Jihad Hackers
November 24, 2011The other day I had gotten on one of my hosted web sites, one that I gave my eldest brother, and noticed some extra “junk” items in the menu that I know that I or my brother didn’t create. This particular site is one of my two German language sites which gets a fair amount of traffic from Europe. I decided to investigate the trash put on the site. I found out first I couldn’t log on to the site anymore with my current credentials, at least through WordPress login.
I gave up after a few attempts and decided to get into the server and see what I can do.
I immediately went into the file system and checked for any changes and found a lot of new content that was put there in the past few weeks. Checking the security logs I found out right away that the intrusions came from Turkey.
Next step was to see what damage to the WordPress core was done. I started by re-configuring my wp-config.php so that all older cookies were dead. The Turkish invasion was DAILY. I went into the SQL database and purged all Turkish content. I replace the WP prefix on the SQL tables to something else to thwart future hackers in a SQL injection hacking attempt.
The hackers inserted an HTML file on my site which I saved IF you want to see it below. If you don’t want to visit their moslem jihad propaganda the screenshot below will give you an idea. Follow my advice below IF you want to see their site or visit it on a public, library computer.
Click the image (twice) below for full size.
 Firefox browser screenshot of Turkish (moslem) hacker |
To view the actual site for the screenshot at left use the following precaution.  This method uses the Web Developer add-in for FireFox.
 Turn off referrers with Web Developer Click here - The link I saved off my site but the content is on the hacker’s site, you do not want to be on their system logs. The hacker’s site has the YouTube video propaganda and plays the revolutionary music. The bottom green banner is an iframe banner playing music. |
The person placing this garbage on my site came from the following IP. It is a DSL connection somewhere in Turkey! I’m not surprised.
IP Information for 78.173.53.69
NetRange: 78.0.0.0 – 78.255.255.255 OrgName: RIPE Network Coordination Centre ReferralServer: whois://whois.ripe.net:43 OrgAbuseHandle: RNO29-ARIN OrgTechHandle: RNO29-ARIN |
inetnum: 78.173.0.0 – 78.173.255.255 address: 06530 ANKARA fax-no: +90 312 313 1924 route: 78.160.0.0/11 route: 78.173.0.0/17 |
This quest will take a little time but I know I’ll get them. I’ll have updates later.
Share
[...] Jihadi Hackers [...]