Hacking attemp FAILED

[Devi]

About hacking attempt


Yesterday there was an incident to forum "breaking", to be exact, editing of one file, and plums on a sheaf сплойтов, can calm at once:
1 . The Iframe's code was a curve, and at the most part of users it doesn't even downloaded.
2 . To that moment there was DDOS attack to a forum (Probably all remember ERROR #502 during the whole day), proceeding from it, 60% of the users who were at that time couldn't receive a iframe's code at all.
3 . THE DATABASE IS OK, Nobody DIDN'T get access to it, ONLY ONE FILE HAS BEEN MODIFIED WHICH WERE JAVASCRIPT INSTALLED WITH IFRAME CODE .
4 . The Exploit pack was very old so the chance to become infected is about zero.

In aggregate factors:
1 . Having punched slightest at a Exploit pack.
2 . Time of stay harmful code on the server was not long.It was quickly removed (1-2hrs).
3 . 60% of visitors didn't receive this file.
4 . The number of visitors at that period of time was not many about 200-300 people.

From there conclusions:
1 . Incidents of infection were single (One is at present known, and that not that caught the fact from us).
2 . Local database didn't touch, to worry there is nothing because according to our records, it was done because of ALL incoming traffic was done THRU anti-ddos system. And it seems one of their system was hacked. And all incoming traffic to our server wasnt recieved clear board html page, but page with "addition".


Interesting moment already here:
In scripts was nothing (On the server) so most likely it was a hoster who provided DDOS protection.


About exploit pack, check your versions of next software:
1 . Java v7.2, 6.30 and 5.33
2 . Adobe Reader and Adobe Acrobat Professional versions 8.0 to 8.2 and 9.0 to 9.3.
Exploit pack use bugs in this versions for infecting
Hacker's domain info:
socks4you.biz

Name: Aleksandr M Sugay
Address1: Shkolnaya 7
City: poselok Nahabino
State/Province: Moskowskaya oblast
Postal Code: 143430
Country: Russian Federation
Country Code: RU
Phone Number: +7.4957239170
Email: [email protected]

Don't Worry, Be Happy

 

[carder2012]

Thank you Boss, i was thinking same it was hacking attempt on forum,

Its really good work done by carder.market team in short period of time.

 

[Ninja]

It take me around 24hrs without my personal life...
Ive viewd almost every php file to exclude possibility of revealing our board to the hands of fuckers.
But atleast now im sleep good what its all clear.

+ someone who have information about website where this js leaded:

socks4you.biz

All u know what we're under ddos protection and we are tunneling our traffic thru diferent ISPs finding best way for us. So one thing how it could happend - one small isp just substituted damn traffic.

And about IPs
all ppl who worry about security ask us about that.

WE DONT LOG THEM.
And one main reason why - OUR OWN SECURITY.
Because less information kept on servers about BIG mans like all of you - less questions to us. Please keep that in ur head next time. We all have families (some of us just mom and papa, but mostly wifes and childrens) and we want to sleep good.


Thanx for waiting and supporting us.

 

[carder2012]

Ninja-- Friendly Question

Should we use sock or VPN instead for our regular Ip everytime,

I basically using my own Ip, which is Random. and never got any problem.

 

[Ninja]

ALLWAYS use VPN.

Coz ITS NOT MY PERSONAL server.
And even if it will be- i will NEVER reccomend to use it from ur own IPs (only feds board will say - come on, we're 100% ssecure).
Nowdays FEDs are everywhere on every place. And every board is monitored closely. So keep that VERY seriosily.

Keep in mind what even if cpro = home pc of me or any other friendly person
How many hops leads to my IP?
Ur isp, my isp, and bunch of other.

And makeing rule on traffic like "keep in logs all IP who access to carder.market" on isp between u and me - will log EVERY ip who access to it.

Of course - there is no evidience what you do here, but i repeat. ALLWAYS use ALL possible ways to protect urself!
Because too many ppl is accessed to dbs, network, etc etc
I want it to be me only. But its impossible.
And it is ON EVERY BOARD!

