Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all,
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.

Web site search prob!

  • 25-07-2019 10:38pm
    #1
    Fionn
    Registered Users Posts: 2,368 ✭✭✭


    Hi,
    I've searched the web etc. to try and find out more but didn't get very far;
    a google search is showing an URL that I did not publish, it appears to be from https://mirror-h.org/ apparently a turkish site

    it has my web URL with ' /spy.html' tacked on to the end of it. THis leads to a site called my url hacked by Hector | mirror-h.org

    I've looked at my files etc. theres no new files as far as I can see

    is there any way that I can get this removed?

    thanks


Comments

  • #2
    horgan_p
    Moderators, Education Moderators Posts: 2,603 Mod ✭✭✭✭horgan_p


    Fionn wrote: »
    Hi,
    I've searched the web etc. to try and find out more but didn't get very far;
    a google search is showing an URL that I did not publish, it appears to be from https://mirror-h.org/ apparently a turkish site

    it has my web URL with ' /spy.html' tacked on to the end of it. THis leads to a site called my url hacked by Hector | mirror-h.org

    I've looked at my files etc. theres no new files as far as I can see

    is there any way that I can get this removed?

    thanks

    Let me see if I have this right :

    1) someone goes to your site - lets call it 123.com
    2) visitor gets redirected to 123.com/spy.html
    3) You cant see 123.com/spy.html in your directories

    Is this correct ??

    If so :

    1) can you verify that the visitor is not being redirected to a different ip address ?
    2) can you 100% say that spy.html is not in your public_html folder ?

    Thanks


  • #3
    horgan_p
    Moderators, Education Moderators Posts: 2,603 Mod ✭✭✭✭horgan_p


    Ok so from looking, your site is eup.ie , is that correct ?
    If so , your first step is to get yourself an SSL cert.

    Also your site is sitting on Apache 2.2.11 , which has a number of security issues, which is most likely how the attacker got to edit your site.
    The latest version of Apache available as I type is : 2.4.39. Update your Apache instance.


    If anything I've just said makes no sense then get onto whoever maintains your website to rectify those issues.


  • #4
    Fionn
    Registered Users Posts: 2,368 ✭✭✭Fionn


    hi thanks for replying.
    No thats not my site

    I have a site called pclynch.com, if you search on google or whatever, you get in the results http://pclynch.com and another result called pclynch.com hacked by Hector | mirror-h.org https://mirror-h.org/zone/2266932/

    I've tried a whois lookup but it returned nothing
    i did an RBL Lookup and it directed to http://pclynch.com/spy.html

    I've did a little digging around and I think I have their IP address and apparently the IP is part of the cloudflare network.

    Having looked at their website it looks like they're a bunch of lads poking for vulnerabilities on sites. The only thing that puzzles me is how they can have their 'hacked' result showing up in search results?


  • #5
    horgan_p
    Moderators, Education Moderators Posts: 2,603 Mod ✭✭✭✭horgan_p


    Hi ,

    Looks like my advice also applies to your site - no SSL cert and Apache hasnt been updated in a long while.


    The hacked site will come up in googles result for the same reason any other site will. Google doesnt differentiate.

    Update your site, sort the ssl and learn from the experience.


  • #6
    Fionn
    Registered Users Posts: 2,368 ✭✭✭Fionn


    thanks,
    I had another look at the site and found two new files one a text file and the other spy.html
    the text file read;
    Hacked By InBull3T

    Fix the server as soon as possible
    We don't have personal issue with you
    We used to hack for fun and practice
    Youtube Channel : https://www.youtube.com/channel/UCzdhhWn2dcsFWlA1GJnELmw
    ./Logout

    So they were able to get into the site and yeah I have very little experience in this regard, thanks for the advice on SSL and I've updated Apache Version to 2.4.39


  • Advertisement
  • #7
    Phileas Frog
    Closed Accounts Posts: 946 ✭✭✭Phileas Frog


    horgan_p wrote: »
    Hi ,

    Looks like my advice also applies to your site - no SSL cert and Apache hasnt been updated in a long while.


    The hacked site will come up in googles result for the same reason any other site will. Google doesnt differentiate.

    Update your site, sort the ssl and learn from the experience.

    What exactly is the SSL certificate going to do? The point of entry is probably through the contact form


  • #8
    horgan_p
    Moderators, Education Moderators Posts: 2,603 Mod ✭✭✭✭horgan_p


    Phileas Frog wrote: »
    What exactly is the SSL certificate going to do? The point of entry is probably through the contact form

    As you're doing work on the site, you may as well bring it up to scratch plus SSL certs arent expensive (free in some cases) so no reason not to.


  • #9
    Phileas Frog
    Closed Accounts Posts: 946 ✭✭✭Phileas Frog


    horgan_p wrote: »
    As you're doing work on the site, you may as well bring it up to scratch plus SSL certs arent expensive (free in some cases) so no reason not to.

    It was your first step.


  • #10
    horgan_p
    Moderators, Education Moderators Posts: 2,603 Mod ✭✭✭✭horgan_p


    Its the first thing I see when I go to a site without one


Advertisement