The Refresh Georgian Hacker
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
Solved!
Short post. Just got one of my blogs hacked. Only one blog and I only lost one post since I do backups. Some people. But only at the blog level because hey, other sites on that account are still active. I am refraining from commenting any more for fear of repercussion.
So its good to do complete database backups with a frequency equal to the frequency of posts. I am starting to wonder about Wordpress now. I used to run a site using PhpNuke that got hacked weekly due to a security issue in it. I am going back to Wordpress there, but will be looking further into Drupal to see if it is more secure.
Just a minor setback. Big enough to possibly put off the post I was going to do today until tomorrow.
No, I am going to comment. Hey, Refresh, if that’s your first name, is it fun acting like a juvenile. Well, I didn’t think of it. You probably are. Some fourteen year old sitting in a cave screwing with sites that don’t matter anyway. Guess what. I was having issues with that installation. Now I can wipe it clean and install my backup. Sorry for your luck. How long were you to fly your flag? A few hours. Well, it’s gone now buddy.
UPDATE
Here is the name of the person who owns the domain where his files are hosted:
person: Alexander Shakh-Nazarov
phone: +995 32 920000
e-mail: shakh@caucasus.net
nic-hdl: AS2778-RIPE
address: Caucasus Network
address: 42 Rustaveli ave.
address: Tbilisi, Georgia
One of the files was pulled from a .ge domain which I can’t find a whois for.
zhani-kalandadze.ge
Anyone want to email him, do so here: Refresh_Destroyier@Yahoo.Com
Down to one post lost. Thank god for full feeds and Zimbio.
UPDATE
Figured it out. He snuck in through a Wordpress Forum plugin and he keeps trying it. See the last comment.
Tags: refresh georgian hacker
Related posts
|
|
How My Blog Got Hacked | Stephan Miller said
January 15 2008 @ 7:40 am
[...] Digital Products Review, a blog where I am slowly breaking down how I make money through Clickbank, got hacked by someone from Georgia. Not the state, the country. It seems to be a trend. The guy must have collected a bunch of sites [...]
Jeremy said
January 16 2008 @ 2:48 pm
Stephan,
I have twice had to clean up after his headache. Refresh has hacked my blog twice, and I have no clue why or for what????
There are 219K results for his hacking handle:
http://www.google.com/search?q=Georgian+Hacker&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
I have a feeling he is using a WP exploit to get in.
Anyone else have success? This guy is ruining my weekends…grrrrrrrrrrrrrrr.
Best,
Jeremy
Was this comment useful to you ?
Stephan Miller said
January 16 2008 @ 3:26 pm
Twice. That sucks. I am not sure how he got in.
1. He edited my stylesheet
2. I am not sure he deleted posts. I rebuilt so quick I forgot to investigate it further. But my last post before the hack still shows up in Google with his name attached, so maybe he didn’t. Hey, Google, I need indexed over there. So maybe I just thought he deleted them.
It has to be an exploit or else he could have done more damage if he was actually poking around in my admin. But I am not sure. That’s why I threw up a Google flag
once it happened. Now I randomly rank #1 for his name, depending on the ranks of the blogs he hacked that day. LOL
It seems it’s not just Wordpress blogs he hit either. Some seem to be forums and other sites. I am not up on if he could somehow edit the stylesheet because of a chmod issue or even sure how that works.
It only took an hour or so for me to rebuild, but you are right. It sucks. Someone has to have investigated this further and I will leave the flag up here.
Why do people graffiti objects they don’t own? About the same question.
Was this comment useful to you ?
Stephan Miller said
January 22 2008 @ 4:48 pm
I did have a Wordpress forum installed.
And since shutting it off, I have had multiple searches looking for the exact phrase that is listed in the forum.
Here is a little bit of detail on that:
http://weblogtoolscollection.com/archives/2008/01/21/wp-forum-plugin-security-bulletin/.
So I think this is the answer.
Was this comment useful to you ?
Colin Walker said
January 23 2008 @ 3:51 pm
Glad it wasn’t to painful for you Stephan.
Was this comment useful to you ?
Stephan Miller said
January 23 2008 @ 3:54 pm
Me too. I just wanted to get the word out. I still rank #1 for his name in Google. So I had an obligation to track the issue down, at least in my mind.
He is still hitting the same blogs over and over because they don’t know he got in through the forum.
Was this comment useful to you ?
Making Sales Making Money said
January 23 2008 @ 5:04 pm
Stephen , thanks for the information, recently learned my own lesson about backing up database
Making Sales Making Money’s last blog post..Define your Niche, Stay in Your Niche
Was this comment useful to you ?
Jeremy said
January 23 2008 @ 5:50 pm
I too deactivated WP Forums, sad… it was a great simple and easy to implement add on. Hopefully the Plug in author modifies the code so we all can use it safely.
Stephan, thanks again for all your hard work.
Best,
Jeremy
Jeremy’s last blog post..Importance of Keywords in PPC
Was this comment useful to you ?
Joe Tech » How to Hack a Person said
January 23 2008 @ 8:31 pm
[...] people are a familiar with the term “hacking“. In general, it refers to gaining unauthorized access to a computer. One definition from [...]
Stephan Miller said
January 24 2008 @ 6:58 am
I just happened upon that post about it and checked out a few sites and all the sites I found had that forum plugin. Plus the guy hit my site a few days ago searching by the authors link anchor after I had uninstalled it.
Was this comment useful to you ?
MorganLighter said
January 25 2008 @ 9:48 am
It’s pretty sad when miscreants like this prick spend their time in destructive endeavors. Believing in karma, what comes around goes around and one day he’ll get his.
Was this comment useful to you ?
Getting Yourself Unhacked by Mr. Exe, Destoyer, or Dark Master | Stephan Miller said
February 11 2008 @ 11:15 am
[...] think this started with Refresh, the Georgian Hacker, but now a few other hackers are getting in on the [...]
Comment RSS · TrackBack URI
Leave a comment
Note: All new comments held for moderation which usually happens within a day.
TagsAdwords
affiliate marketing
Affiliate Programs
alexa
alexa rank
Blogging
blog traffic
cgref plugin
comments
CSS
delicious
digg
Drupal
Ebay
education
entrecard
facebook
Feeds
Firefox
free wordpress theme
getting things done
Google
inspiration
Linking
make money online
motivation
mybloglog
MySql
pagerank
Php
plugins
Search Engines
SEO
Software
squidoo
stumbleupon
technorati authority
themes
Traffic
traffic update
tumblr
webalizer
widget
Widgets, Gadgets, and Extensions
Wordpress
wordpress plugins
Writing
yahoo
zen to done
ZTD
Recent Posts
Top Posts
BlogRoll
Recent Comments
© 2006 - 2008 Stephan Miller - More Than Multiple Widgets Theme By Stephan Miller