Old 27th May 2006, 07:13   #1
kebabs
Junior Member
 
Join Date: May 2006
Posts: 38
DJ mandi hacked my radio

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

I have not idea who he is but when i start my server up in SSH
on his site it comes up. http://www.alrinia.tk/#

It's f*cking b*llsh*t. Please excuse my language but i scanned my comp about 20 times. For adware,spyware and trojans. Nothing! I havnt given out the password to anyone. He is simply using my radio just for the sake of it.

Please help.

Kebabs
kebabs is offline   Reply With Quote
Old 27th May 2006, 07:14   #2
kebabs
Junior Member
 
Join Date: May 2006
Posts: 38
I can also login with my username and pass for the admin thing
so that is proof that he is using my radio. (ps he can play songs as well).


PS PS I am trying now to restart it in putty with a different password. But can any of you help me?!?!?!?!!?!?
kebabs is offline   Reply With Quote
Old 27th May 2006, 07:23   #3
kebabs
Junior Member
 
Join Date: May 2006
Posts: 38
<05/26/06@20:07:22> [dest: 213.16.138.7] server unavailable, disconnecting
<05/26/06@20:07:23> [dest: 213.16.138.7] server unavailable, disconnecting
<05/26/06@20:25:34> [source] connected from 86.127.29.104
<05/26/06@20:25:34> [source] icy-name:Team Oc Radio | 24/7 | LOW PING Radio dj-mandi ; icy-genre:http://WwW.AlbRinia.Tk
<05/26/06@20:25:34> [source] icy-pub:1 ; icy-br:24 ; icy-url:jhttp://www.TiranaCity.com
<05/26/06@20:25:34> [source] icy-irc:#Radio ; icy-icq:irc.tiranacity.net ; icy-aim:http://WwW.Alrinia.Tk
<05/26/06@20:25:35> [dest: 205.188.234.100] starting stream (UID: 502)[L: 1]{A: SHOUTcast Directory Tester}(P: 0)
<05/26/06@20:25:47> [yp_add] yp.shoutcast.com added me successfully
<05/26/06@20:25:47> [dest: 205.188.234.100] connection closed (13 seconds) (UID: 502)[L: 0]{Bytes: 287717}(P: 0)
<05/26/06@20:28:46> [yp_tch] yp.shoutcast.com touched!
<05/26/06@20:31:46> [yp_tch] yp.shoutcast.com touched!


Ive tried banning his IP. And the Subnet but no luck! His IP just keeps changing.
kebabs is offline   Reply With Quote
Old 27th May 2006, 07:50   #4
Nick@ss
Moderator
 
Nick@ss's Avatar
 
Join Date: Nov 2004
Location: Streamsolutions Headquarters
Posts: 11,953
you need to change the password for your dedicated server and your shoutcast server and make sure its not easily hacked..

they are logging into the box and getting the pass i imagine,,

make sure you use a pass that no one will crack easily
Nick@ss is offline   Reply With Quote
Old 27th May 2006, 08:48   #5
kebabs
Junior Member
 
Join Date: May 2006
Posts: 38
Yes ive done it now but still i dunno how the hell he did it!

Im just testing now to see if it wont do it.
kebabs is offline   Reply With Quote
Old 27th May 2006, 14:50   #6
hackerdork
Forum King
 
hackerdork's Avatar
 
Join Date: Feb 2006
Location: Earth Circa sometime.
Posts: 3,297
A word of advice, never use password that are know words, never login from school, work etc because you never know who is looking at network traffic.

NEVER NEVER store passwords on your computer in a text file, or other readable docment, do put them on a sticky note on your desk either.. I know all that sounds lame, but I see it all the time, people use their wife, girlfreind, license plate ID and jot it down with the word 'PASSWORD' on a peice of paper.

Passwords like : cat, fish, god, radio BAD

Paswords like : c@t , f1sh, g0d, r@d1o BAD

Passwords like :Q_~3pI~! B9!oj.! GOOD

I know is a pain in the but to remember cryptic passwords, but the more strange looking the less chance somone can guess it.

Free advice on passwords: from the biggest smartass in the forums. ME.

~ According to the ship's log we're down to our last 3000 vomit bags.It'll never be enough.
search the forums! don't PM me on how-to, or ask me to setup you system. you do it so you learn.
hackerdork is offline   Reply With Quote
Old 30th May 2006, 09:46   #7
kebabs
Junior Member
 
Join Date: May 2006
Posts: 38
ok ty dude but anyways. I never told anyone. Never wrote it down. And no body ever knew that password except me!!! it was about 10 Characters long using numbers and letters. It was in my head not on a piece of paper and if you look.

http://alrinia.cjb.net:8000/ <-- He just forwarded it to my site. And it is http://www.alrinia.tk/#
kebabs is offline   Reply With Quote
Old 30th May 2006, 20:00   #8
kebabs
Junior Member
 
Join Date: May 2006
Posts: 38
omfg!!! he done it again!!. HE HAS FRICKING HACKED IT!!!! !!!


