View Full Version : Hacked by METLAK, anyone?

August 21st, 2006, 05:24 PM
My friend the Composer thought to take a look at his website

ezrasims.com (http://ezrasims.com)

and found this message instead of the home page:

Hacked by METLAK ownz Heyyy israil and usa Stop war :(
uid=0(root) gid=0(root) groups=99(nobody)

When I googled "Hacked by METLAK" I found he was one among some 10,000.

Does anyone know anything of this hack?

Does anyone have a suggestion for decreasing the site's vulnerability? Most of the sites I've checked seem to be small 'homemade' ones like Ezra's (set up by a friend in the business) which makes me wonder if there isn't some fairly easy fix to keep these dopes and others operating on their level from doing it again.

The other pages are still accessible --by adding /press.htm (for instance --easy to type), after which the other links still work.


He says he's complained to "to the host site and AOL," and no, I don't know what relation they have to one another. He's an AOL subscriber.

Judy G. Russell
August 21st, 2006, 06:35 PM
As far as I know, this kind of hack means the host isn't running necessary protective software or hasn't closed holes in its security. Your friend, unfortunately, probably can't do a thing about it personally. Except move to another hosting company...

August 21st, 2006, 10:50 PM
Does anyone have a suggestion for decreasing the site's vulnerability?

The fact that so many sites have been hacked by this person implies that he is using a script to search for one or more common security holes on web sites. Anything that is that common should be well known and should be sealed up by a competent sysadmin. If ezrasims.com was running something like a bbs or blog, which it isn't, I would think that there was some chance that the software it was running had some security hole that is the responsibilty of the person setting up the web site. It is possible that whoever did set up the website did so with incorrect access permissions to the site's directory, making it write-accessible to anyone else who has a web hosting account on the same server, or to someone who hacks into the account of another customer on the same server. (I noticed that this is a cheap web hosting account that shares a server with other customers).

However, while looking for evidence of how this could have been done I found that the web hosting company, HostRocket.com, has a blog on their site at nocblog.com, and that site is running as their blog software WordPress version 2.0.1. The current version is 2.0.4, and every one of the three upgrades since 2.0.1 were security fixes. I'm not criticizing WordPress, in fact I use it myself, but the fact is that the web hosting company is running a web site with security vulnerabilities that have been known to the public since last March.

I would suggest that your friend switch web hosting companies right away. This hack may not have been through HostRocket's blog, but the vunerabilities they have left there do not speak well for them staying on top of the security of their systems.

While it is usually true that you get what you pay for, GoDaddy.com is not much more expensive than HostRocket.com's super-cheap offering, and seems reliable enough. I would be wary of most web hosting companies that are in that low of a price range, but I haven't yet seen problems with GoDaddy.

September 7th, 2006, 05:11 PM
Thanks so much, and I'm sorry to have been so late saying so. Ezra found that it was indeed a vulnerability in the host, and has the home page text back up anyway. I'll suggest that he ask his techfriend about GoDaddy. "Poor composer" is a redundancy but he can probably afford that little bit more.

Thanks again for the detailed explanation. It will help me when I finally get a web page up, if we ever do.


September 8th, 2006, 04:50 AM
It will help me when I finally get a web page up, if we ever do.

In the meanwhile, you might want to try http://blogsearch.google.com or http://technorati.com [?] to look for blogs that have a lot of sport fishing posts in them and see if said blogs allow posting of comments, such that you could plug (pun intended) your new book. e.g. search for "fishing tackle" or "sport fishing" in blogsearch

Blogs have some advantages over web sites and mailing lists, such as less complexity (compared to being a web master) and less divulging of private info required by mere lurkers on public blogs (i.e. no signup, just point your RSS reader at the blog to "subscribe").