Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall
Hey, the scum of the family hacker. Delete all Web site data from our server
A sad thing has happened to our company, is unfortunate or unlucky, or God and we open this big joke, the company 1 years of data is destroyed in between 1 nights, is because of this hey color family studio inside that heycolor how can with us to open this big joke, We've already transferred the money to you.
April 26, 2008 afternoon he used the server above a Web site SQL injection point upload ASP Trojan Horse and then carry out a lot of Trojan, the server above the whole site are hung up their trojan, we found in the night of 26th because of the afternoon of 26th because our company all the staff out to rest, 26th night back found all the site was hanged Trojan, and then put all the Web site was hanging Trojan pages all cleared the horse, and then to find a Trojan
At that time is already late at night more than 1 Trojans all cleared up, because so many sites and data, may be hidden other trojan in the site, 27th morning he put all the Web site lot of the Trojan and began to fight with him until noon 12.00 Trojan All cleared up, the afternoon more than 2 He has all put the site on the Trojan, not easy to the afternoon more than 5 simply put the Web site IIS stopped, the night Trojan also cleared, not enough so may cause his anger, causing serious consequences
On the morning of April 28, 2008 We also looked for security on the server, but maybe he was early on the server using ASP Trojan for the right to mention
Then he logged in 3389 and put 2 files in each system disk. One is HeyColor.exe this software name is called Hey Color Network and so on (data transmitter)
This software is used to write mail to him and remittance money to his communication software another TXT file called admin please see the txt text content is:
Hello:
Before landing on this computer, you should be able to feel that something bad has happened.
Yes, it's a very bad thing,
Do you want to remove all data from this hard drive and protect it?
How to remove protection:
Landing Alipay website https://www.alipay.com/
You can also log in Tenpay https://www.tenpay.com/
Apply for an account at random,
Recharge to the inside, charge how much you set, but not equal to 0
Then, use the Heycolor program of this file directory to send the account data to me,
For example: Account number, login password, payment password, and you have to say,
If I receive a message on my cell phone, I will reply to you in 10 minutes and return to your email address.
If you haven't received your email in 10 minutes, resend it.
by Heycolor
found that each of these two files in each disk and then found that each site's data folder has been reduced,
It's over. I'm going to go through FTP again.
In less than 20 minutes, we found that our main website has not been in.
Log into the server to see the F-Disk inside the website program data all no one finished, is not all deleted,
Look at the txt note he left us. D hard drive is locked data are all hidden impossible ah, hidden words why hard disk use space or almost no use, no way through his that contact software we
He e-mailed us that the remittance of 200 yuan to tell you to get your data, we also really through the QQ wealth through the transfer of 200 yuan to him. His wealth through the account 928705385@qq.com is very smart and afraid to use the bank to ask us to send him money.
All right, give him the money, he sent a code, and he says he's not going to scratch you anymore.
We do not know the password to do what, and sent an e-mail to the past, he said that the compression package to extract the password, originally he put each disk compressed and then designed to extract the password and then the data all deleted
But when we found that our main website f the size of the compressed package is 28MB wrong ah, and then use him to give us the decompression password is correct but the hint compressed Baotou file was damaged, completely collapsed
We send a message to him why the file is so small he does not return information, we want to be sure that he compression is not complete or the site data some are using to cause no compression success hey
Inside 10 GB of Web site data are all gone, so we all have no site data, and then found that all of our 3389 users are not going to go. There is no way we call the computer room said application to the computer room to get back to our server to see if there is a way to recover data, we hastened to play D came to the room, contact room personnel to our tragic encounter told them, they also feel that we are really suffering from tragic loss
But because it was too late, the machine room said to the server to move back to wait until the superior approval, we have to take the hard drive back
Using another company server to hang this hard drive is not very tragic system can not go in, set up from the disk through the company this server does not have shelves for data recovery
Our data recovered to the night more than 1 although some of the Web site program to recover, but there are most of the programs are deleted can not find data
The database has not been restored to the latest date, get to 29th. We reload the server, put all the Web site one by one. However, found that a lot of data are gone, only the 2007 data to be used first, not enough to the current server site or each in the design mSQL database and assume that the site
Hey, I don't know what website to do.
Extremely depressed and miserable data just like this one night back to the reform and Opening-up, the company 1 years of information on the site destroyed by his despicable means, the company decided to find his trail, I hope we help find his information in this miserable thing, I think we will all pity us.
Here are some of the information we found through Baidu
His Baidu blog Http://hi.baidu.com/xiaohonghll
His domain http://www.hack-hs.cn/
He hacked 627 websites http://www.zone-h.com.cn/?mode=user&type=JQ&key=%BA%D9%C9%AB%A9g%C9%EE%B4%A6
I want you to help find the scum of this group of hey-colored family hackers.