Greek PM web site hacked - Printable Version +- Deep Politics Forum (https://deeppoliticsforum.com/fora) +-- Forum: Deep Politics Forum (https://deeppoliticsforum.com/fora/forum-1.html) +--- Forum: Black Operations (https://deeppoliticsforum.com/fora/forum-9.html) +--- Thread: Greek PM web site hacked (/thread-9627.html) |
Greek PM web site hacked - Magda Hassan - 25-07-2012 GREEK PEOPLE PAID 20.000e for this website It is a wordpress.(free software) And guess what? ......warn: WordPress version outdated: Upgrade required... This means that sensitive information are exposed to anyone who can breakthrough a non updated platform -THEIR SITE CAN BE HACKED AND ANONYMOUS IS GIVING YOU THE SOLUTION TO ONE OF YOUR PROBLEM- HOW TO PREVENT A HACK IN OUTDATED PLATFORM LIKE YOURS...... ***********************************ANONYMOUS HELPS FOR FREE************************************************ The vulnerability lies in outdated versions of the popular TimThumb library. If you got hacked, you have a plugin or theme which has an outdated TimThumb lib. Instructions to fix the Hack Disclaimer: follow these instructions at your own risk. Back up your files before replacing / editing them. Change the file permission of (chmod) .htaccess to 644. Create a new .htaccess and overwrite the one on your server with the new one. Get the latest version of TimThumband replace the existing ones with it - be it in plugins or themes or anywhere else. Log in to your shell account and do this: $ find /home/accountname/website/ -name "thumb.php" $ find /home/accountname/website/ -name "timthumb.php" If you find any, replace them with the latest version. thumb.php could be some other file too, make sure to confirm its is TimThumb before replacing it. Delete these files: /wp-content/uploads/_wp_cache.php /wp-content/uploads/sm3.php Analysis of the Hack The cause of the hack seems to be an outdated TimThumb version on your server. It can be found in a theme or plugin as either timthumb.php or thumb.php. In the case I analyzed TimThumb was found in The Morning After theme, WordPress Popular Posts, and WP Mobile Detector. The Morning After theme was the active theme, so I just got the latest version of TimThumb and replaced with it. Replaced timthumb.php for WordPress Popular Posts too. WP Mobile Detector was an inactive plugin, so I just deleted it. The hack edits the WordPress .htaccess and adds redirection instructions to all traffic coming from a long list of websites to be redirected to http://awebsite.com. And it does a 301 redirect (permanent redirection), which can have seriously negative impression and SEO outcomes. Also it re-configures your website to be forwarded to http://awebsite.com. for all kind of errors and statuses (404, 500 etc) on your website. If you open .htaccess and take a look at it, you are most likely to see nothing odd in there. But look at its filesize , now it's is more than 5 KB! It should have been about 500 Bytes only. Look at the file again, see that scrollbar? Scroll down to find the additional code added by the hack. If you just edit and try uploading the .htaccess file, it will fail. That's because the hack has chmodded .htaccess to 444, which means you can only open it now, not edit or delete it. Fortunately fixing that is pretty straight forward, just chmod it back to 644. If you are using an FTP client you will get the option under File permission or something named like that. It also drops two files in the /wp-content/uploads directory: _wp_cache.php and sm3.php. There are also reports of finding wp.php and sm3.php in the current theme directory. I really didn't care to study them in detail, most probably they were backdoors or resurrectors. Just delete them! If you have followed the instructions above, you should be safe - for now.DONT SAY WE DID NOT WARN YOU. AND THIS IS JUST ONE METHOD TO DO IT....THERE ARE MANY...SO STOP SEALING MONEY AND FIX THAT SHIT *********************************************************************************************************** This is nothing compared to the next docs we are going to publish about how a site can cost even several million euros for no work at all....yes it is happening in greece ----------------------------------------------------------------------------------------------------------- G R E E K A N O N Y M O U S U N I T E D N E T W O R K A N A L Y T I C S ----------------------------------------------------------------------------------------------------------- - Hellenic Republic, The Prime Minister's Office http://www.primeminister.gr 1. http://www.primeminister.gr/feed/ 2. http://www.primeminister.gov.gr/ 3. http://www.primeminister.gov.gr/feed/podcast/ 4. http://www.primeminister.gov.gr/ 5. http://www.primeminister.gov.gr/english/ 6. http://www.primeminister.gov.gr/ 7. http://www.primeminister.gov.gr/ 8. http://www.primeminister.gov.gr/primeminister/ 9. http://www.primeminister.gov.gr/government/ 10. http://www.primeminister.gov.gr/category/news/ 11. http://www.primeminister.gov.gr/diavgeia 