Comments on: Simiens Crew 2005 - How They Did It! http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/ Web Development by Chovy Sat, 06 Sep 2008 01:41:23 +0000 http://wordpress.org/?v=2.2.2 By: HAILEY RHEA http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/#comment-17036 HAILEY RHEA Thu, 30 Nov 2006 05:40:41 +0000 http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/#comment-17036 I think this is an excellent post. I was referred by ProBlogger (as have many, no doubt). I think this is an excellent post. I was referred by ProBlogger (as have many, no doubt).

]]> By: Anonymous http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/#comment-242 Anonymous Wed, 31 Dec 1969 16:00:00 +0000 http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/#comment-242 Hi...<br /><br />We *anon* just got done over with same hack..<br />except the f**kin looser who did it used his own webserver to upload the backdoor code from etc..<br /><br />anyway.. wanted to say I greatly appreciated finding your article.. and source codes... it has helped..<br /><br />nice work dude Hi…

We *anon* just got done over with same hack..
except the f**kin looser who did it used his own webserver to upload the backdoor code from etc..

anyway.. wanted to say I greatly appreciated finding your article.. and source codes… it has helped..

nice work dude

]]> By: LifeSteward http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/#comment-243 LifeSteward Wed, 31 Dec 1969 16:00:00 +0000 http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/#comment-243 We had about a dozen hit last night. I was using AwStats 6.1 and hadn't heard of this yet. They also deleted all the files and directories containing "log", so I couldn't look at the log files. Worst yet, the LOGO images and many "blog" files were deleted as well. Lots of fun.<br /><br />I posted about it <A HREF="http://www.blogger.com/r?http%3A%2F%2Fwww.lifesteward.org%2Findex.php%3Ftitle%3Dugh_i_ve_been_hacked%26more%3D1%26c%3D1%26tb%3D1%26pb%3D1">at my blog</A>. We had about a dozen hit last night. I was using AwStats 6.1 and hadn’t heard of this yet. They also deleted all the files and directories containing “log”, so I couldn’t look at the log files. Worst yet, the LOGO images and many “blog” files were deleted as well. Lots of fun.

I posted about it at my blog.

]]> By: PoiSQueM http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/#comment-244 PoiSQueM Wed, 31 Dec 1969 16:00:00 +0000 http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/#comment-244 Hey Chovy,<br /><br />I've an incident here in my company too. All the users pages has been compromised and the index.html overwritten by "Simiens Crew 2005, Enquanto Houver Fome Morte Guerra Simiens Existira". <br /><br />Just complementing your nice job, I took a look on those executables and both are backdoors programs. tt.txt open an socket on port 3333 and dc.zip is a reverse shell.<br /><br />I couldn't reproduce this on my website. Any idea?<br />Latter... Hey Chovy,

I’ve an incident here in my company too. All the users pages has been compromised and the index.html overwritten by “Simiens Crew 2005, Enquanto Houver Fome Morte Guerra Simiens Existira”.

Just complementing your nice job, I took a look on those executables and both are backdoors programs. tt.txt open an socket on port 3333 and dc.zip is a reverse shell.

I couldn’t reproduce this on my website. Any idea?
Latter…

]]> By: Anonymous http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/#comment-245 Anonymous Wed, 31 Dec 1969 16:00:00 +0000 http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/#comment-245 My website was hit by this attack as well. Thank you very much for your quick detective work. Really appreciate it. My website was hit by this attack as well. Thank you very much for your quick detective work. Really appreciate it.

]]> By: Anonymous http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/#comment-246 Anonymous Wed, 31 Dec 1969 16:00:00 +0000 http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/#comment-246 My site was hit. All index.php pages were changed. They all now have the monkey on it. Does anyone know who done this? I wished someone would prosecute them. My site deals with issues such as miscarriages, child loss, etc..<br />And to really kick things in the butt these losers done it at a time when my family had a loss. I hope they are able to sleep at night. My site was hit. All index.php pages were changed. They all now have the monkey on it. Does anyone know who done this? I wished someone would prosecute them. My site deals with issues such as miscarriages, child loss, etc..
And to really kick things in the butt these losers done it at a time when my family had a loss. I hope they are able to sleep at night.

]]> By: chovy http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/#comment-247 chovy Wed, 31 Dec 1969 16:00:00 +0000 http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/#comment-247 Don't take it personally, they've hit thousands of sites, because they were vulnerable. I don't know exactly what the portugeuse means, but somewhere I read it had some political motivation behind it. Best thing you can do is join security announcements mailing list for your linux distro (god help you if you use Microsoft). Don’t take it personally, they’ve hit thousands of sites, because they were vulnerable. I don’t know exactly what the portugeuse means, but somewhere I read it had some political motivation behind it. Best thing you can do is join security announcements mailing list for your linux distro (god help you if you use Microsoft).

]]> By: Anonymous http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/#comment-248 Anonymous Wed, 31 Dec 1969 16:00:00 +0000 http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/#comment-248 "enquanto houver fome morte guerra Simiens existira" roughly translates to "while there is hunger, death, and war, Simiens will exist." “enquanto houver fome morte guerra Simiens existira” roughly translates to “while there is hunger, death, and war, Simiens will exist.”

]]> By: chovy http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/#comment-249 chovy Wed, 31 Dec 1969 16:00:00 +0000 http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/#comment-249 Hmmm....and they're solving that problem by hacking sites. Why didn't I think of that? Hmmm….and they’re solving that problem by hacking sites. Why didn’t I think of that?

]]> By: Anonymous http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/#comment-250 Anonymous Wed, 31 Dec 1969 16:00:00 +0000 http://www.chovy.com/personal/simiens-crew-2005-how-they-did-it/#comment-250 Hey..<br />if you open that <br />Welcome to Data Cha0s Connect Back Shell, Data Cha0s Connect Back Backdoor, lots of reference to .h files, tt.txt, dc.zip, lots of stuff.. Searching on google for "Data cha0s" finds loads of stuff about this PHP script.. Adding "hax0r" to the search finds a site defaced by "Data Cha0s"..<br />.. Fecking crackers..<br />- Ben Hey..
if you open that
Welcome to Data Cha0s Connect Back Shell, Data Cha0s Connect Back Backdoor, lots of reference to .h files, tt.txt, dc.zip, lots of stuff.. Searching on google for “Data cha0s” finds loads of stuff about this PHP script.. Adding “hax0r” to the search finds a site defaced by “Data Cha0s”..
.. Fecking crackers..
- Ben

]]>