Jump to content
Sign in to follow this  
Smirftsch

Being hacked?

Recommended Posts

Got this the morning:

Quote

We have hacked your website and extracted your databases.

How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.

What does this mean?

We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.

How do I stop this?

We are willing to refrain from destroying your site's reputation for a small fee. The current fee is .33 BTC in bitcoins ($3000 USD).

Send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive):

---

Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this notice or the database leak, e-mails dispatched, and de-index of your site WILL start!

How do I get Bitcoins?

You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you https://cex.io/ for buying bitcoins.

What if I don’t pay?

If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there’s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.

This is not a hoax, do not reply to this email, don’t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!

Please note that Bitcoin is anonymous and no one will find out that you have complied.

Question is, are such attacks known and how likely are they? I highly doubt it, since there is nothing of use in this database anyway and it very much seems it was just sent using the contact form.

 

Related to that- it might be best nevertheless to change database password, is there some documentation on how to do that properly?

 

Share this post


Link to post
Share on other sites

My bet, it's spam, they are totally trying to extorque bitcoin. It look like an automated message. 

And from what we can read from there on Internet, they are sending this message to owners of google blogs 😂 and we know that for hacking a google blog, they require your google account, which I doubt it was hacked.

Anyway, you can look at your file structure, DNS records, etc to see if something is weird but in every case, DO NOT PAY 👍🏼

 

I am quite confident to say that your are still safe 🙂 make your best poker face 😅 

 

 

  • Like 2

Share this post


Link to post
Share on other sites

I got a very similar message this morning, posted to the contact page of a website I look after. Bit of a giveaway when the messages includes "This is not a hoax, do not reply to this email". I've seen a number of similar ones via this and other contact pages in the past. Nothing bad has happened yet after ignoring them! I would only take any notice if they posted me something from the database that shouldn't be accessible to them.

I looked up the IP on stopforumspam.com and found several other reports from this morning, with a variety of names and emails submitted.

 

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By phil_s
      Hey there, 
      A friend's server (php, to be exact) is now going down rather frequently (still irregular but almost every week), and I am trying to get to the bottom of it.
      It's a serverpilot configured small to middle tier DO Ubuntu server, running php 7 on nginx, https only, (with a letsencrypt certificate added manually by me, not via serverpilot)
      When looking through the various log files I found a couple of things I couldn't place, can you guys make anything of this?
      This happens multiple times a day (form different IPs) and goes on for 40-50 pings:
      200.8.223.47 - - [07/Mar/2017:01:02:27 +0100] "POST / HTTP/1.0" 301 229 200.8.223.47 - - [07/Mar/2017:01:03:13 +0100] "POST / HTTP/1.0" 301 229 200.8.223.47 - - [07/Mar/2017:01:03:59 +0100] "POST / HTTP/1.0" 301 229 200.8.223.47 - - [07/Mar/2017:01:04:45 +0100] "POST / HTTP/1.0" 301 229 200.8.223.47 - - [07/Mar/2017:01:05:32 +0100] "POST / HTTP/1.0" 301 229 200.8.223.47 - - [07/Mar/2017:01:06:19 +0100] "POST / HTTP/1.0" 301 229 200.8.223.47 - - [07/Mar/2017:01:07:05 +0100] "POST / HTTP/1.0" 301 229 .... Is this suspicious? (nobody was editing the site at this time)
       
      And these here come in 2-10 sec intervals, usually in 2-3 minute bursts, from different IPs, sometimes multiple times a day, sometimes followed by 30-40 "POST" commands
      86.106.157.213 - - [06/Mar/2017:16:40:53 +0100] "GET /wp-login.php HTTP/1.0" 301 245 86.106.157.213 - - [06/Mar/2017:16:40:58 +0100] "GET /wp-login.php HTTP/1.0" 301 245 86.106.157.213 - - [06/Mar/2017:16:41:03 +0100] "GET / HTTP/1.0" 301 233 While this should by no means get the server to it's knees (or should it?) this is not normal, right?
      Cheers folks!
       