HELP ME GUYS!!! IVE TRIED UNINSTALLING IT BUT NO LUCK!!!
kebabs is offline   Reply With Quote
Old 30th May 2006, 20:05   #9
bored_womble
Winamp's Womble
 
bored_womble's Avatar
 
Join Date: May 2004
Location: Wimbledon Common
Posts: 1,100
i kind of got lost at the beginning of this thread, but it could of course be a program/backdoor which has been installed on the server, so no matter what you change your passwords too, they/he/she can log in anyway.

BW

Without open minds the world will die. Open yours and correct the mistakes you are making right now.
bored_womble is offline   Reply With Quote
Old 30th May 2006, 21:22   #10
jeckel
Junior Member
 
Join Date: May 2006
Location: USA
Posts: 4
Send a message via AIM to jeckel Send a message via Yahoo to jeckel
one simple way to do this if you run the dedicated box its on, move the shell to another user name, this can be done by typing 'adduser' then after the file and user is created move your files to their, change your passwords, change your port numbers, and then make another attempt at carrying on, then if he hacks that, chances are you have a backdoor on the box and need to attempt to find out where the back door is
jeckel is offline   Reply With Quote
Old 30th May 2006, 23:57   #11
hackerdork
Forum King
 
hackerdork's Avatar
 
Join Date: Feb 2006
Location: Earth Circa sometime.
Posts: 3,297
can you acess this server using SSH/telnet (use putty for ssh), login issue killall sc_serv*, then ps -aux |grep sc_serv see if its still running.

then change the shell account password, using passwd

contact the system admin, if its you then you have a lot a work ahead of your to lock this sucker down. You can report that person as well, based on their source IP address contact their IP provider.

~ D

~ According to the ship's log we're down to our last 3000 vomit bags.It'll never be enough.
search the forums! don't PM me on how-to, or ask me to setup you system. you do it so you learn.
hackerdork is offline   Reply With Quote
Old 31st May 2006, 00:14   #12
fc*uk
Moderator
 
fc*uk's Avatar
 
Join Date: Dec 2005
Location: Atlantic Beach
Posts: 8,127
if this happened on a linux box .... a few questions:

1. How the hell did this happen on a linux box? If you never use the root account (like you are supposed to) how was something on a linux box given the authority to run? How was it installed?

2. traceroute IP_Address .... like HD said, track down the person who did this and report them to their host.

3. If this really did happen on a linux box ... and it is yours.... wipe everything out and refotmat from scratch. You could spend years looking for the hole. If it is a host, then drop them like a bad habbit because they clearly do not know what they are doing.
fc*uk is offline   Reply With Quote
Old 1st June 2006, 19:40   #13
kebabs
Junior Member
 
Join Date: May 2006
Posts: 38
Yes i understand but still i have no idea how it happened! Bah
i have removed it for now, but i am gonna be a bit more careful and do Scans more offen even tho i scanned Norton ,McAffe & Trend Micro scanned my computer and found nothing. But i will do more scans so i will reinstall soon

Hopefully this is the end of it but thanks for your support guys.

Kebabs

PS I Also have no idea how i am running this off my host when i dont even have r00t access :S but it works
kebabs is offline   Reply With Quote
Old 1st June 2006, 21:36   #14
hackerdork
Forum King
 
hackerdork's Avatar
 
Join Date: Feb 2006
Location: Earth Circa sometime.
Posts: 3,297
shut your shoutcast daemon off (sc_serv) and change all your passwords

Also what OS are you running ???

~ According to the ship's log we're down to our last 3000 vomit bags.It'll never be enough.
search the forums! don't PM me on how-to, or ask me to setup you system. you do it so you learn.
hackerdork is offline   Reply With Quote
Old 2nd June 2006, 00:37   #15
fc*uk
Moderator
 
fc*uk's Avatar
 
Join Date: Dec 2005
Location: Atlantic Beach
Posts: 8,127
Quote:
Originally posted by hackerdork
Also what OS are you running ???
No doubt ..... because norton et al dont really run on linux.... plus there really are no viruses for linux (see it is pointless because it would need root access to run, which you should not give it!).

..... scratches his head.......
fc*uk is offline   Reply With Quote
Old 2nd June 2006, 01:51   #16
hackerdork
Forum King
 
hackerdork's Avatar
 
Join Date: Feb 2006
Location: Earth Circa sometime.
Posts: 3,297
well no duh on my part, but server or pc? lol. what is the stream server is linux box, but the source is winblow or vice versa..

