Pokemon Gaming Sphere has been HACKED

[Chrono Cr@cker]

I saw a thread in the Mihopa Admin Forum that Pok?mon Sphere was hacked and I was shocked when I saw that my whole site was destroyed. Some hacker seems to have got in, most probably through Cutenews and all my files are gone except the index.php, css and the cutenews folder. I wanted to enter my cutenews but my password has been changed and when I view users.db.php, the pass is encrypted and I have to idea as to how I can decrypt it. The user has left a message "We have Hijacked this copy of Cutenews" leaving me more suspicious about his method of entry. Morover, he has linked to https://hackthissite.org as his website and I am searching if there is an article related to Cutenews hacking there. StatCounter which I recently installed gives me useful information about who are the recent users who visited my website. To view it, go to https://pokedrome.com and click on the link at the bottom. Is there a way as to which I can find out the hacker's IP Address or anyother clue as to his identity. Please help me over here!

And If you are the HACKER reading this, please ananymously through a different IP or whatever, please tell me why you did this?

~ Chrono Cr@cker

 

[Yameneko549]

I'm sorry to hear that this happened. It's a webmaster's\webmistress' worst nightmare to get hacked. When you find the person who did this, SUE THEM OR SOMETHING! It's bound to be illegal.

Also, I suggest you post about this on CuteNews' Forums. If it was done throught CuteNews, they should be notified of a potential security flaw.

Good luck finding the person, bringing them to some form of justice, getting your site back up, and getting it secured.

 

[Rukario]

well the fix is easy enough.. just change all your passes, and reupload your stuff.. If you have access to the server logs, you can easily get his IP, cmds used, and all that..

this is also a good time to let all you webbies know: use hard passwords and secure scripts on your sites..

 

[Kipkip]

I wouldn't use Cutenews since it uses flat files to store everything. Now, I don't know how they protect your passwords, but I'm pretty it's less sercure then having them stored in a database.

 

[MalafeX]

here i suggest this https://newsphp.sourceforge.net/, i think this one is more safe than cutenews, but it use a mysql.

 

[Myuureon]

I am working to get his IP right now.When i have it, i will post it here for all to see.

 

[Morkula]

Oh no you're not... <_<
I think I've heard something about CuteNews being exploited before. Makes me think twice about using it =/

 

[Chrono Cr@cker]

Steve, unfortunately I missed the Logs and they were cycled, so I can't view the IP address of the person who accessed my website. I don't think it would do any good though as these people use Proxy Firewalls and have revolving IP's or use a service like https://silentsurf.com. Morover, I am ditching Cutenews. I complained at their forum and got replies telling me that Cutenews does have some security errors. I am going to change to PHPNews which ^^ showed me. It looks really stable and uses MySQL too and has all the features of Cutenews+More. If any of you are using Cutenews, I suggest you change immediately to some other news script. One which doesn't run plainly on PHP and store it's data in a Flat file(txt file).

~ CC

 

[MalafeX]

yeah phpnews rocks, its as easy as cutenews, and it suppot xhtml and rss.

 

[Geometric-sama]

*giggles* Coranto may be old and CGI, but at least it's reasonably secure. I have to laugh at the hacker's message... you're so serious about this stuff. Just upload your stuff again XD

 

[Innocence]

OMG! PGS was hacked??? I'm quite familiar with hackthissite.org, It's supposed to be a "Safe" Place. I hope that person gets banned from hackthissite.

 

[Geometric-sama]

Maybe the guy was just saying "learn how to protect your site". XD

 

[Yameneko549]

Maybe the guy was just saying "learn how to protect your site". XD

Maybe, but they did take it to the extreme.

 

[Thomas]

Maybe the guy was just saying "learn how to protect your site". XD

Actually that makes a lot of sense...but maybe he really did want to take over the site, but that just seems like a waste of time to me, but for a loser like that hacker it might be "fun" XD

 

[Datriot]

ah, man, that was like, the only decent rom hacking website, man I hate these stupid hacking ****ers!

 

[Sylver]

ah, man, that was like, the only decent rom hacking website, man I hate these stupid hacking ****ers!

Don't be angry, they are just doing their job. ^_^;

 

[pokejungle]

I'd have to assume you use the same password for everything then CC

The hacker finds your password on CuteNews, gets into you CP and does the damage. =/ I use a different password for everything...I think that'd protect me from this. I don't think you can get into your server from CuteNews.

But, if I see more expoits, I'll be sure to switch to PHPNews.

 

[MalafeX]

read this https://archives.neohapsis.com/archives/bugtraq/2005-06/0002.html

 

[pokejungle]

Point taken ._.

Lucky I changed my password recently XD But I may switch news now~ It's just annoying that I need a db ;; My cheap hosting only came with 3 XD But I suppose I could host it at a remote Mihopa account?

 

[MalafeX]

you could use coranto, but your host need to suppor cgi.