[thelist] Hacked by kerem125

Chris Dempsey evolt at cubeit.co.uk
Fri Feb 2 08:36:31 CST 2007

Hey all,

We got a call today about a website which belongs to a company that one of
our guys is a Director of.  The site is handled entirely by another company
but as our guy is on holiday and can't help I took a quick look at it.

Domain in question is www.inandaboutayrshire.com and it now redirects to

A Google search for kerem125 reveals several sites that have been spidered
as having been hacked by the same group but have now been restored to the
correct site.

The DNS servers for inandaboutayrshire.com are the same as for the company
who originally built the site so I don't think they have been compromised.
I'm guessing the original default page of the inandaboutayrshire.com has
been partially swapped for a new one with a redirect script on it.  I say
partially swapped because if you watch as the page loads you can just see
the original menus in the background before it jumps to the killit.us

Anyone seen this before or know of a way to identify exactly what has been
compromised?  I'm guessing that someone simply gained access via FTP and
changed the default page.

Strangest thing is though that the gentleman who runs the company who own
the website received a voicemail on his home phone alerting him to the fact
that the site had been hacked and the caller said they would call again at a
specified time.  I've heard of hacks like this before but never in
combination with a telephone call.

I gave the website's owners a few phone numbers for people who may be able
to resolve the issue so this may be back to normal by the time you read

Any thoughts?


======[ copy of content at: http://killit.us/kerem.htm  ] ======

hİ Master or Administrat0r s0rry, Y0uR SyStem HACKED =)
HACKED BY kerem125
We are : by_kerem125 & by_emR3 &by_oksit & by_KinSize & gsy

Adim FarKim TarZim FaÇam HeRŞeyiM İşte Buda Benİm HACK'im :)

MucX ;)


More information about the thelist mailing list