Thinkpad forum website hijacked???

[daeojkim]

Thinkpad pad website hijacked??
When I came to this website I kept getting redirected to a website something about owned by SHOCK... I had to quickly click on one of the forums before I get redirected.

am I the only one experiencing this?

[gruen]

That has got to be the lamest hacker ever:

1: the name sucks (leet script kiddie)
2: comon! have you seen bill's site? (sorry bill, it's clear you don't do know how to web code ) it's clear security wasn't on his mind
3: wow... point your clever hack to a domain.. that way no one will have any record of your misdeed.
4: shock, your name, your website, and your hack is lame. why did you even bother? it's a freaking forum, no one cares, and your hack is easily thwarted with some careful clicking and redirection policies. why don't you make use of your life and direct it to something more important; be constructive! I hear issuing DDOS attacks on spammer websites is in now, why don't you go be a hero as opposed to a tool.

Regards

[Moroner]

There has been a XSS exploit for phpBB, which is fixed in the latest version (see http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240636). Shame that it needed this idiot to bring it to our attention.

[mattfromomaha]

I was wondering what happened this morning.

It's amazing that in today's busy and fast-paced world there's someone out there with so little going on in his/her life that he can sit around and hack a bulletin board of all things.

Maybe when the hacker turns 16 he'll discover girls and find something more constructive to do...

[MichaelMeier]

..

[BillMorrow]

here is the info i could get on the hacker, so far:
******************BEGIN*****************
Registrant:
changeme changeme
changeme
changeme, Alabama 74562
United States

Registered through: domainspot.org
Domain Name: SUBLIMINAL-SHOCK.COM
Created on: 11-Apr-03
Expires on: 11-Apr-06
Last Updated on: 07-Nov-04

Administrative Contact:
changeme, changeme hate_com@hotmail.com
changeme
changeme, Alabama 74562
United States
(342) 234-3341
Technical Contact:
changeme, changeme hate_com@hotmail.com
changeme
changeme, Alabama 74562
United States
(342) 234-3341

Domain servers in listed order:
NS1.VB-TECH-HOSTING.COM
NS2.VB-TECH-HOSTING.COM


Registrant:
yahoo-assault

616 hoosick rd.
troy, New York 12180
United States

Registered through: GoDaddy.com (http://www.godaddy.com)
Domain Name: VB-TECH-HOSTING.COM
Created on: 12-Sep-04
Expires on: 12-Sep-05
Last Updated on: 06-Nov-04

Administrative Contact:
effenberger, Robert invisible@phreaker.net
yahoo-assault
616 hoosick rd.
troy, New York 12180
United States
7143302392
Technical Contact:
effenberger, Robert invisible@phreaker.net
yahoo-assault
616 hoosick rd.
troy, New York 12180
United States
7143302392

Domain servers in listed order:
NS1.VB-TECH-HOSTING.COM
NS2.VB-TECH-HOSTING.COM
******************END*******************

more time spent on this would be as big a waste as peeing into the wind..

[Deb Suran]

Here's a little more information, in case you do want to try and follow up with some complaints. A trace shows the final destination for VB-TECH-HOSTING.COM (also yahoo-assault.org) to be dimenoc.com (64.132.144.20), with the immediate upstream alter.net.

traceroute to VB-TECH-HOSTING.COM (64.132.144.20), 30 hops max, 40 byte packets
1 FastEthernet6-0.civ-service1.Canberra.telstra.net (203.50.1.65) 0.37 ms 0.19 ms 0.255 ms
2 GigabitEthernet3-0.civ-core2.Canberra.telstra.net (203.50.10.129) 0.733 ms 0.848 ms 0.746 ms
3 GigabitEthernet2-2.dkn-core1.Canberra.telstra.net (203.50.6.126) 1.022 ms 0.973 ms 0.908 ms
4 Pos4-0.ken-core4.Sydney.telstra.net (203.50.6.121) 5.118 ms 5.002 ms 4.995 ms
5 10GigabitEthernet3-0.pad-core4.Sydney.telstra.net (203.50.6.86) 5.406 ms 16.536 ms 5.018 ms
6 GigabitEthernet2-2.syd-core01.Sydney.net.reach.com (203.50.13.38) 5.758 ms 5.605 ms 5.455 ms
7 i-6-2.wil-core02.net.reach.com (202.84.249.69) 162.105 ms 162.098 ms 162.286 ms
8 202.84.251.166 (202.84.251.166) 162.341 ms 162.36 ms 162.275 ms
9 POS1-0.GW2.LAX15.ALTER.NET (157.130.247.157) 153.091 ms 153.374 ms 153.608 ms
10 0.so-3-0-0.CL2.LAX15.ALTER.NET (152.63.117.86) 153.435 ms 153.575 ms 153.508 ms
11 0.so-7-0-0.TL2.LAX2.ALTER.NET (152.63.2.82) 153.674 ms 153.851 ms 153.77 ms
12 0.so-0-0-0.TL2.ATL1.ALTER.NET (152.63.101.58) 220.272 ms 220.404 ms 220.274 ms
13 0.so-5-0-0.CL2.ORL1.ALTER.NET (152.63.80.81) 222.353 ms 222.296 ms 222.217 ms
14 244.ATM6-0.GW5.ORL1.ALTER.NET (152.63.80.109) 236.272 ms 236.276 ms 236.348 ms
15 hostdime-orl-gw.customer.alter.net (157.130.65.122) 231.653 ms 231.708 ms 231.732 ms
16 64-132-144-20.dimenoc.com (64.132.144.20) 237.417 ms 237.328 ms 237.442 ms

