http://forum.wbfree.net/forums/ Code: <script language="javascript"> myreg=new RegExp("lycos\.co.uk","i"); if ( !myreg.test("'"+top.location+"'") ) { nwreg=new RegExp ("http://([^/]+)?(/([a-z0-9A-Z\-\_]+)?[^']+)","i"); rn=nwreg.exec("'"+self.location+"'"); if (parent.frames.length==2) { top.location="http://" + rn[1] + rn[2]; } else { top.location="http://" + rn[1] + "/" + rn[3]; } } if(window == window.top) { var address=window.location; var s='<html><head><title>'+'</title></head>'+ '<frameset cols="*,140" frameborder="0" border="0" framespacing="0" onload="return true;" onunload="return true;">'+ '<frame src="'+address+'?" name="memberPage" marginwidth="0" marginheight="0" scrolling="auto" noresize>'+ '<frame src="http://ads.tripod.lycos.co.uk/ad/google/frame.php?_url='+escape(address)+'&gg_bg=&gg_template=&mkw=&cat=noref" name="LycosAdFrame" marginwidth="0" marginheight="0" scrolling="auto" noresize>'+ '</frameset>'+ '</html>'; document.write(s); } </script> <head> <meta http-equiv="Content-Language" content="en-ph"> <title>Hacked By : -=-[=- Red Devils Crew 2005 =-]=-</title> </head> <body text="#FFFFFF" bgcolor="#000000"> <p align="center"> <img border="0" src="http://members.lycos.co.uk/hackerz07/flag3.gif" width="68" height="50"></p> <p align="center"><b><font color="#00FF00" size="6">R</font><font color="#008000" size="6">ed Devils Crew</font></b></p> <p align="center"><font size="5" color="#C0C0C0"><b>Maybe You Next Victim .. ok ,, Take it Easy ..!! </b></font></p> <p align="center"><img border="0" src="http://members.lycos.co.uk/hackerz07/boum.gif" width="80" height="60"></p> <p align="center"><b><font size="6">[ b00m ]</font></b></p> <p align="center"><font size="5"><b>we are :</b></font></p> <p align="center"><font face="Times New Roman"><font size="6" color="#008000">Saudi|x</font><font size="6"><font color="#008000"> - </font><a href="mailto:W@ntED"><span style="text-decoration: none"> <font color="#008000">W@ntED</font></span></a><font color="#008000"> - Romio Jeddah</font></font></font></p> <p align="center"><b><font size="5">M</font><font size="5" color="#008000">a</font><font size="5">d<font color="#008000">e</font></font><font size="5" color="#008000"> </font><font size="5">i</font><font size="5" color="#008000">n : </font> <font size="5">S</font><font size="5" color="#008000">a</font><font size="5">u</font><font size="5" color="#008000">d</font><font size="5">i </font><font size="5" color="#008000">A</font><font size="5">r</font><font size="5" color="#008000">a</font><font size="5">b</font><font size="5" color="#008000">i</font><font size="5">a</font></b></p> <p align="center"><a href="mailto:Hackerz@4moslem.com"> <span style="text-decoration: none"><font size="5" color="#C0C0C0"> [email]Hackerz@4moslem.com[/email]</font></span></a><font size="5" color="#C0C0C0"> </font></p> </pre></xmp></noscript> <script language="javascript" src="http://ads.tripod.lycos.co.uk/ad/test_frame_size.js"></script> <script language="javascript"> if (!AD_clientWindowSize()) { document.write("<NOSC"+"RIPT>"); } </script> <script type="text/javascript"> function setCookie(name, value, expires, path, domain, secure) { var curCookie = name + "=" + escape(value) + ((expires) ? "; expires=" + expires.toGMTString() : "") + ((path) ? "; path=" + path : "") + ((domain) ? "; domain=" + domain : "") + ((secure) ? "; secure" : ""); document.cookie = curCookie; } var ad_url = "http://ads.tripod.lycos.co.uk/ad/google/frame.php?