I have been Hacked for a third time now..

Discussion in 'Site Feedback & Announcements' started by MIG-31, Feb 7, 2017.

Thread Status:
Not open for further replies.
  1. MIG-31

    MIG-31 HardwareHeaven News Mod Staff Member

    Joined:
    Dec 29, 2002
    Messages:
    73,645
    Likes Received:
    1,908
    Trophy Points:
    153
    This is something very important you need to know. I have had two of my front page article Hacked over the last two days. The first were the PS4 4.50 article were edited twice, I changed my password after the second time.

    And it has happened again during the night to the Antec Announces the Rainbow 120 Series Fans article. So I have changed the P/W a third time..

    And this has just happened once again with the Cooler Master Announces the MasterCase Pro 6 Chassis article on the front page..

    Restored the article as it is and once again changed my P/W.

    And the only place I use for the Front Page news is at my home PC, so its nothing public.. And as I can see its only effecting the very latest post I make.. And I have not seen it happen anywhere else.

    Something you may need to look into.
     
  2. Tipstaff

    Tipstaff Well-Known Member

    Joined:
    Jul 22, 2002
    Messages:
    9,291
    Likes Received:
    899
    Trophy Points:
    123
    Does the server log password changes? And from what IP?
     
  3. MIG-31

    MIG-31 HardwareHeaven News Mod Staff Member

    Joined:
    Dec 29, 2002
    Messages:
    73,645
    Likes Received:
    1,908
    Trophy Points:
    153
    I can't answer that as I don't have admins options.. I have a User Name and the Password options I have is that I can not insert my own password, its a Generated Pass word process. Always shows as strong..

    But what I have done is cleared all Passwords of my PC (I have the new one saved else where) and will only insert when it is required..

    Craig or Stu where the go too guys here.. I have emailed HH's Manager to see if this can be looked into..
     
  4. MIG-31

    MIG-31 HardwareHeaven News Mod Staff Member

    Joined:
    Dec 29, 2002
    Messages:
    73,645
    Likes Received:
    1,908
    Trophy Points:
    153
    My tactic from yesterday were to use my Password only when I needed to access the front page.. Unsaved on My PC and logged out when I'm out at work..

    It appeared to work for a little while looked as though it might of been working.. Spoke to soon.

    The latest article were once again hacked, all content is always erased, and a message saying you have been Hacked By (Name is always different)

    I'm starting to think that I'm wasting my time posting anything on the homepage at the moment as I'm just back tracking to reinstate the content.
     
  5. Judas

    Judas Obvious Closet Brony Pony

    Joined:
    May 13, 2002
    Messages:
    38,481
    Likes Received:
    913
    Trophy Points:
    138
    Well if you want to determine if it's your machine at home or your connection is being monitored some how.... i would suppose visiting a friends place and borrowing a machine that appears to be completely clean... maybe even visiting a retail outlet and jumping on a fairly recently unboxed demoed computer just to log in.. post a few things and then manually wipe the cache/history of the browser to make sure nothing is left.... and watch what happens... If the same thing is hacked again, then you'd be fairly certain it's NOT your computer at home being compromised ... and that it's hardwareheaven's security that has been.
     
  6. MIG-31

    MIG-31 HardwareHeaven News Mod Staff Member

    Joined:
    Dec 29, 2002
    Messages:
    73,645
    Likes Received:
    1,908
    Trophy Points:
    153
    I have cleared my Cache, And I am running a widows defender Full scan..

    And it has happened once again... It is always the same spot every time, shown in the circled out.

    [​IMG]
     
  7. MIG-31

    MIG-31 HardwareHeaven News Mod Staff Member

    Joined:
    Dec 29, 2002
    Messages:
    73,645
    Likes Received:
    1,908
    Trophy Points:
    153
  8. Tipstaff

    Tipstaff Well-Known Member

    Joined:
    Jul 22, 2002
    Messages:
    9,291
    Likes Received:
    899
    Trophy Points:
    123
    The front page is a separate entity from the forums, right? I remember someone mentioning that the forums runs on XenForo, but the front page uses something else. Do you know what it is? I'm wondering if there is an open exploit that this hack is using.

    Or could it be that they have hacked one of the admin passwords?
     
  9. MIG-31

    MIG-31 HardwareHeaven News Mod Staff Member

    Joined:
    Dec 29, 2002
    Messages:
    73,645
    Likes Received:
    1,908
    Trophy Points:
    153
    The front page is running on WordPress 4.7 (There is an update of 4.7.2 still to be installed)

    The forums is running on XenForo (Don't know what version) I have no issues with the forum account as the user name and password has no connection with the front page..
     
  10. Tipstaff

    Tipstaff Well-Known Member

    Joined:
    Jul 22, 2002
    Messages:
    9,291
    Likes Received:
    899
    Trophy Points:
    123
    Yep... that's the one. About 100k sites had been attacked since the exploit when public. Supposed to be fixed by WP 4.7.2.
     
  11. MIG-31

    MIG-31 HardwareHeaven News Mod Staff Member

    Joined:
    Dec 29, 2002
    Messages:
    73,645
    Likes Received:
    1,908
    Trophy Points:
    153
    And the same post has been hacked once again.
     
  12. Trusteft

    Trusteft HH's Asteroids' Dominator

    Joined:
    Nov 2, 2004
    Messages:
    21,535
    Likes Received:
    2,139
    Trophy Points:
    153
    Any chance you have a key logger? Or you know, Windows 10 lol.
    Have you tried at least Malwarebytes?
    Have you tried changing the password from a different computer? And then NOT typing the new password on your main computer, to see if it is the PC or the software/exploit that is the problem?
     
  13. Calliers

    Calliers Just got off the hedonic treadmill... Staff Member

    Joined:
    Oct 12, 2004
    Messages:
    44,257
    Likes Received:
    2,895
    Trophy Points:
    139
    According to Mousey Wordpress has lax security.
     
  14. Tipstaff

    Tipstaff Well-Known Member

    Joined:
    Jul 22, 2002
    Messages:
    9,291
    Likes Received:
    899
    Trophy Points:
    123
    I'd leave the front page as is, MIG. Don't even bother with it any more, because until the site is patched with 4.7.2 there's nothing you can do. It's up to the admins now.
     
    Calliers and Dyre Straits like this.
  15. MIG-31

    MIG-31 HardwareHeaven News Mod Staff Member

    Joined:
    Dec 29, 2002
    Messages:
    73,645
    Likes Received:
    1,908
    Trophy Points:
    153

    Thanks for the replies, its just a thing I don't mind at all.. I can say I'm now certain it's nothing at all to do with my PC or network.. Ran every test I could think of...

    As I mentioned its only the very latest post is what is targeted, on an average of three times a day..
    But I do receive a few PR's that need to go up as soon asap, so the more important ones go up... It only takes me around 30 seconds or so to restore the Hacked post to its original state..

    And its is a flaw in 4.7 at fault, and its starting to come up in the news that the flaw is fixed in 4.7.2..

    It's just a shame it is so hard to get a response from admin as it stands (I'm sure they probably know) but some heads up either here (or by my email) would be goo to know that they are working on it.
     
  16. Calliers

    Calliers Just got off the hedonic treadmill... Staff Member

    Joined:
    Oct 12, 2004
    Messages:
    44,257
    Likes Received:
    2,895
    Trophy Points:
    139
    So it seems like it has been fixed?
     
  17. MIG-31

    MIG-31 HardwareHeaven News Mod Staff Member

    Joined:
    Dec 29, 2002
    Messages:
    73,645
    Likes Received:
    1,908
    Trophy Points:
    153
    Yes, word press has been fully updated since Tuesday and all is well.
     
  18. Mousey

    Mousey HH's Official Rodent

    Joined:
    Jan 13, 2007
    Messages:
    7,903
    Likes Received:
    510
    Trophy Points:
    138
    Christ it survived the update routine? I'm amazed.
    If you've got admin access i'd advise you remove any accounts you don't recognise and change the passwords of ALL accounts you do (Regardless of their permissions) using this tool https://strongpasswordgenerator.com/, Check the user accounts make sure there's not a single account that isn't required there, every single one is another vulnerability because wordpress barely supports decent password hashing let alone 2 factor authentication. First thing i'd do after compromising a wp site is create myself a few user accounts so i've got backdoors.

    Next thing i'd advise you do is change your own password using the same tool, and have a look into the plugins see what's there, if the site is being used purely as a CMS and doesn't integrate with the forum it probably doesn't need much if anything in the way of plugins, Another common thing to do to a compromised site would be install a plugin of some sort that allows me to do remote management of the site and it's users.

    This is of course assuming that wordpress is a required option,
    The best case scenario is firing it into the surface of the sun and using literally anything else.
     
  19. MIG-31

    MIG-31 HardwareHeaven News Mod Staff Member

    Joined:
    Dec 29, 2002
    Messages:
    73,645
    Likes Received:
    1,908
    Trophy Points:
    153
    A) I don't have full Admin access..
    B) The first thing I done when I noticed that WP were updated were to change the P/W and clear out any possible log-ins.
    C) I can only generate a P/W and use that, its usually around 15 characters so it is random everytime. I cant enter anything external.

    And it were not just HH's front page it were any site using 4.7 which had a back door fault. http://www.bbc.co.uk/news/technology-38930428
     
  20. lgordon225

    lgordon225 New Member

    Joined:
    Apr 25, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    sounds like hacker pro. a month ago, i download KMSPico to activate Windows 10, then i lost password gmail??? i think my computer has virus
     
Thread Status:
Not open for further replies.

Share This Page

visited