Domain ID:D93498725-LROR
Domain Name:YAHOO-ASSAULT.ORG
Created On:29-Dec-2002 11:07:11 UTC
Last Updated On:30-Nov-2004 05:57:57 UTC
Expiration Date:29-Dec-2005 11:07:11 UTC
Sponsoring Registrar:Tucows Inc. (R11-LROR)
Status:OK
Registrant ID:tujutqiM10mf1SbD
Registrant Name:Fiore & Mark DiPietro & Greenlaw
Registrant Organization:Individual
Registrant Street1:24 Martins Drive
Registrant Street2:
Registrant Street3:
Registrant City:Madison
Registrant State/Province:Maine
Registrant Postal Code:04950
Registrant Country:US
Registrant Phone:+1.2073426996
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:mark.greenlaw@verizon.net
Admin ID:tujutqiM10mf1SbD
Admin Name:Fiore & Mark DiPietro & Greenlaw
Admin Organization:Individual
Admin Street1:24 Martins Drive
Admin Street2:
Admin Street3:
Admin City:Madison
Admin State/Province:Maine
Admin Postal Code:04950
Admin Country:US
Admin Phone:+1.2073426996
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:mark.greenlaw@verizon.net
Tech ID:tujL2Dr47YzkzJgv
Tech Name:NOC (Network Operations Center)
Tech Organization:Servage ApS (DK3.com)
Tech Street1:Oestergade 22
Tech Street2:
Tech Street3:
Tech City:Vejen
Tech State/Province:DK
Tech Postal Code:6600
Tech Country:DK
Tech Phone:+45.75367921
Tech Phone Ext.:
Tech FAX:+45.75366924
Tech FAX Ext.:
Tech Email:noc@servage.com
Name Server:NS1.SERVAGE.DK
Name Server:NS2.SERVAGE.DK

[BillMorrow]

i went to www.dimenoc.com and found a form for reporting abuse..!

anyone think it is a valid web site for reporting abuse..?

[whizkid]

Hey, isnt' THIS something...

www.subliminal-shock.com now shows just a "Coming Soon" page. Absolutely fascinating.

[k3vb0t]

Now says Account Suspended... and the plot thickens!

[whizkid]

WHOIS information has been updated:

Registrant:
jason herchuck
127 sawmill rd
springfield, Massachusetts 01118
United States

Registered through: domainspot.org
Domain Name: SUBLIMINAL-SHOCK.COM
Created on: 11-Apr-03
Expires on: 11-Apr-06
Last Updated on: 03-Dec-04

Administrative Contact:
herchuck, jason hate_com@hotmail.com
127 sawmill rd
springfield, Massachusetts 01118
United States
4137838915 Fax --
Technical Contact:
herchuck, jason hate_com@hotmail.com
127 sawmill rd
springfield, Massachusetts 01118
United States
4137838915 Fax --

[selvan777]

Looks like an up and coming hacker. I guess everyone, losers included, must start somewhere...

[doylnea]

There has been a XSS exploit for phpBB, which is fixed in the latest version (see http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240636). Shame that it needed this idiot to bring it to our attention.

I emailed Bill about the exploit a couple days prior to the hack, but it takes time to get the exploit changed over, if you haven't implemented phpBB.

[BillMorrow]

the server owner was informed but did not act quickly enough..
so the hole was used to hack the bbs..
but he acted fast once we WERE hacked..

[doylnea]

the server owner was informed but did not act quickly enough..
so the hole was used to hack the bbs..
but he acted fast once we WERE hacked..

It's always like that isn't it?

You: "Could you patch my bbs to the latest version to avoid this exploit?"
Him: "Sure I'll get to it"
You: "Um, Houston, we have a problem. My bbs has been hacked."
Him: "Taken care of, sorry for the delay. Hope you had a backup of that forum."
You: "Gee, thanks for your expeditious help."

or something like that.