Main Menu

Cold Case Posse web site down–third time is a charm edition

Your web site not working is a real downer—I know from experience. However, I’ve never had one hacked yet in all the years I’ve had web sites, both my own, non-profit and business sites. Being hacked has got to be worse than being down because not only are not serving your readers, you’re embarrassed and you have to figure out how to clean it up.

Here’s a screen shot (click to enlarge) of the hacked CCP web site, and I would caution folks against visiting a known hacked web site. I visited this one with a special device I use for such things.

When the actual page is viewed “techno punk” music is played and the band of multi-colored text scrolls with shout-outs to other hackers. The style reminds me of Eastern European graphics demo software from the 1980’s. In Unix/Linux notation, “\.KEHED_NEWBIE” would designate a hidden file in the root directory. I doubt that this is an Obot production, but just an opportunistic hacking.

http://krebsonsecurity.com/wp-content/uploads/2013/08/joomla.pngIf you Google “I’m sorry Admin Touch” or “KEHED_NEWBIE” you will find of other web sites compromised in a similar way. It looks like this particular attack is directed at sites using the Content Management System (CMS), Joomla. One site noted about Joomla:

It’s probably the only CMS with the most exploits and vulnerable addons ever made, and sometimes I wonder who creates all these.

My guess is that the MCSOCCP site didn’t keep up to date with its security patches.

Previous MCSOCCP web site stories:

Update:

The CCP site is back up.

Other articles on Joomla:

Print Friendly

, ,

11 Responses to Cold Case Posse web site down–third time is a charm edition

  1. avatar
    justlw December 31, 2013 at 2:10 pm #

    By the way, I see the MCSO — oops, I meant CCP, site is currently pwned. I don’t know if that includes malware, so gawk at your own risk.

  2. avatar
    Dr. Conspiracy December 31, 2013 at 6:01 pm #

    Thanks for the tip! I wrote a story ;)

    justlw:
    By the way, I see the MCSO — oops, I meant CCP, site is currently pwned.I don’t know if that includes malware, so gawk at your own risk.

  3. avatar
    Butterfly Bilderberg December 31, 2013 at 6:33 pm #

    obamaballotchallenge.com seems to have folded up its tents.

  4. avatar
    CarlOrcas December 31, 2013 at 7:05 pm #

    7 pm eastern time and it’s back up…..at least from where I sit on the left coast.

    Not sure what the point of the website is as I look around for the first time in a while. The last addition appears to be a True News Radio interview with Mike Zullo from June 12th…..of this year.

    Pathetic.

  5. avatar
    Dr. Conspiracy December 31, 2013 at 7:34 pm #

    It’s back up here. If I read it right, he’s running Version 1.7 of Joomla, which is really old (July, 2011 to exact). The newest version is 3.2.

    CarlOrcas: 7 pm eastern time and it’s back up…..at least from where I sit on the left coast.

  6. avatar
    CarlOrcas December 31, 2013 at 8:18 pm #

    Dr. Conspiracy:
    It’s back up here. If I read it right, he’s running Version 1.7 of Joomla, which is really old (July, 2011 to exact). The newest version is 3.2.

    Any day now…..for that upgrade.

    Like everything to do with the Posse it is a charade and a half-assed one at that.

  7. avatar
    Bernard Sussman December 31, 2013 at 10:40 pm #

    ” you will find _ of other web sites compromised in a similar way”

    I would guess that the word “hundreds” dropped out by typo.

  8. avatar
    realist January 1, 2014 at 8:31 am #

    Butterfly Bilderberg:
    obamaballotchallenge.com seems to have folded up its tents.

    Yes. George took his ball and is playing here now…

    http://constitutionalreset.ning.com/

  9. avatar
    Dr. Conspiracy January 1, 2014 at 12:43 pm #

    Updated the Bad list below. Thanks.

    realist: Yes. George took his ball and is playing here now…

    http://constitutionalreset.ning.com/

  10. avatar
    realist January 1, 2014 at 1:14 pm #

    Dr. Conspiracy: Updated the Bad list below. Thanks.

    I live to serve. ;)

  11. avatar
    RanTalbott January 2, 2014 at 9:16 am #

    I’m always skeptical of products with exclamation points in their names. Smacks of hubris.