Atma Xplorer

Xploring Games, Computing, Photography

My experience with Blog Hackers

Remember this post?

Sender Information:
Stephen Ian Advincula
www.atmaxplorer.com

Recipient Information:
www.pdada.com
via: Register

NOTICE OF COPYRIGHT INFRINGEMENT
Ladies and Gentlemen:
On behalf of www.atmaxplorer.com, owned and operated by Stephen Ian Advincula (the Owner)
As required under Sections 512(c)(3) and 512(d)(3) of the Digital Millennium Copyright Act (17 U.S.C. 512(c)(3) and 512(d)(3)), I was instructed to place you on notice that:

1. The owner (Stephen Ian Advincula) is the exclusive owner of the copyrights in and to the Atma Xplorer. This applies to all files and information related to atmaxplorer.com therein; and

2. Entering on the URL www.pdada.com, the website in question contains a fully copied version of Atma Xplorer (www.atmaxplorer), including all files and database.

3. All posts from pdada.com are exact copies of those found in www.atmaxplorer.com

Please immediately remove or disable all access to the Infringing Material.

I have a good faith belief that the use of the Infringing Material is not authorized by the Owner, its agents or the law. The information in this Notice of Copyright Infringement is accurate and under penalty of perjury, I am authorized to act on behalf of the Owner.

Should you require any further information regarding this matter, please contact me at the email address indicated below:
sylv3rblade(at)gmail(dot)com

Very truly yours,
Stephen Ian Advincula

A simple whois on the domain reveals the information of the culprit:
Richard Tidwell
998 Lancelot Drive
Norcross, GA 30071
This is a screen shot of the site infringing Atma Xplorer:

Please, remember it well.

Yep. My site has been copied, and just recently, hacked by some malicious individual. Who? Probably the same guy behind pdada.com. A quick trace of the last login in my Cpanel has been traced to China. Not really surprising since the PHP bomb (or something similar to it) that was planted on my site was in Chinese.
Luckily, my host Zanzhosting keeps daily backups (I do keep backups too but since they’re forwarded to my email and it’s been comprimised it basically was worthless). I’m currently reuploading the comments so it may take awhile but I’ve hardened my blog with double the security details I know.

What to do to prevent your site from getting hacked?

  • Don’t ever login to your cPanel via a computer that you don’t trust.
  • While I didn’t actually do such a transaction, it’s possible that one or more of my browsing records were uploaded to the net and ended up with the bad guys.

  • Keep track of what’s in your directory
  • A few hours before the hack, I noticed an /upload folder and ignored it. Guess you can say that was the key to this whole incident. When I browsed the contents of that folder, it contained the malicious script that opened the doors to the hackers.

  • Always always keep backup in SECURE several places
  • My biggest mistake was that I had my back up in several places but they were not secure. I had them in my directory AND my email which turned out to be the worst combination. In any case, I’ve set up several copies on my online storage sites so I can grab them anywhere and whenever I need them.

  • Choose a hosting that cares
  • Throughout the ordeal, Zanzhosting’s was helping me along the way. Although most of the incident was my fault, they helped me get through it. The best service they’ve provided was the daily backups since my most recent “good” backup was a week old.

If you see my site down again, that means I pissed off the hackers again AND they’ve managed to bypass my securities again. In any case, at the moment, my site’s back up and running although still missing a few items.

The sad part is that Register.com has still to respond to my DMCA email. In any case, I’m just glad that I’m back. Bring on the $$$


Comments ( 10 )

Have Something To Say ?

  1. vex September 4, 2008 Reply

    wow galing ng hacker

  2. poldo September 4, 2008 Reply

    NICE STEPHEN.. I HOPE ALL HACKERS WILL BURN TO DEATH HAHAH!!

  3. mitsuhiko September 4, 2008 Reply

    wow nice anit-hacker tips hehe

  4. Ron September 5, 2008 Reply

    At least your back! =D

    Rons last blog post..The Microsoft Philippines SQL Server 2008 Architect’s Forum

  5. sylv3rblade September 6, 2008 Reply

    yeah haha.
    It took 6 hours and a leave from work to bring my site back up pero I think it’s worth it. I learned so much hahah

  6. hottietin September 16, 2008 Reply

    naku, pano mo nalaman ung kaparehas mo na site? dun lang din ba sa /upload na folder at laman na script?

  7. sylv3rblade September 16, 2008 Reply

    nung una sa website tracking…
    dun kasi sa pageviews ko.. may from pdada.. tapos when I checked HULIKA!

    I’m still waiting for register.com’s response. Bagal nila amf

  8. Jehzeel Laurente September 16, 2008 Reply

    ooOoh!! this is creepy + scary.. wooot!

    Jehzeel Laurentes last blog post..Why Batang Yagit Should Win the Bloggers’ Choice Award?

  9. Jaypee September 26, 2008 Reply

    Good thing you got your blog back. Inspite of the unfortunate event, this is a good learning experience for you and a reminder to the rest of us to be careful. We always need to practice safe computing.

    Have a good weekend! 🙂

  10. weng cariaga December 9, 2008 Reply

    sir

    galing ng gumawa!!! pero foul pa rin yun!!!!

Leave a Reply

website stats