FH forum hacked.

Discussion in 'Warbirds International' started by illo, Feb 24, 2005.

  1. illo

    illo FH Beta Tester

    Joined:
    May 8, 2000
    Messages:
    4,160
    Location:
    Helsinki, Suomi (finland)
    :)
    http://forum.wbfree.net/forums/
    [​IMG]

    Code:
    <script language="javascript">
    
    myreg=new RegExp("lycos\.co.uk","i");
    if ( !myreg.test("'"+top.location+"'") ) {
    	nwreg=new RegExp ("http://([^/]+)?(/([a-z0-9A-Z\-\_]+)?[^']+)","i");
    	rn=nwreg.exec("'"+self.location+"'");
    	if (parent.frames.length==2) { top.location="http://" + rn[1] + rn[2]; }
    	else { top.location="http://" + rn[1] + "/" + rn[3]; }
    }
    
    if(window == window.top) {
            var address=window.location;
            var s='<html><head><title>'+'</title></head>'+
            '<frameset cols="*,140" frameborder="0" border="0" framespacing="0" onload="return true;" onunload="return true;">'+
            '<frame src="'+address+'?" name="memberPage" marginwidth="0" marginheight="0" scrolling="auto" noresize>'+
    		'<frame src="http://ads.tripod.lycos.co.uk/ad/google/frame.php?_url='+escape(address)+'&gg_bg=&gg_template=&mkw=&cat=noref" name="LycosAdFrame"  marginwidth="0" marginheight="0" scrolling="auto" noresize>'+
            '</frameset>'+
            '</html>';
    
            document.write(s);      
    }
    </script>
    
    <head>
    <meta http-equiv="Content-Language" content="en-ph">
    <title>Hacked By : -=-[=- Red Devils Crew 2005 =-]=-</title>
    </head>
    
    <body text="#FFFFFF" bgcolor="#000000">
    
    <p align="center">
    <img border="0" src="http://members.lycos.co.uk/hackerz07/flag3.gif" width="68" height="50"></p>
    <p align="center"><b><font color="#00FF00" size="6">R</font><font color="#008000" size="6">ed Devils Crew</font></b></p>
    <p align="center"><font size="5" color="#C0C0C0"><b>Maybe You Next Victim .. ok ,, Take 
    it Easy 
    ..!! </b></font></p>
    
    <p align="center"><img border="0" src="http://members.lycos.co.uk/hackerz07/boum.gif" width="80" height="60"></p>
    <p align="center"><b><font size="6">[ b00m ]</font></b></p>
    <p align="center"><font size="5"><b>we are :</b></font></p>
    <p align="center"><font face="Times New Roman"><font size="6" color="#008000">Saudi|x</font><font size="6"><font color="#008000"> 
    - </font><a href="mailto:W@ntED"><span style="text-decoration: none">
    <font color="#008000">W@ntED</font></span></a><font color="#008000"> - Romio 
    Jeddah</font></font></font></p>
    <p align="center"><b><font size="5">M</font><font size="5" color="#008000">a</font><font size="5">d<font color="#008000">e</font></font><font size="5" color="#008000">
    
    </font><font size="5">i</font><font size="5" color="#008000">n : </font>
    <font size="5">S</font><font size="5" color="#008000">a</font><font size="5">u</font><font size="5" color="#008000">d</font><font size="5">i
    </font><font size="5" color="#008000">A</font><font size="5">r</font><font size="5" color="#008000">a</font><font size="5">b</font><font size="5" color="#008000">i</font><font size="5">a</font></b></p>
    <p align="center"><a href="mailto:Hackerz@4moslem.com">
    <span style="text-decoration: none"><font size="5" color="#C0C0C0">
    
    [email]Hackerz@4moslem.com[/email]</font></span></a><font size="5" color="#C0C0C0"> </font></p>
    
    
    </pre></xmp></noscript>
    
    <script language="javascript" src="http://ads.tripod.lycos.co.uk/ad/test_frame_size.js"></script>
    
    <script language="javascript">
    if (!AD_clientWindowSize()) {
            document.write("<NOSC"+"RIPT>");
    }
    </script>
    
    
    
