My site has been hacked!

[carbonize]

The odds on e ahack taking the time to run a password cracker against a sites ftp is slim unless you deal with credit card transactions or have upset them. For one you need to know the account name to be testing passwords against.

The usual way a site gets defaced is an insecure HTTP or FTP server. The most common exploits being malformed URLs such as http://www.domain.com/cgi-bin/../../...%20/etc/passwd. Once agains I will say that I don't think the problem here was that they got their site hacked as hackers rarely delete a site instead they just deface it by altering the index page.

carju1 if you ever want to look up a sites details use www.samspade.org which is a collection of tools such as whois look up, ip trace, and safe browser which just retrieves and displays a sites HTML.

A quick look at the details of disneywebdesign.com shows me that the domain was registered by WILD WEST DOMAINS, INC. who registered it through VoxDomains.com. I think the problem was confusion. What I think happened was that they resitered the domain and then uploaded their site to their web space. They then checked the domain and saw nothing, this would of been because the domain registration hadn't gone through yet or was in the process of going through. They state that their site was there but not at the URL they expected it to be at, this I assume means that it wasn't at www.disneywebdesign.com but was at the direct url supplied to them by their host. As anybody who uses a shared server knows you are given a direct url such as http://server.hostsdomain.com/username and this would of been the url they found their site at.

I believe that this was not spam but was just a misunderstanding on how the internet and hosting works and a plea for help.Some people owe this person an apology.

[ldyguique]

samspade.org has been down more than it's been up lately (it's been running either extremely slowly or doesn't pull in at all over the past few months) --

another good site = www.dnsstuff.com, which also lets one do ping/tracerts and find out if something is blacklisted, etc.

____

a good site to use for ftp-ing small files or checking directories -- deleting directories with contents is: www.net2ftp.com. It also has a download for uploading and installing onto a website in cgi-bin.

www.net2ftp.com also a good method of doublechecking logging in issues when an html editor program is just not connecting to the server -- it can be hard to isolate whether or not it's a settings issue, ftp server with the host, and/or a linksys router causing grief -- using a web-based or http accessed ftp does an end-run around those issues. Also, a good site if one is at a customer's machine or location and they don't have an ftp program installed (however, the allowable file size is limited).

[minstrel]

Also, for those who came later to this thread, when it was originally posted, the URL was NOT going to any kind of 404 page - it was displaying a "this domain is for sale" page. That's quite a bit different and at the time suggested that the poster may have been trying to interest people in buying that domain name or othes that the page offered.

Some hours later, the URL directed to something different but of course the initial posts in the thread were aimed at the circumstances that existed earlier in the day/night.

Some of you see them some of you don't but there is a lot of SPAM, porn and other unsuitable posts on WPW most days and the MODs do our best to remove the obvious ones

The responses for this one ran from SPAM to ? to OK even to 'I will be a little stupid but I have to ask. What do you get out of posting something that is untrue and did not happen?'

Matuari may be correct 'Has anyone thought that maybe this could be his problem? Inexperience.'

could it be "Inexperienced SPAM" ?


or the ultimate in "SPAM in sheep's clothing"?


whatever it is, someone out there reading this has learned a brand new spam-trick

funny beings, us humans...


DAREN
http://WebPageTurner.com

ps

b) However, if only one website is hacked on a Host's server, it's likely "allowed" or the weakness is usually due to the password being too simple. Hackers run algorithms that can eventually get to anyone's password, but using real words or words that are part of the domain name or the whois user's info is generally the case.

ldyguique hit the nail on the head here in terms of Hacking in general;
my design career began making web sites for bands all over south florida as there is a huge music scene down here; defacing sites is the #1 idiotic pastime for "bands battling for their own turf" and i have had sites hacked repeatly becasue i didn't use C compliant passwords back then....

i think i read somewhere that it's estimated that over 70% of private domain passwords are either someone's birthday or someone's maiden name....etc...

[cyanide]

Well judging by the astonishing number of juvenile spelling errors on his disney site, which are quite similar to his old autolinks site, I'd say the kid isn't any older than 15.

Looks to me he's gone way over his head at the moment and needs a hand of sorts.

I think this thread has gotten a little out of control. Best wait for his response and a clearer explanation.