So please take it seriosly!
If you have PMs - never keep them ANYWHERE.
Im personally NEVER keep anything sensitive on boards or even emails.

Better be paranoid peace of shit, than stupid samurai in jail.

 

[carder2012]

Great, I,ll try to follow above mention details, I just asked you because in same field my brother is and working in same telecommunication, and he knows what i am doing, i have asked him several times about this, and he just told me nothing to worry, because in our records tooo tooo many work which we have to follow and we,ll never check any record for any person unless they are involved in country base agencies, or high level intelligence.


Anyway. I,ll try my best to protect my as well as this forum user data,

 

[Ninja]

He was right - usual admin doesnt even know about it. He DONT CARE.

But for few years IP of every board is monitored and if middle ISP see what someone access that IP THRU them, they keep that record in file.

In Russia, Romania, Poland and other countruies - there is system installed by local FEDs called
SORM

EVERY ISP provider cant get licens without installing it.
This system allow FEDs to control ALL traffic remotely, so your brother wont even know about that.

My advice is.
Buy shared hosting install UR OWN vpn. Cange it once a month and ure clear for a while.
Of course its a starter level.

Expirienced carders use registered to dead ppls SIM cards and rented house with noone inside.

Check about sorm - its pretty interesting.

 

[carder2012]

alright, I,ll follow.
thanks for your time in replying to my questions

 

[Mailer-Daemon]

Бум вызванивать терпилу мож? Побеспокоим мальца Шурика?

 

[Ninja]

Mailer-Daemon
English please.

Мальца напряги - отпиши рещультаты в русской секции.

 

[dagonxx]

Ninja, you say you dont log IPs but how is it then that you discover "clones" when someone is banned? Some these people tell me they were not clones but just used same VPN as the ripper.

 

[sinatra]

dagonxx, Cookies...etc

 

[Ninja]

All i can say - its not IP.
Because for our server where anti-clone system installed, all users is coming from same IP.

Dont listen to ppl who telling u this. From 2006 im hear such stories for LOT of times, and everytime admins check them - they fail using "other" methods.

U can make an experiment with me and i can grant u access to clone system.


Make 2 diff accounts from same IP and they will not be tagged as clones.
Make 2 diff accounts from diff IP - and they will be do it.
IMMIDIATLY ull see it in clone system.

I have done such tests with some respected members few times, and have no problem repeat it. Im open for any cooperation, but for now - lack of time. Just believe my words, im responsible for what im saying.

 

[carder2012]

possible.

 

[Ninja]

One more time
On THAT board noone care about ur IPs.
We doin' all our steps for getting rippers out without PayPaling to IPs.

Alot of ppl in bus using same VPNs and they coming to our board FOR YEARS without getting tagged even once.

If person not a ripper there is one big glitch which has been revealed lately.
They use public RDP, use it to connect to board (just for test)
and 5 minutes later person who own that RDP (and gave it to public) used his keylogger and owned account.

Keep that in mind please.

 

[carder2012]

One more time
On THAT board noone care about ur IPs.
We doin' all our steps for getting rippers out without PayPaling to IPs.

Alot of ppl in bus using same VPNs and they coming to our board FOR YEARS without getting tagged even once.

If person not a ripper there is one big glitch which has been revealed lately.
They use public RDP, use it to connect to board (just for test)
and 5 minutes later person who own that RDP (and gave it to public) used his keylogger and owned account.

Keep that in mind please.

Thats is 100 % ture, Usually try to login from your own PC in your Own room with or without turning off your room lights , slight music in backround.
And enjoy forum & keep making Cash as like me

 

[RedruMZ]

Admin Ninja Having Very Positive Posts Today Thumbs Up For His Work

 

[cleaner76]

Thanks to the whole carder.market for taking care of that problem fast & getting the board back & running

 

[StrictlyBusiness]

I'd like to thank Ninja and the rest of cpro team. One for having a place for our money making brothers to meet/discuss and another reason is for keeping us safe as much as you can brother

 

[vccsell87]

Thats why c.pro is the best on net ... Keep the good work Ninja.. i bet you lost one day off pull bars fixing things !=)