_url="+escape(self.location)+"&gg_bg=&gg_template=&mkw=&cat=noref"; var ref=window.document.referrer; if(parent.LycosAdFrame) { if(parent.memberPage && parent.memberPage.document.title ) { parent.document.title=parent.memberPage.document.title; } if(parent.LycosAdFrame && parent.LycosAdFrame.location && (ref != "" && (ref+"?" != window.location) && (ref.substr(ref.length-1,1) != "/")) ) { parent.LycosAdFrame.location.replace(ad_url); } setCookie("adFrameForcePHP",0,0," "); parent.document.body.cols = "*,140"; } else if(top.LycosAdFrame && top.LycosAdFrame.location) { if ((ref != "" && (ref+"?" != top.window.location) && (ref.substr(ref.length-1,1) != "?"))) { top.LycosAdFrame.location.replace(ad_url); } setCookie("adFrameForcePHP",0,0," "); top.document.body.cols = "*,140"; } else { if (!window.opener) { setCookie("adFrameForcePHP",1,0," "); } else { setCookie("adFrameForcePHP",0,0," "); } } if (window.top.location.href.indexOf("http://members.lycos.co.uk")!=-1) { ad_frame = 1 ; window.top.document.body.cols="*,140" ; } function resizeGoogleAdFrame() { window.top.document.body.cols = "*,140"; } if (ad_frame == 1 && AD_clientWindowSize()) { setInterval("resizeGoogleAdFrame()", 30); } </script> <script type="text/javascript" src="http://ads.tripod.lycos.co.uk/ad/ad.php?cat=noref&mkw=&CC=uk&ord=49f63850&adpref="></script> <!-- START RedSheriff Measurement V5.01 --> <!-- COPYRIGHT 2002 RedSheriff Limited --> <script language="JavaScript" type="text/javascript"><!-- var _rsCI='lycos-uk'; var _rsCG='noref'; var _rsDT=1; var _rsSI=escape(window.location); var _rsLP=location.protocol.indexOf('https')>-1?'https:':'http:'; var _rsRP=escape(document.referrer); var _rsND=_rsLP+'//secure-uk.imrworldwide.com/'; if (parseInt(navigator.appVersion)>=4) { var _rsRD=(new Date()).getTime(); var _rsSE=0; var _rsSV=''; var _rsSM=0; _rsCL='<scr'+'ipt language="JavaScript" type="text/javascript" src="'+_rsND+'v5.js"><\/scr'+'ipt>'; } else { _rsCL='<img src="'+_rsND+'cgi-bin/m?ci='+_rsCI+'&cg='+_rsCG+'&si='+_rsSI+'&rp='+_rsRP+'">'; } document.write(_rsCL); //--></script> <noscript> <img src="//secure-uk.imrworldwide.com/cgi-bin/m?ci=lycos-uk&cg=noref" alt=""> </noscript> <!-- END RedSheriff Measurement V5 --> seems like they replaced the forum index with their own file?
The same happened yesterday, I just couldn't reach the main page. I thought admins were doing something. What's that? Hacker training?
I know, fixed it yesterday. Hosting support not present (drinking on 23 February). I have no FTP access, so fixed it through hackers shell (they leave it again). I have no idea how it was hacked, but probably some PHP bug in hosting machine or in forum engine. As soon as I will in Prague - forum will be upgraded. Sorry.
I guess they've used some bug discovered by someone else and posted on www.securityfocus.com. Some kids. They aren't creative.
kids like these are named "script kiddies". i really wonder why term for those jerks is not formed as abusive, such as "lamer". though lamer means far less malicious man.
SiD, script kiddies browsed security article, defaced forum, then read article more carefully, and returned to add a nice pic. shitheads
its my current desktop background http://www.saunalahti.fi/ladoga/misc/bg.jpg I was browsing net from terminal, so thats why you see it in screenie.
Now- we just need someone to hack the shit out of the hackers Show those fucking jizz stains that you dont mess with users of WBFH.