[minstrel]

But a hand doing what? Although I think you're right - the picture has become more muddied rather than clearer, and it would be nice to get more information from autolink himself/herself. I don't know that more speculation pro or con is likely to help...

Post #3 (and my post #1) in this thread (see previous page):

if we've misjudged you, autolink, I apologize

[carbonize]

OK how about this, we give autolink x amount of time to post a response otherwise the mods either delete this thread or just remove all occurences of the link in question.

[rocky1]

One must never sleep anymore, you miss to much fun at WPW!

Great suggestion Carbonize, I'll second that motion. Because..........

1.) If we're wrong it doesn't look good at all, and...
2.) If it is spam, we've done autolink's job 100 fold in the course of this discussion.

Also, for those who came later to this thread, when it was originally posted, the URL was NOT going to any kind of 404 page - it was displaying a "this domain is for sale" page. That's quite a bit different and at the time suggested that the poster may have been trying to interest people in buying that domain name or othes that the page offered.

Some hours later, the URL directed to something different but of course the initial posts in the thread were aimed at the circumstances that existed earlier in the day/night.

I'd like to reiterate the above comments on Minstrel's part. The issues at play in initial comments made in this thread, were based upon a completely different set of circumstance and fact than what we now have at the links in question.

Moving to Carju's comments -

....Some of you see them some of you don't but there is a lot of SPAM, porn and other unsuitable posts on WPW most days and the MODs do our best to remove the obvious ones (Helped by PM's from lots of the regular members like Matuari, Carbonize, Rocky, Mik, etc.) However the MODS are not always experts in every area of IT. I saw the original post in here and lets be honest I couldn't have done what ldyguique did and tracked it down (thanks for that info). However most of us have developed a MOD trouble radar and can usually spot a dodgy post a mile off. The tell tale signs are poster with less than 10 posts, new member, ID change, web site change, etc... These we flag in the Mods room for help and advice.....

So lets look at those facts based on the WPW Archives for the members in question here -

If Autolink honestly has problems, one has to wonder why they aren't back looking for answers. One might suggest that they maybe did, found the earlier posts and left disgruntled, but in further defense of our earlier stated positions, .... if you go back to earlier post by autolink under the autosignals alias, http://www.webproworld.com/viewtopic...autolink#48886 you will find ~

.... I submit my site with a compnay called Autolink. They submit my site to the top 400 search engines for only $21.00. My site was placed on all the major engines within 6 to 8 weeks. They have great customer support, and offer a live chat program on their site. Their address is www.autolink.4t.com/main.html that URL will take you strait to their page so you don't have to wait for the intro to load. Hope this helps!

Which makes this all seem suspect, as cause for our suspicions! And, further sort of answers burntalive's questions of "Where's the spam?"

If autosignal's business and Website are Autolink, then it would appear they became "autolink" to spam the site on the WPW forum. Which might lend some reason or cause in support of an average of less than one post per week here on autolink's part, and the change in member name. What it doesn't answer is... why Autosignal refers to "autolink.com" as "they" repeatedly, when in fact, it later turns out to be not only autosignal's site, but their other member name. Which oddly enough was registered on the same day Autosignal made that post. (Strange coincidence don't you think?) Why didn't "they" simply refer to it as "my" company?

Likewise post - http://www.webproworld.com/viewtopic...autolink#45331 Again appears to support potential for the marketing of services of freeserver, not autolink's "autolink."

If you want to get more traffic I would suggust getting a better WebHoster. Not a Geocities site. To get more traffic I would also suggest Google adwords, or targeted hits. I could get you the targeted hits if you are interested. Either e-mail me or send me a private message and I will give you my phone number and we can contact each other that way. But I would really look into the web hosting.

And, the following post at ~ http://www.webproworld.com/viewtopic...ghlight=#46365 ~ likewise looks a wee bit suspicious.

I don't think I would be interested in a link exchange at this time but if you go to www.disneywebdesign.com They will trade links with anyone. They have a bunch of categories to chose from. Hope this helps!

Makes one wonder why "disneywebdesign" is referred too by the webmaster as "they" repeatedly! When it is in fact AGAIN, supposedly theirs, "Mr. Disney himself", the guy in charge of disneywebdesign.com. Why didn't "they" say, "Well not on 'my' autolink site; 'I' do however have another site, disneywebdesigns.com, that 'I' would be interested in swapping links with you on."

