Welcome to WebmasterWorld Guest from

Forum Moderators: rogerd

Message Too Old, No Replies

SMF "Hacked by ghost61"

Forums hacked For Türkiye, apparently.

12:01 pm on May 23, 2008 (gmt 0)

Junior Member

10+ Year Member

joined:Feb 19, 2006
votes: 0

Just tried checking my forums and each link of the forums is directed to a page that says "Hacked by ghost61 for Türkiye".

I did a quick search and it seams ghost61 has taken down a few forums including phpbb etc.

Now I don't know if this is a personal attack or just a robot searching the net, probably the latter.

In the last 5 years spent running and developing websites this has never happend to me before.

Could anyone with experience with ghost61 or tracking these "hackers" give me any advice on finding out how they managed to do it.

2:23 am on May 24, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 4, 2004
votes: 0

Are you up to date on your software? If its a prevalent attacker then your software/mods are most likely not up to date and contain vulnerabilities. They look for easy targets and they are too hard to find.

They'll find you through a google search either searching for text in the page, the URL etc. If for example phpbb3.0 had a vulnerability and its a bot crawling a quick look at the meta tags would tell it if the forum was updated or not as they were changed in the last update.

I had a mod on a phpbb2 forum that had one vulnerable file, I was on the authors personal mailing list for updates. Shortly after receiving notification and updating the file it suddenly became a very popular file. My logs showed a huge surge in hits for that file and the search string for the specific URL to confirm the file was present.

1:34 pm on May 26, 2008 (gmt 0)


WebmasterWorld Administrator rogerd is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 2, 2000
votes: 0

Forums, CMS scripts, etc., often have these vulnerabilities exposed, and, as the coalman poinnts out, keeping up to date will all patches and version upgrades is the key to avoiding them.

I did have one situation where the attack came via a vulnerability in the host's server. After two defacements, I changed hosts.


Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members