Hey hacker guy

[Guest]

Wow, I feel sorry for the people that don't have anything to do so they hack accursedfarms

[Guest]

I am sure that the hack attack was just to make them feel "stronger" than someone so just ignore them, because they attack low security webs because they cant hack a really strong one.... they are losers....

i hope someone help you with your work Ross, because its really gooooood!

keep it up Sr. !!

[Guest]

Man, don't come in for a few days and all hell breaks loose.

Keep it going, Ross. Something good is bound to come your way. You know, considering that all this crap desides to happen.

[Guest]

Whoa...I didn't even notice something was wrong until I read this. I usually check the site whenever the RSS feed updates, and I check it daily. Somehow the last two updates (the hacker's) were already marked as read, so either that was a side effect or I'm really not paying attention to what I'm doing.

 

Anyway, good to see everything's back to normal.

[Guest]

Want help with rebuilding the site?

[Guest]

It's like they're trying to tell you "Hire us for better security"

 

You know, like if you were actually making money out of this.

[Guest]

The hacker might be motivating you to get a donate button

[Guest]

it's summer, so the script kiddies are rampant. Bummer

[Guest]

Since it seems like an advertisement for their services, I wonder if they stand to make any money off attacks like this.

[Guest]

Okay, I'm not going to read the rest of everyone elses' comments, but quite a few are not very correct. So shut up and start reading.

 

First off, the guy who hacked this site has a site from freewebs. Freewebs did not hack accursedfarms.com. The people who think that's his site are complete idiots. Freewebs changed their name to just webs about 3-4 years ago. If you want to help out, go report the hacker's site to freewebs.

 

Also, your "hacker" is really just a script kiddie. I mean really, it's obvious. Look at his stupid webpage. Look at the code. It's just sad.

 

For those guessing how he got in, stop. This site is just a couple of php scripts. It's most likely he got in via form injections. This just means whoever programmed your site didn't make sure to take user input sanitized. The "hacker" probably just had the database dump and got everyone's username and password. Bam. Now he can login as Ross and post what he wants. Notice how all posts the hacker made were by Ross? There you go.

 

However it's possible that:

1) Ross has some extremely outdated web software installed somewhere that he just doesn't use and never deleted (like Wordpress, Joomla or Gallery).

2) He guessed your ftp password, Ross. But judging on the damage, this is not likely.

 

Also, Ross? Not a good idea to keep those posts there. Atleast delete the images. That only helps him.

[Guest]

What music?

[Guest]

Ross, you are a good man, patience is a virtue possesed by few.

As a faithfull viewer, I say take your time

[Guest]

kinda a waste of time to hack this site, and i dont really see anything at risk (ie personal info etc) so ignore it. also if that youtube video is the song they put on the site...that is kind a funny, but they should have embedded that video instead of those pics, way funnier. but maybe im just being racist or perhaps culturalist because this: http://www.youtube.com/watch?v=OWeIBEKY3S4 totally had me on the floor.

[Guest]

I hope they don't have acces to the database. f they do, we'll all recieve a lot of viagra spam and junk emails...

 

PS: Whitehats FTW

[Guest]

You could just break down into a basic html and get rid of the rss feed. Just make another page to link to for all news, and it'd work the same except when adding in posts. php the comments, but i don't think you want to do that.

 

I love your vids and hope more come.

 

-lex (http://www.youtube.com/user/someoneinexistance)

[Guest]

Okay just to clear something up, No one and nothing "hacked" this site, they cracked it! It's 2 complete different things!

1. Hacking is modifying something to improve it

2. Cracking is exploiting someone's system to do something bad. (or just does something bad)

[Guest]

@Anonymous at 20:33:54

That was an SQL injection, please read early comments. While it is possible that the passwords were not md5()-ed, I strongly believe (or hope ) that they were. If they were encrypted, nobody can login as you. If they weren't (which is less likely), yes, the person might have all your login/pass details but unless you keep the same password for everything, I don't see any risk here. The person didn't need to get Ross's login/pass, he likely directly UPDATE-ed or INSERT-ed in the DB.

 

Regarding upcoming spam as Muzt4nG suggests, yes, that's a possible scenario. I don't have enough time on my hands (and don't really want to, that injection is really trivial and not interesting) to go ahead and verify what can be pulled from DB but I am almost 100% sure that emails can be pulled.

 

However if the guy had hacked to get any gain, he wouldn't had posted all this childish stuff here. He would actually had kept everything silent and continued pulling emails from DB as new users register. So that said I think the only motive was "just for lulz".

 

PS. I likely messed up all these would-s and had-s, sorry, english is not my native language

[Guest]

SQL injection is really easy to fix... and that was prolly some 14y old lamos, sice this is like ... well .. lame... i mean look i can make smile here in comments im hacker yay...

 

Just filter all $_POST and $_GET variables with something like htmlspecialchars or mysql escape string functions and thats it... (no more than 5mins work)

 

If you dont know how to do it, lots of people here will do it for you.

(sorry for my gramaticaly incorrect sage input)

[Guest]

Am I vulnerable to hackers by visiting this site now?

[Guest]

Posted by Anonymous at 02:09:21 :

 

No.