MWPSK.org down / hacked

Topics: Developer Forum
Apr 9, 2009 at 10:34 AM
OK today (I think) is www.mwpsk.org unreachable, just a nice page: you have been hacked.
I think somebody just got inside the cms, becuase if you enter http://www.mwpsk.org/Default.aspx so the page normaly loads, Administration appears to be working and App_Data was not touched...

Best regards

Boris Duchaj
Coordinator
Apr 9, 2009 at 11:25 AM
In my opinion problem is with server not with MWPSK. Bad server configuration, easy to hack
regards, artur
Apr 9, 2009 at 11:28 AM
That was also my idea. Looks like the default document within IIS is modified or something like that.
Check that with your hosting company in case of shared hosting.
Apr 9, 2009 at 5:08 PM
Would like to know what happened.

TJ Havens
Apr 9, 2009 at 5:26 PM
Edited Apr 9, 2009 at 7:51 PM
First of all I am sorry for the typo I wrote that fast that instead writting iis i wrote down cms mind got faster then hands. Naturally the CMS is OK... I am sorry for the error should really read after writting~3cbr /~3e ~26nbsp~3b~3cbr /~3e to xotj123 the site www.mwpsk.org just show a nice hacked html page but when you write the direct link to start MWPSK http~3a//www.mwpsk.org/Default.aspx it starts normaly. I think somebody replaced the standard IIS page with this s*/-t as ArturZarski and gvraaij suggest...~3cbr /~3e Somebody should inform the admin of the server. Becuase now is 19.30 Middle European time ~28I am from Slovakia~29 and the hacked page is still there...
Coordinator
Apr 12, 2009 at 9:39 AM
Hi,

For a couple of hours I try to reach someone who has access to the server account. It looks like someone has hacked the ftp access (brute force attack) and added an index.html file which loads by default if nothing else is specified. Looks like the hacker didn't care about the other content of the site which works still fine if navigated directly. The incident is very serious and I will ask the right questions regarding password security if my guess is correct.

Thanks for the notification

Urs
Coordinator
Apr 12, 2009 at 10:23 AM
Looks like the issue has in fact been that the ftp access has been hacked. The problem is now being resolved by the support personal of our hoster.

Urs