    • By Beluga
      So this is basically a recreation of a menu tutorial from W3Bits, tweaked to include the Advanced checkbox hack.
      Demo.
      Even the Advanced hack itself was tweaked: apparently this bit is causing issues with Safari, so I removed it:
      @-webkit-keyframes bugfix { from {padding:0;} to {padding:0;} }I found this particular configuration to work quite nicely. A previous menu I tried had a problem with the menu items staying expanded between media query breakpoints, when resizing the browser. Below is the CSS for the menu. You will notice that it is mobile-first:
      /* Menu from http://w3bits.com/css-responsive-nav-menu/ */ /* Note: the tutorial code is slightly different from the demo code */ .cf:after { /* micro clearfix */   content: "";   display: table;   clear: both; } body {   -webkit-animation: bugfix infinite 1s;    } #mainMenu {     margin-bottom: 2em; } #mainMenu ul {   margin: 0;   padding: 0; } #mainMenu .main-menu {   display: none; } #tm:checked + .main-menu {   display: block; } #mainMenu input[type="checkbox"], #mainMenu ul span.drop-icon {   display: none; } #mainMenu li, #toggle-menu, #mainMenu .sub-menu {   border-style: solid;   border-color: rgba(0, 0, 0, .05); } #mainMenu li, #toggle-menu {   border-width: 0 0 1px; } #mainMenu .sub-menu {   background-color: #444;   border-width: 1px 1px 0;   margin: 0 1em; } #mainMenu .sub-menu li:last-child {   border-width: 0; } #mainMenu li, #toggle-menu, #mainMenu a {   position: relative;   display: block;   color: white;   text-shadow: 1px 1px 0 rgba(0, 0, 0, .125); } #mainMenu, #toggle-menu {   background-color: #09c; } #toggle-menu, #mainMenu a {   padding: 1em 1.5em; } #mainMenu a {   transition: all .125s ease-in-out;   -webkit-transition: all .125s ease-in-out; } #mainMenu a:hover {   background-color: white;   color: #09c; } #mainMenu .sub-menu {   display: none; } #mainMenu input[type="checkbox"]:checked + .sub-menu {   display: block; } #mainMenu .sub-menu a:hover {   color: #444; } #toggle-menu .drop-icon, #mainMenu li label.drop-icon {   position: absolute;   right: 0;   top: 0; } #mainMenu label.drop-icon, #toggle-menu span.drop-icon {   padding: 1em;   font-size: 1em;   text-align: center;   background-color: rgba(0, 0, 0, .125);   text-shadow: 0 0 0 transparent;   color: rgba(255, 255, 255, .75); } label {   cursor: pointer;   user-select: none; } @media only screen and (max-width: 64em) and (min-width: 52.01em) {   #mainMenu li {     width: 33.333%;   }   #mainMenu .sub-menu li {     width: auto;   } } @media only screen and (min-width: 52em) {   #mainMenu .main-menu {     display: block;   }   #toggle-menu,   #mainMenu label.drop-icon {     display: none;   }   #mainMenu ul span.drop-icon {     display: inline-block;   }   #mainMenu li {     float: left;     border-width: 0 1px 0 0;   }   #mainMenu .sub-menu li {     float: none;   }   #mainMenu .sub-menu {     border-width: 0;     margin: 0;     position: absolute;     top: 100%;     left: 0;     width: 12em;     z-index: 3000;   }   #mainMenu .sub-menu,   #mainMenu input[type="checkbox"]:checked + .sub-menu {     display: none;   }   #mainMenu .sub-menu li {     border-width: 0 0 1px;   }   #mainMenu .sub-menu .sub-menu {     top: 0;     left: 100%;   }   #mainMenu li:hover > input[type="checkbox"] + .sub-menu {     display: block;   } }Below is the markup outputted using mindplay.dk's method. I found it impossible to output with MarkupSimpleNavigation or MenuBuilder. The homepage is added as the first top-level item. Notice the onclicks that make it work on iOS < 6.0. The clearfix class cf for the top ul is important. Otherwise the element will have no height (got bitten by this..).
      <nav id="mainMenu">     <label for='tm' id='toggle-menu' onclick>Navigation <span class='drop-icon'>▼</span></label> <input id='tm' type='checkbox'>     <ul class='main-menu cf'>       <?php         /**          * Recursive traverse and visit every child in a sub-tree of Pages.          *          * @param Page $parent root Page from which to traverse          * @param callable $enter function to call upon visiting a child Page          * @param callable|null $exit function to call after visiting a child Page (and all of it's children)          *          * From mindplay.dk          */         echo '<li><a href="' . $pages->get(1)->url . '">Home</a></li>';         function visit(Page $parent, $enter, $exit=null)         {             foreach ($parent->children() as $child) {                 call_user_func($enter, $child);                                  if ($child->numChildren > 0) {                     visit($child, $enter, $exit);                 }                                  if ($exit) {                     call_user_func($exit, $child);                 }             }         }         visit(           $pages->get(1)           ,           function(Page $page) {               echo '<li><a href="' . $page->url . '">' . $page->title;               if ($page->numChildren > 0) {                   echo '<span class="drop-icon">▼</span>                         <label title="Toggle Drop-down" class="drop-icon" for="' . $page->name . '" onclick>▼</label>                         </a>                         <input type="checkbox" id="' . $page->name . '"><ul class="sub-menu">';               } else {                 echo '</a>';               }           }           ,           function(Page $page) { if ($page->numChildren > 0) { echo '</ul>'; } echo '</li>'; }         );         ?>     </ul>   </nav>Edit: fixed the end part, thanks er314.
×
×
  • Create New...