I don't know what else to say about this. There was NO transfer of information to any outside party. When I logged onto my WoW site tonight I got this:

So much for CPG-Nuke being secure!

do you have ANY prrof that it was through cpgnuke that you got hacked? Just because you run cpgnuke and got hacked does not make it cpgnukes fault.

NEMINI wrote:

do you have ANY prrof that it was through cpgnuke that you got hacked? Just because you run cpgnuke and got hacked does not make it cpgnukes fault.

I don't exactly know how to prove it. I have the site's raw access logs that I will go through. The only access to the site was through the Internet, nobody has accessed it through FTP or any other method in 3 weeks. I believe that in this case that we need to consider CPG-Nuke unsecure to some new access method until it is deemed not true. Unfortunately, I do not have the knowledge on what exactly to do to trace the source of the hack. I have changed the domain's password, erased my public_html folder, and will be re-installing CPG-Nuke tonight. We shall see what happens...

you on a shared box? dedicated? self run?

NEMINI wrote:

you on a shared box? dedicated? self run?

Shared box on LunarPages.com. I have already submitted a trouble ticket asking them to trace the source of the attack and press charges. I have also asked them to do a restore of the site with their latest backup.

it's at least as possible someone else on the same server could have been compromised leading to you being hacked as cpgnuke being responsible.

Until more is known anything is possible.

PS: did you patch the known search exploit?

sounds as if lunarpages' server was hacked - not specifically cpg-nuke as your target.

NEMINI wrote:

it's at least as possible someone else on the same server could have been compromised leading to you being hacked as cpgnuke being responsible. Until more is known anything is possible. PS: did you patch the known search exploit?

That is true. I would hope that they would honest enough to say if that was actually what happened. I will keep ya'll informed as I get new information. Yes, not only did I patch the known search exploit, but I also had all search features turned off on the site.

it wasnt DF the hacker gained access to. theres no way the could change the entire page that way unless they had server access

RottGutt wrote:

Yes, not only did I patch the known search exploit, but I also had all search features turned off on the site.

How about the other official 9.0.6.1 security patches? (Those are more important than the Search thingy as far as I know.)

You might find th is to be of some interest...

www.stokia.com/news/is...k-info.htm

That is either the answer or someone using that issue as a coverup. Is lunarpages by chance a subsidiary of godaddy?

djdevon3 wrote:

That is either the answer or someone using that issue as a coverup. Is lunarpages by chance a subsidiary of godaddy?

No, but some people keep godaddy as their registrar, even if they host their sites somewhere else.

Having godaddy as your registrar means nothing. The registrar was not hacked godaddy hosting was which is a seperate entity/system.

djdevon3 wrote:

Having godaddy as your registrar means nothing. The registrar was not hacked godaddy hosting was which is a seperate entity/system.

According to the article posted here, they were validating it by looking at the registrar. They are assuming that if the registrar is godaddy, then the site is hosted there. This isn't true and a bad assumption.

BUT, I haven't looked at any other articles to find a better written article.

<Edited to add the below>
And rereading the article, they are blaming it on an email script at Godaddy, So I went to the Lunarpages forum, and there's a thread there where multiple sites have been hacked.

Rottgutt,
If you haven't gotten a hold of lunarpages support, go to their forums, to find out the latest.