Chiriquí Chatter Was Hacked

Chiriquí Chatter was hacked about 10:00 PM last night by a Russian hacker. If you accessed the site after that time it is possible that the hacked program downloaded a virus to your PC.

You should run a complete virus scan on your PC, if you accessed this site between 10:00 PM last night and 1:00 PM March 31.

Here is the Information on the hacker.

Whois Record
domain: STELAARTOIS.RU
type: CORPORATE
nserver: ns0.stelaartois.ru. 81.95.145.26
nserver: ns1.stelaartois.ru. 81.95.146.26
state: REGISTERED, DELEGATED
person: Ludmila M Samoletova
phone: +7 8442 787972
fax-no: +7 8442 787972
e-mail:
registrar: R01-REG-RIPN
created: 2006.05.04
paid-till: 2007.05.04
source: TC-RIPN

I found this information by googling on the URL I was seeing in the bottom of the browser where it displays the sites it is traversing to handle your request. Any time I see an address with a .ru suffix, I worry because it tells me I am accessing a site in Russia.

My first indication was that the site didn’t come up correctly. Some information was right, but the screen wasn’t formatted. I watched as the screen was coming up and saw the .ru address.

The hacker got into the Photo Album, Guestbook, and the Help Desk function. It also affected some management scripts (cPanel and Fantastico) as well.

The hacker put a line of code in all of the above programs directing them to go to the following location.

http://stelaartois.ru/index2.php

Obviously you do not want to go there because it gives the hacker access to your PC and a possible virus.

Have I told you how much I hate hackers

16 thoughts on “Chiriquí Chatter Was Hacked

  1. Check your cPanel logs. It should show exactly when the script kiddie got in and how. It’s a good idea to download and check your logs regularly anyway. These kiddies seldom attack at random. They usually spend some time trying doors and windows (so to speak) to see what’s accessible.

  2. As you, Don, know, I got that virus in my PC. At first F-secure was not able to clean it, but when I asked to remove it, it succeeded to do that.

    After the communism Russian people are very busy private
    “entrepreneurs” :0

  3. Hi Leena. Sorry you picked up a virus. As soon as I realized that the site had been hacked, I turned off the site. It took me the part of 9 hours to recover and get back on line.

  4. Hi Don,

    I fist thougt you had a new look. A kind of pre windows, DOS like FTP site. Luckily I did not catch any virus.

    Well first you have “Slackers” and then you have hackers, wat’s next ?

  5. Hi Rob. Glad you avoided the virus. Well lets see. Slackers, hackers….

    If I were moving, it would be packers.
    If I were working with bales of hay, it would be stackers.
    If I were around some good looking women, it could be smackers.
    If I were cutting weeds, it might be whackers.

    I could come up with more, but maybe I should stop there.

  6. Don,
    This address I know!! My brother-in-law lost a tidy little sum from her hacking into his bank info. She is not a kid, but a 26 year old college student from a University in Russia. Interpol isa involved with her activities, and last I heard they had her nailed, but that is obviously not the case…
    We made it down, and even had some cans of pumpkin to bring to you, but just never had the time to even contact you…lawyer stuff was really tough..but all is done now and we own a home in Potrerillos now..yippee…
    When I get back home will try and update some restaurant/hotel type info..
    Still have the pumpkin at the house there if we can get it to you.
    Doug

  7. Dear Mr. Williams,

    Sorry for the virus problem. My NOD32 antivirus system from Microtechnology doesn´t indicate any problem with my PC. Hopefully, it is correct. Welcome back to the net.

    Best regards,

  8. Dougie, Melisa, Hilda – Thanks for the comments. As you can see I am back on the air, but I still have to do some work to get the theme completely like I had it. However I think I have done all I can do for one day.

  9. Hi Don:

    I did noticed your web site looked weird. At first I thought it was my “Avant Browser” that was not working well. I tried Firefox and Flocker and the same weird page downloaded. “Maybe, Don is making some web maintenance”, I said and let it go. Now I find out about your Russian problem.

    I wonder, why would anyone want to harm you if your blog is not a commercial blog? I’m glad you’re recovering.

    As far as I know, I didn’t pick up the virus you mentioned (keeping my fingers crossed).

    Regards,

    Omar.-

  10. Hi Omar. Looks like it will take a little time to get everything the way I want it, but at least I am back up without losing any data.

  11. Don Ray, I’m so sorry you got hacked. But I’m glad you were able to recover so well. The background color looks a shade or two darker, but it could be that I’m on a different monitor.

    Is there anything you can say about what and how this happened that might benefit those of us who have blogs or web sites? Thank you. Marie

  12. Hi Marie. thanks for commenting. I think you are right. I just can’t find the color I had. I am not satisfied with this on, but I am tired of futzing with problems for a while.

    Related to your request, I will give it some thought and post more later.

Leave a Reply