Part III (Hacking in the Jungle)

**update 2015-01-12  The center Luz Cosmica is now known as La Nueva Luz http://lanuevaluz.jimdo.com/

We talked to James about the Luz Cosmica website and email address and even the PayPal account. The only thing that he would say was “Omar”. We weren’t sure if that meant that Omar was in control or that Omar had setup everything. Either way James didn’t know anything about who to contact or what to do. We also learned that Anaconda Cosmica was in the same situation. Fortunately they had a computer and Internet connection. I had noticed in previous communications with Anaconda that the emails from Omar had been from anacondacosmica@gmail.com while the emails from Sonia, James’s step mom who is now managing Anaconda Cosmica, came from anacondacosmicacenter@gmail.com. Sonia had already created a new email account. She was not able to update the information on their website so we volunteered to try to help them make the changes or at least point her in the right direction of whom to call. We managed to walk over to Anaconda Cosmica one day. We were told that it would be about a one hour walk but with all the rain the previous day it turned into a 2 1/2 hour walk. Once we arrived they fired up their generator and got out their laptop. We tried to get back their gmail account but we were not able to since we did not know the answers to any of their security questions. So Anaconda Cosmica has lost control of their anacondacosmica@gmail.com email address. That’s a horrible situation to be in. Next we did a “whois” to see where the anacondacosmica.com website was hosted at. We spent a little time and went to the hosting website and then we found the manage page. We went there and saw that the login name and password happened to be cached. Unfortunately the password was *******. Chris remembered that it was previously possible to reveal passwords obscured by ***** and he looked up the solution. Sure enough it worked. We went to view the source of the page, made a change in one field from “input type=password” to “input type=text” and there was the password. We wrote it down just in case it went away for some reason. We couldn’t belive that it was cached and that we were actually able to read it.
The management website was defaulting to the French language but we don’t speak French so we changed the language to English and tried to login. We got an error message. We tried to login a couple more times only to get the same error message. Then we tried leaving the language as French and then our jaw hit the floor as we were logged into the management page. We couldn’t belive that we were in. We immediately changed the contact information and owner for the domain name. We then spent the next 1 1/2 – 2 hours trying to figure out how to modify the web pages. We clicked on just about every option there was to click on but there was not graphical way to edit the web pages. Robbyn remembered that in the old days you needed to use FTP to upload your pages to the Internet. We located an FTP manager on the site and opened that and there were all of the pages listed. They were all .php pages and we were able to make some edits to the code to change the email address and to change some names. After about an hour of this we still could not find the way to edit the email and contact information on the main page. Then we saw the “search” option in very small text. We used that to find the remaining pages we needed to edit.
We were so lucky that we did not have to call anyone for support because that would have been a huge hassle and may not have worked out in out favor. We were also extremely lucky that the login name and password were cached. That never happens. So we were able to get the AnacondaCosmica.com website updated with their new email address and also remove Omar’s name from the site, and also we were able to update the owner and contact information for the domain. We were not able to get the gmail account back and it looks like that’s not a possibility.

As for James Arevalo and the LuzCosmica.com website and email address he has lost control of both. For a business that’s really a tough spot to be in. Someone can continue using your business website to make money and use your email in your name and you can’t do anything about it.
Unfortunately we were not able to help James with his website or email. Despite all of our years of experience in I.T. we feel incompetent and powerless that we are not able to help out in this situation.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s