SITE HACKED

[Net123]

my site was hacked yesterday ... the hacker name is "sipraje" from indonesia his site name is http://www.ambulu.nethacked my one of the site my site name is http://ghillitricks.xtgem.com i was not placed anything wrong or and i was not placed any country names in my site ...but the hacker hacked my site and insulted my country "india"and i am running this site from 2006...and the hacker not hacked from root so i dont know how he was.....the xtgem.com company was only allowed users for use html only ....but now from this year he changed their rules for premium account for create php codes also...but i am using html only free account but my index gone...how it was possible to hack using html and js only ????????? anyone can help me ??

Edited August 16, 2012 by Net123

[justsomeguy]

There are over 2700 domains pointing to the server your site is hosted on. If they didn't exploit vulnerabilities in the server itself he could have used another account with higher privileges to get access. You don't compromise a server with HTML and Javascript code.

[Net123]

oh so he hacked from one of their account and he used php upgraded account right so the vulnerable hole was @ xtgem upgraded account right ?

[boen_robot]

Exactly.They shoud've made sure to isolate each premium user from the others on their server, but they didn't - every premium user has/had access to all users on their server, and the only special thing the hacker did was to abuse that power to affect your site (and I assume others too).The only thing you could've done is to not use that server. Well... strictly speaking, you could've also raised concern to the xtgem staff, but unless you were a premium user, I don't think they would've taken you seriously.

[Net123]

so what to i do now ?can i leave xtem or ?????????

[boen_robot]

I'd leave them... and also email them, telling them why, so that hopefully they can fix their problem for future customers' sake.

[justsomeguy]

We can't really say how they got in though, they might have exploited a vulnerability in the server itself instead of one of the accounts. There's no way that someone can figure that out without investigating the server logs and things like that.

[rootKID]

it is possible to do hacking over HTML as far as i am aware of, so it should not be impossible, but as JSG said also, possible that he used an another account with higher priviliges also...

[thescientist]

it is possible to do hacking over HTML as far as i am aware of, so it should not be impossible,

it is?

[justsomeguy]

I'm not quite sure what "do hacking over HTML" even means. You need the server to execute code if you want to hack it. HTML code is not executable. Cross-site scripting or Javascript injections may still be possible if there is a poorly-validated submission form, but those aren't going to allow an attacker to gain access to the server.

[Net123]

i also complained to xtgem but thy are not taken any action yet................. Hello,I will request recovery please change your passwordrecovery may take until at least MondayGraham Warren,Customer Care representative,XtGem LLC>my site hacked plz help me...>there was a huge bug in xtgem system plz try to fix it otherwise the whole xtgem could ######..........> --------------------------------------------------Do not edit below this line> [id: #T72727] XtGem: Support request ############################me:he renamed my index file to "wala" and inserted his index page in my siteso how u telling he hacked using my password ?and you have to ban the user abbasijm.wapath.comyou have to take some action b'coz he insulted my country otherwise i will complain in cyber-crime branch thanks...........#######################################

and i posted in some forums about how he hacked ?

most of they answered me as he was hacked from upgraded php account you have fix that vulnerable also................ end; there is only a way founding "leave xtgem is better by mine" ######################################

[justsomeguy]

I just want to point out that no one here knows exactly how your account got hacked. Maybe he got in through another account, maybe he exploited a vulnerability in the server itself (e.g. Apache or a module), maybe he brute-forced your password. We can't tell how it happened because we can't analyze the server logs and we weren't watching him while he was doing it. We're just suggesting possibilities, not making conclusions.

[Net123]

oh yes i know but if he used the brute-hackingthen he can hacking one or more pages and he can delete my index.html pagebut he didn't he just renamed my old "index.html" file to "wala.html" and uploaded his "index.html" file so i am guessing the "hacking from another account" i think it could be possible from "premium account"the xtgem company not taken any action yet.. and no replies for me till now.they are not taking as that the hacker could hack almost every account in their server .........so i dont want for waste my time i am searching about new site.........

Edited August 22, 2012 by Net123