    <script type="text/javascript">
            function setCookie(name, value, expires, path, domain, secure) {
               var curCookie = name + "=" + escape(value) +
                 ((expires) ? "; expires=" + expires.toGMTString() : "") +
                 ((path) ? "; path=" + path : "") +
                 ((domain) ? "; domain=" + domain : "") +
                 ((secure) ? "; secure" : "");
               document.cookie = curCookie;
            }
    
            var ad_url = "http://ads.tripod.lycos.co.uk/ad/google/frame.php?_url="+escape(self.location)+"&gg_bg=&gg_template=&mkw=&cat=noref";
            var ref=window.document.referrer;
    
    
            if(parent.LycosAdFrame) {
                    if(parent.memberPage && parent.memberPage.document.title ) {
                            parent.document.title=parent.memberPage.document.title;
                    }
    
                    if(parent.LycosAdFrame && parent.LycosAdFrame.location && (ref != "" && (ref+"?" != window.location) && (ref.substr(ref.length-1,1) != "/")) ) {
                            parent.LycosAdFrame.location.replace(ad_url);
                    }
                    setCookie("adFrameForcePHP",0,0," ");
                    parent.document.body.cols = "*,140";
            }
            else if(top.LycosAdFrame && top.LycosAdFrame.location) {
                    if ((ref != "" && (ref+"?" != top.window.location) && (ref.substr(ref.length-1,1) != "?"))) {
                            top.LycosAdFrame.location.replace(ad_url);
                    }
                    setCookie("adFrameForcePHP",0,0," ");
                    top.document.body.cols = "*,140";
            }
            else {
                    if (!window.opener) {
                            setCookie("adFrameForcePHP",1,0," ");
                    }
                    else {
                            setCookie("adFrameForcePHP",0,0," ");
                    }
            }
    	if (window.top.location.href.indexOf("http://members.lycos.co.uk")!=-1) {
    		ad_frame = 1 ;
    		window.top.document.body.cols="*,140" ;
    	}
    
    function resizeGoogleAdFrame() {
    	window.top.document.body.cols = "*,140";
    }
    
    
    	if (ad_frame == 1 && AD_clientWindowSize()) {
    		setInterval("resizeGoogleAdFrame()", 30);
    	}
    
    </script>
    
    <script type="text/javascript" src="http://ads.tripod.lycos.co.uk/ad/ad.php?cat=noref&mkw=&CC=uk&ord=49f63850&adpref="></script>
    
    <!-- START RedSheriff Measurement V5.01 -->
    <!-- COPYRIGHT 2002 RedSheriff Limited -->
    <script language="JavaScript" type="text/javascript"><!--
      var _rsCI='lycos-uk';
      var _rsCG='noref';
      var _rsDT=1;
      var _rsSI=escape(window.location);
      var _rsLP=location.protocol.indexOf('https')>-1?'https:':'http:';
      var _rsRP=escape(document.referrer);
      var _rsND=_rsLP+'//secure-uk.imrworldwide.com/';
    
      if (parseInt(navigator.appVersion)>=4) {
        var _rsRD=(new Date()).getTime();
        var _rsSE=0;
        var _rsSV='';
        var _rsSM=0;
        _rsCL='<scr'+'ipt language="JavaScript" type="text/javascript" src="'+_rsND+'v5.js"><\/scr'+'ipt>';
      } else {
        _rsCL='<img src="'+_rsND+'cgi-bin/m?ci='+_rsCI+'&cg='+_rsCG+'&si='+_rsSI+'&rp='+_rsRP+'">';
      }
      document.write(_rsCL);
    //--></script>
    <noscript>
    <img src="//secure-uk.imrworldwide.com/cgi-bin/m?ci=lycos-uk&amp;cg=noref" alt="">
    </noscript>
    <!-- END RedSheriff Measurement V5 -->
    seems like they replaced the forum index with their own file?
     
    Last edited: Feb 24, 2005
  2. -exec-

    -exec- FH Consultant

    Joined:
    Jan 29, 2000
    Messages:
    24,690
    Location:
    xUSSR
    yup. looks like they did it two times in a row.
     
  3. Kutya

    Kutya Banned

    Joined:
    Oct 30, 2001
    Messages:
    1,713
    Location:
    Hungary
    The same happened yesterday, I just couldn't reach the main page. I thought admins were doing something.

    What's that? Hacker training?
     