12. http://www.primeminister.gov.gr/category/blog/ 13. http://www.primeminister.gov.gr/2012/07/22/9592 14. http://www.primeminister.gov.gr/2012/07/22/9592 15. http://www.primeminister.gov.gr/2012/07/06/9541 16. http://www.primeminister.gov.gr/2012/07/06/9541 17. http://www.primeminister.gov.gr/2012/06/21/9501 18. http://www.primeminister.gov.gr/2012/06/21/9501 19. http://www.primeminister.gov.gr/category/news/akanoinosi 20. http://www.primeminister.gov.gr/category/news/dilosi 21. http://www.primeminister.gov.gr/category/news/epistoli 22. http://www.primeminister.gov.gr/category/news/omilia 23. http://www.primeminister.gov.gr/category/news/calendar 24. http://www.primeminister.gov.gr/category/news/pressconf 25. http://www.primeminister.gov.gr/category/news/interview 26. http://www.primeminister.gov.gr/category/news/xairetismoi 27. http://www.primeminister.gov.gr/youtube 28. http://www.primeminister.gov.gr/flickr 29. http://www.primeminister.gov.gr/twitter 30. http://www.primeminister.gov.gr/category/podcasts 31. http://www.primeminister.gov.gr/category/%cf%84%ce%b5%ce%bb%ce%b5%cf%85%cf%84%ce%b1%ce%af%ce%b1-%ce%bd%ce%ad%ce%b1 32. http://www.primeminister.gov.gr/2012/07/24/9599 33. http://www.primeminister.gov.gr/2012/07/22/9597 34. http://www.primeminister.gov.gr/2012/07/22/9592 35. http://www.primeminister.gov.gr/2012/07/20/9589 36. http://www.primeminister.gov.gr/2012/07/17/9582 37. http://www.primeminister.gov.gr/2012/07/16/9574 38. http://www.primeminister.gov.gr/2012/07/09/9561 39. http://www.primeminister.gov.gr/2012/07/09/9557 40. http://www.primeminister.gov.gr/2012/07/09/9555 41. http://www.primeminister.gov.gr/2012/07/09/9553 42. http://www.primeminister.gov.gr/terms-of-use-privacy 43. http://creativecommons.org/licenses/by/3.0/gr/ 44. http://mathe.ellak.gr/ 45. http://www.wordpress.org/ 46. http://www.w3.org/WAI/intro/wcag.php Hidden links: 47. http://government.gov.gr/%CF%85%CF%80%CE%BF%CF%85%CF%81%CE%B3%CE%B9%CE%BA%CE%AC-%CF%83%CF%85%CE%BC%CE%B2%CE%BF%CF%8D%CE%BB%CE%B9%CE%B1/ domain: primeminister.gov.gr status: taken nameserver: ns1.otenet.gr nameserver: ns2.otenet.gr http://www.primeminister.gov.gr (193.105.109.40) - Greece (GR) SOA record The SOA record is: Primary nameserver: ns1.otenet.gr Hostmaster E-mail address: hostmaster.ns1.otenet.gr Serial #: 2010032909 Refresh: 10800 Retry: 3600 Expire: 1814400 3 weeks Default TTL: 86400 ERRORS http://wave.webaim.org/report?url=http%3A%2F%2Fwww.primeminister.gov.gr%2F Sorry! We found the following errors (9) URI : http://www.primeminister.gov.gr/wp-content/themes/primeminister/js/thickbox.css 40 .TB_overlayBG Parse Error opacity=75) 41 .TB_overlayBG Property -moz-opacity doesn't exist : 0.75 47 * html #TB_overlay Value Error : height Parse Error document.body.scrollHeight > document.body.offsetHeight ? document.body.scrollHeight : document.body.offsetHeight + 'px') 64 * html #TB_window Value Error : margin-top Parse Error - parseInt(this.offsetHeight / 2) + (TBWindowMargin = document.documentElement && document.documentElement.scrollTop || document.body.scrollTop) + 'px') 135 * html #TB_load Value Error : margin-top Parse Error - parseInt(this.offsetHeight / 2) + (TBWindowMargin = document.documentElement && document.documentElement.scrollTop || document.body.scrollTop) + 'px') 145 #TB_HideSelect Parse Error opacity=0) 146 #TB_HideSelect Property -moz-opacity doesn't exist : 0 154 * html #TB_HideSelect Value Error : height Parse Error document.body.scrollHeight > document.body.offsetHeight ? document.body.scrollHeight : document.body.offsetHeight + 'px') 162 #TB_iframeContent Property _margin-bottom doesn't exist : 1px Validation Output: 24 Errors Error Line 19, Column 111: NET-enabling start-tag not immediately followed by null end-tag …//www.primeminister.gr/wp-content/themes/primeminister/images/thumb_fb.png" / > ✉ This error may occur when there is a mistake in how a self-closing tag is closed, e.g '.../ >'. The proper syntax is '... />' (note the position of the space). Error Line 19, Column 111: end tag for "link" omitted, but OMITTAG NO was specified …//www.primeminister.gr/wp-content/themes/primeminister/images/thumb_fb.png" / > ✉ You may have neglected to close an element, or perhaps you meant to "self-close" an element, that is, ending it with "/>" instead of ">". Info Line 19, Column 1: start tag was here <link rel="image_src" href="http://www.primeminister.gr/wp-content/themes/prime… Error Line 19, Column 112: character data is not allowed here …//www.primeminister.gr/wp-content/themes/primeminister/images/thumb_fb.png" / > ✉ You have used character data somewhere it is not permitted to appear. Mistakes that can cause this error include: putting text directly in the body of the document without wrapping it in a container element (such as a <p>aragraph</p>), or forgetting to quote an attribute value (where characters such as "%" and "/" are common, but cannot appear without surrounding quotes), or using XHTML-style self-closing tags (such as <meta ... />) in HTML 4.01 or earlier. To fix, remove the extra slash ('/') character. For more information about the reasons for this, see Empty elements in SGML, HTML, XML, and XHTML. Error Line 61, Column 169: required attribute "alt" not specified …er.gov.gr/wp-content/themes/primeminister/images/logo.png" height="63px" /></a> ✉ The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element. Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>. Error Line 114, Column 117: required attribute "alt" not specified …wp-content/uploads/2012/07/ΠΡΩΘΥΠ.-ΑÎΤ.ΣΑΜΑΡΑΣ-ΜΠΙΛ-ΚΛΙÎΤΟÎ-1.jpg"/> </a> ✉ The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element. Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>. Error Line 124, Column 142: required attribute "alt" not specified … <img src="wp-content/themes/primeminister/images/lineSlideShow_line.png"/> ✉ The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element. Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>. Error Line 127, Column 190: required attribute "alt" not specified …22/9592"> <img src="wp-content/themes/primeminister/images/read_more.jpg"/></a> ✉ The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element. Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>. Error Line 146, Column 106: required attribute "alt" not specified …ter.gov.gr/wp-content/uploads/2012/07/samaras_programmatikes1.jpg"/> </a> ✉ The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element. Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>. Error Line 156, Column 142: required attribute "alt" not specified … <img src="wp-content/themes/primeminister/images/lineSlideShow_line.png"/> ✉ The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element. Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>. Error Line 159, Column 190: required attribute "alt" not specified …06/9541"> <img src="wp-content/themes/primeminister/images/read_more.jpg"/></a> ✉ The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element. Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>. Error Line 178, Column 92: required attribute "alt" not specified …www.primeminister.gov.gr/wp-content/uploads/2012/06/ypoyrgiko.jpg"/> </a> ✉ The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element. Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>. Error Line 188, Column 142: required attribute "alt" not specified … <img src="wp-content/themes/primeminister/images/lineSlideShow_line.png"/> ✉ The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element. Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>. Error Line 192, Column 190: required attribute "alt" not specified …21/9501"> <img src="wp-content/themes/primeminister/images/read_more.jpg"/></a> ✉ The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element. Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>. Error Line 204, Column 45: document type does not allow element "ul" here $('#s4').after('<ul id="slideshowNav">').cycle({ ✉ The element named above was found in a context where it is not allowed. This could mean that you have incorrectly nested elements -- such as a "style" element in the "body" section instead of inside "head" -- or two elements that overlap (which is not allowed). One common cause for this error is the use of XHTML syntax in HTML documents. Due to HTML's rules of implicitly closed elements, this error can create cascading effects. For instance, using XHTML's "self-closing" tags for "meta" and "link" in the "head" section of a HTML document may cause the parser to infer the end of the "head" section and the beginning of the "body" section (where "link" and "meta" are not allowed; hence the reported error). Error Line 204, Column 46: character data is not allowed here $('#s4').after('<ul id="slideshowNav">').cycle({ ✉ You have used character data somewhere it is not permitted to appear. Mistakes that can cause this error include: putting text directly in the body of the document without wrapping it in a container element (such as a <p>aragraph</p>), or forgetting to quote an attribute value (where characters such as "%" and "/" are common, but cannot appear without surrounding quotes), or using XHTML-style self-closing tags (such as <meta ... />) in HTML 4.01 or earlier. To fix, remove the extra slash ('/') character. For more information about the reasons for this, see Empty elements in SGML, HTML, XML, and XHTML. Error Line 212, Column 89: character data is not allowed here …urn '<li><a href="#">' + $('#slide_legend_'+x).get(0).innerHTML + '</a></li>'; ✉ You have used character data somewhere it is not permitted to appear. Mistakes that can cause this error include: putting text directly in the body of the document without wrapping it in a container element (such as a <p>aragraph</p>), or forgetting to quote an attribute value (where characters such as "%" and "/" are common, but cannot appear without surrounding quotes), or using XHTML-style self-closing tags (such as <meta ... />) in HTML 4.01 or earlier. To fix, remove the extra slash ('/') character. For more information about the reasons for this, see