Adding to that bit of confusion, although matauri suggests the user simply changed their name, you will find that autosignal continues to post, even after autolink is created as a member alias, in fact last post for autosignal was 12/8/03 nearly a full month after autolink came into the picture, 11/13/03. Again, this is certainly no crime, but I personally have to wonder why one needs two IDs for 33 posts in 2 months time!

I also find it interesting that Autolink initially posted to numerous threads regarding their website "autosignals". Whereas Autosignal intially posted to numerous threads concerning their website "autolink". And, both of them have posted to numerous threads conerning their website "Disneywebdesign". Which was referred to in third party tense by one of the two of them somewhere back there, who was earlier referred to in third party tense by the other, as if neither of them owned any of it!

In closing, I personally feel... That this much confusion over autolink, autosignal, and disneywebdesign here on the WPW forum, supported solely by the one member here that is all three. Coupled with the cloaked findings in DNS search by ldyguique.... Supports the initial suspicions posted by but a few of us in this thread who have since been condemned of jumping to conclusions by others. The further I look into this matter the more I am inclined to believe that the initial assessment was very much correct, and again I would request clarification by autosignal/autolink, or whoever they may be! And, would suggest not only that "they" be given a set timeline with which too comply, but that Administration make a point of requesting such on the basis of the posts offered herein in review.

[ldyguique]

Rocky1 -

Good job on giving the historical context for the supposition that autolink and autosignals are one and the same and the tie-in to disneywebdesigns.

However, as more of his website reappears, we do see R&R Enterprises listed as a "newest partner."

Also, the contact address is given as
customservice@accountant.com

accoutant.com's whois info lists:

Organization:
Easylink Services Corporation
Easylink DNS Services
33 Knightsbridge Road
Piscataway, NJ 08854
US
Phone: 732-652-3930
Email: hostmaster@easylink.com


Domain Name: ACCOUNTANT.COM

Created on..............: Tue, Sep 30, 1997
Expires on..............: Wed, Sep 29, 2004
Record last updated on..: Tue, Aug 12, 2003

Administrative Contact:
Email or abuse inquiries contact postmaster@mail.com.
Law enforcement issues contact 646-223-1227
Easylink Services Corporation

And, since autolink states in his opening paragraph that he's losing business everyday that his site is down and that others are stealing his business; so, this would indicate that it's been an ongoing operation for awhile.

[ronniethedodger]

It is amazing the profile that everyone is building on this character or characters.

As cyanide made the comparison of spelling mistakes to a 15-year old...I will agree with that. This appears to be the work of a up and coming youngin looking to make his mark in the world.

And then rockies brilliant chronilogical outlay of the situation methodically put into place like a man crazed over a 1500 piece jigsaw puzzle shows...this is the work of one person or another possiblity, a group of persons acting under a group effort.

The theory above is logical. This kid comes in and sets up accounts and posts back and forth between them. One tells the other about a plan, the other buys into the plan, the plan is great and comes back to laud it. Not an original idea because it has been done before...but it is "kids play" type mentality which strengthens the facts a little more that we are discussing the actions of some 15-year old or someone with the grade level education of that particular age.

On the other side of the issue is that it is different individuals. And one of them, autolink, is in indeed deep trouble. This feeling you have for him is firm on that. Thus we have two lines of thought going here...but yet each have their merits.

So who is right? Consider the third option....both.

The kid comes in and spams WPW members with his money making scheme. Does so for about a month, and somewhere along the line he gets into trouble with his site...who does he turn to first?

The kid has been here for a month. He doesn't make many posts, but that does not mean he is not reading, watching, and learning from everyone here.
It might be that he came to know everyone here in some way and viewed you all as authorities in some form or fashion. Since he is a kid, he is quite impressionable.

So he comes back one final time with an actual post for help. Right at that time, the troubles he was asking help on really hits the fan (as Minstrel keeps bringing up to remind everyone of that fact). By the time all is said and done...pffft...it is all over with.

It is possible that he no longer needs to come back, because indeed everything he worked on is actually gone. Or maybe, he did come back and reviewed some of the earlier posts and told himself, heck, why bother responding now.

We may never know the true answer. But I kind of like this bittersweet ending to this story.