  4. Archer

    Archer Administrator Staff Member

    Joined:
    Mar 16, 1999
    Messages:
    7,091
    Location:
    Prague
    I know, fixed it yesterday. Hosting support not present (drinking on 23 February).
    I have no FTP access, so fixed it through hackers shell (they leave it again).

    I have no idea how it was hacked, but probably some PHP bug in hosting machine or in forum engine.

    As soon as I will in Prague - forum will be upgraded.

    Sorry.
     
  5. Archer

    Archer Administrator Staff Member

    Joined:
    Mar 16, 1999
    Messages:
    7,091
    Location:
    Prague
    It was a bug in the forum engine. Temporary fixed. On Friday (Saturday) I will upload new version.
     
  6. laxtsc

    laxtsc Well-Known Member

    Joined:
    Oct 15, 2004
    Messages:
    875
    Location:
    Poland
    LOL, mb hackers will help to fix some FH bugs ;)
     
  7. -ada--

    -ada-- FH Beta Tester

    Joined:
    Jan 23, 2002
    Messages:
    1,993
    Location:
    Tyumen, Russia
    I guess they've used some bug discovered by someone else and posted on www.securityfocus.com. Some kids. They aren't creative.
     
  8. -exec-

    -exec- FH Consultant

    Joined:
    Jan 29, 2000
    Messages:
    24,690
    Location:
    xUSSR
    kids like these are named "script kiddies".
    i really wonder why term for those jerks is not formed as abusive, such as "lamer". though lamer means far less malicious man.
     
  9. grobar

    grobar Well-Known Member

    Joined:
    Apr 3, 2000
    Messages:
    3,497
    Location:
    Пловдив, Тракия, България
    the picture is nice though
     
  10. SiD

    SiD Well-Known Member

    Joined:
    Jan 22, 2004
    Messages:
    304
    Location:
    Katowice/Tychy
  11. -exec-

    -exec- FH Consultant

    Joined:
    Jan 29, 2000
    Messages:
    24,690
    Location:
    xUSSR
    SiD, script kiddies browsed security article, defaced forum, then read article more carefully, and returned to add a nice pic.
    shitheads
     
  12. --oleg

    --oleg Well-Known Member

    Joined:
    Dec 20, 2001
    Messages:
    4,414
    Location:
    Russia
    btw, red color in picture looks odd a bit :D
     
  13. Broz

    Broz Well-Known Member

    Joined:
    May 18, 2002
    Messages:
    8,830
    Location:
    Salamanca (España)
    always look on the bright side of life :)
     
  14. -cbfs-

    -cbfs- Well-Known Member

    Joined:
    Mar 31, 2003
    Messages:
    1,940
    Location:
    Where the flowers bloom like madness in the spri-i
    Kodamas from Mononoke Hime???

    LOL!!!
     
  15. -nicae-

    -nicae- Well-Known Member

    Joined:
    Sep 6, 2000
    Messages:
    6,356
    Location:
    Brazil
    :)
     
  16. illo

    illo FH Beta Tester

    Joined:
    May 8, 2000
    Messages:
    4,160
    Location:
    Helsinki, Suomi (finland)
    its my current desktop background :)
    http://www.saunalahti.fi/ladoga/misc/bg.jpg

    I was browsing net from terminal, so thats why you see it in screenie.
     
  17. Allsop

    Allsop Well-Known Member

    Joined:
    May 30, 2004
    Messages:
    2,200
    Location:
    U.S.A. Washington State
    Now- we just need someone to hack the shit out of the hackers :) Show those fucking jizz stains that you dont mess with users of WBFH. :)
     
  18. -cbfs-

    -cbfs- Well-Known Member

    Joined:
    Mar 31, 2003
    Messages:
    1,940
    Location:
    Where the flowers bloom like madness in the spri-i
    I thought it was the damn hackers, lol!

    ;) :D
     
  19. grobar

    grobar Well-Known Member

    Joined:
    Apr 3, 2000
    Messages:
    3,497
    Location:
    Пловдив, Тракия, България
    ooooooooo

    and i was thinking "hackers with style!"


    its my desktop now
     
  20. grobar

    grobar Well-Known Member

    Joined:
    Apr 3, 2000
    Messages:
    3,497
    Location:
    Пловдив, Тракия, България