I make search in hotscripts.com and i receive blank page with

spykids ownz your server

Today 13:46 GMT 03/06

Yeah same here.

same here i got the same message

i saw it too! lol. how long has it been like that for?

and agen! lol

i saw it fix , when i refresh it come same message

so fix,, hack , fix , hack

i think the admin war with the spykids
:)

I can confirm that hotscripts has been hacked.
I have sources direct with the sites owners
and can inform you that numerous people have
been contracted to stop the hacking attempts,
but as yet these people have been unable to stop
the attacks.

I was about to nose around hotscripts, just looking for new scripts and have been following your ordeal with the group spykids for the last little while.

It seems a battle, if your guys that have been contacted cannot stop the attacks, maybe prevention is in order. I would take careful looks into your logs. After a bit of research for the last few minutes I have noticed that these people use alot of php script exsploits. Thats where I would look first. I would also look for traces of a root kit, it may be that they are exploiting a whole that uses data injection to causes a script to retrieve a file then execute it. I have seen similar things before.

Ya... darn hackers.. went to hotscripts to look for a good affiliate type script for PHP.. and get the hackers page.

http://www.sophos.com/virusinfo/analyses/trojsowna.html

meh, high probability of script kiddies about in todays forcast

You boys need some help or what? this is getting old fast.

you boys need some help or what? this is getting old fast.

Oh my... how pathetic. What does hacking a site like Hotscripts.com achieve? Not to mention spykids is the gayest name ever lol.

Hi everyone. This is really really annoying now. I'm trying to add some things to my site and trying to search for some scripts to use too and keep getting that page. Errrgh.

I manage an Internet Safety team and if anyone has got the hackers IP address then I would surley follow it up and if nessicary have them traced.

P.S. I know a very good Internet Lawyer. :p
-Lets hope it doesn't come to anything like that tho.-

Marc Townson (aka Beaniebaby)
------------------
DISC, 16 United Kingdom.

I have created a Screen shot of hacked hotscripts.com at:
www.spydb.com

Oh my... how pathetic. What does hacking a site like Hotscripts.com achieve? Not to mention spykids is the gayest name ever lol.
I totally agree!!! LOL that's what i thought too... i was typing their name at my site i typed it like "spykidz" then i was like... huh they are not even cool to use "z" they call them self "spykids"
Kidz you need to get out more, before start hacking sitez! ;)

@JakSmith: I hadn't heard anything about this, could you tell me who you spoke to?

As for the hacking, It seems to be the result of a trojan that has infected the server, this problem is being resolved imediately and we should be back to normal soon.

http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLD,GGLD:2005-07,GGLD:en&q=spykids+ownz+your+server

http://www.mambers.com/archive/index.php/t-22055.html

I found this site with the same issue, I hope this will help you to find some answers:

Today, my two Mambo sites had their index.php re-written with the words "spykids ownz your server". I only run Mambo on one site 4.5.1a with vBulletin, and Mambo 4.5 on the other. I DO NOT run PhpBB.

I'm running on a Virtual Host, and the server uses Plesk (latest). It's a Linux box.


I'm trying to figure out how the crackers got in. I'm nervous that this could be a Mambo hole since that is the only PHP that is running.

Running php 4.3.10.

Any ideas?

Cheers,

Carlos
p.s. please contact me at idg|atmark|mxi.netwave.or.jp if you know the secruity hole.

I can confirm that hotscripts has been hacked.
I have sources direct with the sites owners
and can inform you that numerous people have
been contracted to stop the hacking attempts,
but as yet these people have been unable to stop
the attacks.


I'm not sure who your sources are, but I can ensure you they weren't correct about being unable to stop the attacks. It was a simple script exploit that brought down the mighty HotScripts. But it was also a simple clean up.

Mathew Sumpter
iNet Interactive, LLC

Hmm, maybe he was talking crap. But if it was that simple, surely it wouldn't
have taken hours to fix.

Anyway, I was told by my friend that his friend works for iNet Interactive
and that hackers were hacking the site. That they had got about 15 people
trying to track the hackers. But as you describe, a trojan seems more likely.
but it begs the question, how did it manage to get there in the first place?
security should have been much tougher.

Yeah, the spykids had control for a good hour to an hour and a half, then came the admin wars. I would say all in all the whole ordeal lasted for maybe a total of 4 hours.

Your friend's friend, does that person have a name?

The site was defaced due to a vunrability found and made public by persons unknown at this time.

Then with the ultimate power that is google some 13 year old kids used their AOL connection to deface a few sites and then got bored and went to bed as it was past their bed time.

They will now go into high school and show all their 1337 friends how cool they are.

If they will real 'hackers' they wouldn't have used a publically known vunrability, they would have gone for a more direct approach for rooting the box.

Sorry... but somehow I find it exciting that hacking is still going on these days. I thought it's dead somehow by the tight security being enforced worldwide against hackers. Hmmm... Can't underestimate a 13yrs old kid huh...
Then again. Glad nothing major happen in this site. I need this website for work. LOL...

The site was defaced due to a vunrability found and made public by persons unknown at this time.

Then with the ultimate power that is google some 13 year old kids used their AOL connection to deface a few sites and then got bored and went to bed as it was past their bed time.

They will now go into high school and show all their 1337 friends how cool they are.

ROFL. Classik

Security is one thing, but to run an open source package means that people can view the vunrabilities.

If you have the windows source code, you can find a few places to get in there. Does that make you a hacker or observant?

If you have a look here:

http://www.zone-h.com/en/defacements/filter/filter_defacer=SPYKIDS/

you will be able to see all hacks done by these individuals. They are obviously not too clever if I am able to find vital details on them with a few hours searching. I can guarantee they will get caught, especially when they are tampering with large businesses.

You have no idea how much i hate hackers. I mean, what exactly do you achieve from hacking hotscripts. What is the point?? Really? I have known about hotscripts for ages and its served me very well. I dont think there is any point in hacking hotscripts.com of all sites. Hackers!.. lets just say they really are the saddest lowlifes and arent even worthy of a dialup internet connection!

You have no idea how much i hate hackers. I mean, what exactly do you achieve from hacking hotscripts. What is the point?? Really? I have known about hotscripts for ages and its served me very well. I dont think there is any point in hacking hotscripts.com of all sites. Hackers!.. lets just say they really are the saddest lowlifes and arent even worthy of a dialup internet connection!

Well, there is a big reason for hackers and believe it or not, they actually do serve alot of purposes to large companies such as Microsoft etc. However, hacking hotscripts really is low I have to agree with you especially when it is a coders/buyers heaven :) They have no idea what they have done :p

I don't think Symantec will make money without hackers.

Okay, kinda childish, but I was miffed. And he can't use bsdmail anymore.
http://www.geocities.com/spykidzloser/Spykidz_is_a_retard.html

Please dont dig up old threads!

Topic closed.