Empty elements in SGML, HTML, XML, and XHTML. Error Line 224, Column 91: character data is not allowed here …turn '<li><a href="#">' + $('#slide_legend_'+x).get(0).innerHTML + '</a></li>'; ✉ You have used character data somewhere it is not permitted to appear. Mistakes that can cause this error include: putting text directly in the body of the document without wrapping it in a container element (such as a <p>aragraph</p>), or forgetting to quote an attribute value (where characters such as "%" and "/" are common, but cannot appear without surrounding quotes), or using XHTML-style self-closing tags (such as <meta ... />) in HTML 4.01 or earlier. To fix, remove the extra slash ('/') character. For more information about the reasons for this, see Empty elements in SGML, HTML, XML, and XHTML. Error Line 230, Column 15: end tag for "ul" omitted, but OMITTAG NO was specified </script> ✉ You may have neglected to close an element, or perhaps you meant to "self-close" an element, that is, ending it with "/>" instead of ">". Info Line 204, Column 24: start tag was here $('#s4').after('<ul id="slideshowNav">').cycle({ Error Line 262, Column 76: required attribute "alt" not specified …rimeminister/images/youtube_icon.png"/><a href="/youtube" title="">youtube</a>… ✉ The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element. Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>. Error Line 263, Column 75: required attribute "alt" not specified …primeminister/images/flickr_icon.png"/><a href="/flickr" title="">flickr</a></… ✉ The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element. Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>. Error Line 264, Column 76: required attribute "alt" not specified …rimeminister/images/twitter_icon.png"/><a href="/twitter" title="">twitter</a>… ✉ The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element. Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>. Error Line 265, Column 138: required attribute "alt" not specified …mes/primeminister/images/podcast.png"/><a href="http://www.primeminister.gov.g… ✉ The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element. Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>. Error Line 270, Column 189: document type does not allow element "div" here; missing one of "object", "applet", "map", "iframe", "button", "ins", "del" start-tag …CF%8D%CE%BB%CE%B9%CE%B1/" target="_blank"><div id="button_upourgika"></div></a> ✉ The mentioned element is not allowed to appear in the context in which you've placed it; the other mentioned elements are the only ones that are both allowed there and can contain the element mentioned. This might mean that you need a containing element, or possibly that you've forgotten to close a previous element. One possible cause for this message is that you have attempted to put a block-level element (such as "<p>" or "<table>") inside an inline element (such as "<a>", "<span>", or "<font>"). Error Line 358, Column 99: end tag for element "script" which is not open …vernment.gov.gr/govbar/govbar_cachefile.js' type='text/javascript'/></script> ✉ The Validator found an end tag for the above element, but that element is not currently open. This is often caused by a leftover end tag from an element that was removed during editing, or by an implicitly closed element (if you have an error related to an element being used where it is not allowed, this is almost certainly the case). In the latter case this error will disappear as soon as you fix the original problem. If this error occurred in a script section of your document, you should probably read this FAQ entry. HTTP/1.1 200 OK Server nginx Date Tue, 24 Jul 2012 14:26:34 GMT Content-Type text/html; charset=UTF-8 Connection keep-alive Vary Accept-Encoding,Cookie Cache-Control max-age=3, must-revalidate WP-Super-Cache Served supercache file from PHP --------- LINK SCAN SUMMARY --------- URL scanned: http://www.primeminister.gov.gr/ PhisTank say's: This site is safe. AVG say's: Service not available. SiteTruth say's: This site is safe. Google Safe Browsing say's: This site is safe. Threat Name: No Threat FOUND Threat Definitions: 1277640 Engine Version: 0.97.5 Host IP: 193.105.109.40 Link Status: Clean File Size: 19.79 KB Time Finished: 5.02 secs Overall result: This site is secure. web site: http://www.primeminister.gov.gr/ status: Verified Clean web trust: Not Blacklisted warn: WordPress version outdated: Upgrade required. Security report (Warnings found): check Blacklisted: No error Outdated software: Yes check Malware: No check Malicious javascript: No check Malicious iFrames: No check Drive-By Downloads: No check Anomaly detection: No check IE-only attacks: No check Suspicious redirections: No check Spam: No ,,,,,2b continued.... ***DONT STEAL MONEY FROM THE PEOPLE FOR THINGS THAT COST NOTHING AT ALL*** WE ARE ANONYMOUS WE ARE LEGION WE ARE ALL ALIKE EXPECT JUSTICE *********************************************************************************************************** http://pastebin.com/8yZKpFnw |