmaker-site-has-been-hacked/#comment-596683

Thanks ST

By: Phil

Phil — Wed, 22 Nov 2006 07:03:39 +0000

Jason, Yes I would say what they did was childs play compared to professional hackers, I know all about the chmod command. It’s a unix version of DOS’s old ATTRIB command. In DOS the command to do that would have been ATTRIB +R wp-config.php which sets the file to read only and does not allow it to be written to, in unix there are combinations where like you said can be allowed to be written to by system administrators but not by users.

Anyone with a third grade level knowledge of how system files are set could have done that.

By: Phil

Phil — Wed, 22 Nov 2006 07:03:17 +0000

Anyone with a thrird grade level knowledge of how system files are set could have done that.

By: TexasRainmaker

TexasRainmaker — Wed, 22 Nov 2006 03:02:42 +0000

Thanks, ST, for posting the warning. The site is back up (with my response to those who did it). It was very amateur and unfortunately, very preventable.

For those using Wordpress, here’s the issue (and the fix): It appears that my wp-config.php file was overwritten the script hackers. It appears that the permissions set on the wp-config.php file were set to “chmod 666″, which makes that file writeable. PHP files should be set to “chmod 644″ so that they are not writeable by the public.

Again, thanks for posting the warning as I couldn’t reach out to visitors while the site was down.

Well, it’s back up and clean as a whistle.

By: Phil

Phil — Wed, 22 Nov 2006 01:05:36 +0000

Hey ST that is good news that Jason’s site is back up and running. It probably wasn’t too bad, you know you and the other bloggers should always keep your information backed up on your own hard drives in case of a situation like that so that you can restore it easily.

By: Sister Toldjah

Sister Toldjah — Tue, 21 Nov 2006 22:58:48 +0000

No worries, Phil – I’m steering clear.

By: Night Rider

Night Rider — Tue, 21 Nov 2006 21:57:35 +0000

Just be careful and warn as many as possible not to go to his site until he has given you the go ahead.

By: Phil

Phil — Tue, 21 Nov 2006 21:41:18 +0000

ST, Stix is basically correct, meaning that if it’s an older virus, the Anti-Virus program might catch it, how ever if it’s a fresh newly written virus, the Anti-Virus program will not stop it, in which case those who Write Anti-Virus programs will have to see the strain of that virus first in order to combat that virus, to write code to destroy it or keep it from launching it’s nastyness on everyone else.

Still best bet is not to go near his site and let him deal with it, he will write you I’m sure when he gets it fixed.

By: Sister Toldjah

Sister Toldjah — Tue, 21 Nov 2006 21:37:06 +0000

Thanks for the info, guys.

By: Phil

Phil — Tue, 21 Nov 2006 21:32:44 +0000

ST, how that works is that when you load a page into ram, then that is where the virus can litterally be written to right either a hard file to the hard drive or a litteral file to the hard drive. A hard file is one that is encoded directly to the hard drive but doesn’t show up as a file. It is all in code like what the ( FAT ) table looks like. The FAT stands for File Allocation Table which is a code on your hard drive. That takes a lot of brillant coding to do that, and the other is the litteral file which looks just like any other kind of file but may be set with the hidden and system attributes so that you wouldn’t see it. Sort of how the MSDOS.SYS and the other file systems files that do not appear. To a normal directory listing. A litteral file writing to the hard drive doesn’t require as much brilliants to do that, but can be just as severe.

Multitude of Viruses can be either triggered to do severe damage to the hard ware of the system, ie.. Like the one back in the early 90’s that was called the Disk-killer which litterally dragged the hard drive heads accross the platters of the hard drive to nothing more than a hinderance or nusience.

Most of the time viruses can be delivered by going to a site because your system first puts all contents of that site into “RAM” and from there it can do what it was programed to do. I had a friend of mine who had a older computer system he used to run viruses on just to see what it did to the computer. So I had learned a lot about how viruses can effect a computer from him. Most anoyance type virsues can do what is called multiply, meaning that either you will get coppies of that viruse file all over your hard drive or it can be programmed to be sent out to all your friends via email by watching for outgoing mime/smtp transmisions and it will attach itself by encoding directly in your email message to all the ones in your mail box.

The word embeded all that means is that the raw code of the virus is embeded in the code of the site, for example, take and view a email in it’s raw format with either notepad or another text editor and you will see all kinds of strings of code in there and that is called mime encoding, now there is encoding in HTML XML and all the rest of the basic HTML format.

Also the embeding of the code of the virus does not have to follow with the code of the HTML for example it can be not in order, you might find the end of it towards the beginning of the HTML and the end of it some where in the middle.

Trust me better not go to the site to be safe.

By: Stix

Stix — Tue, 21 Nov 2006 21:07:31 +0000

It is embedded in the code on the web site. And when someone visits it it downlaods it automatically to the visiting computer. If you have a good anti-virus and firewall, it should catch it and not really do harm. I would run a virus scan with your anti-virus just to be on the safe side.