DeleD Community Edition

Jeroen · Posted: Sun May 10, 2009 6:33 am Post subject: delgine.com possibly hacked

We might be victims to a website hack. A trojan horse might have been installed into our main website, delgine.com. The index.html and index.php files seem to have been altered on may 9th, 9:56.

Please, for you own best interest, do not enter the main site until further notice. We are investigating right now.
_________________
Check out Figuro, our online 3D app! More powerful 3D tools for free.

Jeroen · Posted: Sun May 10, 2009 7:17 am Post subject:

All seems to be OK now. You can login to the main site again.

It was, indeed, a trojan virus that was inserted into several files of our website. I found out that the following files were infected:

login.php
main.php
index.html
index.php
home.php

Seems that the attacker scanned our whole site and whereever he found these files, he inserted a little javascript at the end of the file. Evil or Very Mad

I replaced those files with the originals and told our webhoster about this problem.

Thanks go out to tatts and adr for warning us immediately (and Avast virusscanner too). All should be fine now. If not, please do tell us by email (jeroen at delgine.com and paul at delgine.com)!
_________________
Check out Figuro, our online 3D app! More powerful 3D tools for free.

tatts · DeleD PRO user Joined: 21 Dec 2006 Posts: 94

Hi guys, glad to see everything worked out. I had no warnings and problems getting in to the site just now. Smile

I seriously hope you'se find whoever is responsible for this attack on your site, though it will be nearly impossible but you never know.

As I said a couple weeks ago, I will be here more often now so if I ever see anything again like this, You can always be for certain that I will inform you'se immediately. Again I'm glad to see you'se got this figured out. Smile

.......Tatts Smile

Paul-Jan · Posted: Mon May 11, 2009 6:40 pm Post subject:

Although Jeroen summed it up nicely, I just wanted to post my thanks for your support, Tatts.

It's simply great and heartwarming to see how much our users are on the opposite side of the human spectrum from those timewasters who hacked the site!

adr · Member Joined: 23 Jul 2005 Posts: 165

This sounds sorta dum, but cant you just track the person by their ip address? I mean, it be going out of your way to do it, but all pc have a ip and a mac address so it be as simple as calling up their isp and then checking to see who using this ip address and find their mac address so it be easy to block and call 911 on them... but idk lmao XD

bobbel · Posted: Tue May 12, 2009 1:15 pm Post subject:

glad you guys fixed "The hax". This thing F*** scared me!

chronozphere · Posted: Tue May 12, 2009 3:17 pm Post subject:

Paul-Jan · Posted: Tue May 12, 2009 5:59 pm Post subject:

We have the ip number of the machine that performed the final ftp "attack", but it most likely belongs to an infected machine of an innocent user (botnet or a single remote-activated trojan). The important part is that whoever triggered it already had their hands on our FTP password (either through a previous hack, sniffing, infected machines, etc). We're still investigating.

Taking legal actions is unfortunately a lot more complex and time-consuming than dialing a number, and reponse is prioritized based on financial damage (in other words: there won't be any, the best we could hope to achieve is contributing as a auxiliary evidence if the same people pull of bigger jobs).

sjevadoraa · Member Joined: 21 May 2009 Posts: 2 Location: netherland