~D

~ According to the ship's log we're down to our last 3000 vomit bags.It'll never be enough.
search the forums! don't PM me on how-to, or ask me to setup you system. you do it so you learn.
hackerdork is offline   Reply With Quote
Old 2nd June 2006, 04:23   #17
houstonpcguy
Junior Member
 
Join Date: Apr 2006
Posts: 15
Re: Linux Hacked

Quote:
Originally posted by fc*uk
No doubt ..... because norton et al dont really run on linux.... plus there really are no viruses for linux (see it is pointless because it would need root access to run, which you should not give it!).

..... scratches his head.......
But there are root kits and if he didn't lock down the non root from remote he could be open to all kinds of stuff. You have to lock down a linux box just like you do a Windows box.

If done properly, you would have to log in remotely with a non root account then you would have to su to root to make sure no one can read the data (encrypted).

Just some info for you ....
houstonpcguy is offline   Reply With Quote
Old 2nd June 2006, 07:31   #18
Germ
rules all things
 
Germ's Avatar
 
Join Date: Jan 2001
Posts: 3,149
you should probably give up
Germ is offline   Reply With Quote
Old 2nd June 2006, 15:47   #19
teenz-radio
Junior Member
 
Join Date: Jun 2006
Location: Blackpool,U.K
Posts: 2
from D.J Irvine

22 Hi kerbab i have read that someone hacked into youre erm Radio

now there is only one way i can tihnk of this little problem

(1) you gave the stream Details to a worker of youres or a partner

(2) that person has passed on the details to some one sele

those are the only resons i can come up with

youres and truley D.J Irvine from Teenz-Radio
wwww.freewebs.com/teenz_radio
teenz-radio is offline   Reply With Quote
Old 2nd June 2006, 15:52   #20
teenz-radio
Junior Member
 
Join Date: Jun 2006
Location: Blackpool,U.K
Posts: 2
well it means youre fire wall is so rubbish

and can i have the websitel ink so i can check you out

thank you
teenz-radio is offline   Reply With Quote
Old 2nd June 2006, 23:19   #21
fc*uk
Moderator
 
fc*uk's Avatar
 
Join Date: Dec 2005
Location: Atlantic Beach
Posts: 8,127
Re: Re: Linux Hacked

Quote:
Originally posted by houstonpcguy
But there are root kits and if he didn't lock down the non root from remote he could be open to all kinds of stuff. You have to lock down a linux box just like you do a Windows box.

If done properly, you would have to log in remotely with a non root account then you would have to su to root to make sure no one can read the data (encrypted).

Just some info for you ....
Indeed root kits can be a problem. However, I assumed (as from what it sounded like) that the host was a server. It also sounds like this person is renting this server, which leads me to believe that said individual does not own this server.

With this in mind, it would seem to me that the host would know this as well and inform users that the only way a customer could get 'root' is either by su...

However, I also take a lot for granted
fc*uk is offline   Reply With Quote
Old 6th June 2006, 16:31   #22
kebabs
Junior Member
 
Join Date: May 2006
Posts: 38
teenz-radio <-- my firewall isnt crap idiot. Ive got Norton AntiVirus 2006 and Mcaffee <-- so STFU ok. And i really dont know whats wrong
kebabs is offline   Reply With Quote
Old 6th June 2006, 19:28   #23
hackerdork
Forum King
 
hackerdork's Avatar
 
Join Date: Feb 2006
Location: Earth Circa sometime.
Posts: 3,297
I will be blunt and slap on the face, but you may get the point. im not attacking you, i am attacking the issue which is not a shoutcast caused problem.

both noton and mcafee are CRAP!! they are software firewalls that run on your PC. Frankly any windows software 'firewall' is shit, beat me up I dont care, diagree I dont care. Im not some script kitty, but after 25 years of netwroking under my belt, I think I know a bit about this shit. If anyone cares. I am a Checkpoint Firewall ceritified admin

lets ask the big !@#!@# question here.

is your shoutcast server on you own PC or hosted somewhere else ??? if its on your pc, shut the bitch down and get your secuity issues fixed. If its hosted somewhere else, jump in their shit and have them fix it.

What other shit did you install on your shoutcast box that allows connections from the internet? some web portal , forums, blogging? what you have something that is letting your stream get walked on.

Now for the sake of everyone , stop the bitching about someone hacking your box. If you are the admin of the box , you need to step up! if someone hacked my system they get reported to the ip provider and cern.org! If you dont know how to look up IP and host information using whois, why the hell are you running a server and allowing some ass to use your system without your permission!

Lastly close this thread, its not a shoutcast configuration problem, it a cockup on your system.

~ D

~ According to the ship's log we're down to our last 3000 vomit bags.It'll never be enough.
search the forums! don't PM me on how-to, or ask me to setup you system. you do it so you learn.
hackerdork is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Shoutcast > Shoutcast Technical Support

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump