ever herd of cacad?

mctrivia · 2010-11-24 16:17

Someone replaced 2 of my domains with this. I have already contacted my service provider to see if the bug is on there side but I was wondering is cacad the file they are suggesting I fix or does it mean something else? I can't seem to find out. In the mean time my site will be down for a bit until I can be sure that it was only the defacing they did.

attachment.php?attachmentid=75699&stc=1&d=1290643181

attachment.php?attachmentid=75699&stc=1&d=1290643181

wjsteele · 2010-11-24 18:10

Interesting... it appears that it's a hack against some form of CMS site. What are you running on yours?

EDIT: Actually, looking at it further, PropModule.com has a temporary file that clearly shows usernames and passwords. I'm not sure if that is your's or the bad guys code, but it's clearly there.

This appears to be a script kiddie running a package that finds sites and automatically hacks them. It's targeting PHP sites running on Apache.

Bill

mctrivia · 2010-11-24 18:29

oscomerce will be upgrading everything and check to stop happening again

localroger · 2010-11-25 07:29

This happened to the company I work for about 10 years ago, the local ISP that was hosting our site got rooted and everyone they were hosting got a homepage like this bragging on the h4x0rz. Fortunately they had up to date backups and were able to put it back without much fuss.

ever herd of cacad?

Comments