Sub Menu
Links Menu
Online Users

In total there are 262 users online :: 2 registered, 0 hidden and 260 guests

Most users ever online was 1091 on Wed Aug 16, 2023 5:27 pm

Registered users: Bing [Bot], Google [Bot] based on users active over the past 60 minutes

Next attack - this time - phishing

Support for IntegraMOD 141

Moderator: Integra Moderator

Next attack - this time - phishing

PostAuthor: Maddeen » Mon Aug 08, 2011 11:13 pm

Hi there,

after the first hack now i got a bigger problem.

Somebody implemented a phishing-Site of an US Bank on my Webspace. :-?

Is there maybe a possibility to check my webspace against all know-security-risks? Maybe a tool?
I got no idea whats possible(necessary) to secure my webspace .. 2 attacks within 2 months - not good.

Hopefully IM3 will be released soon ..

Maddeen
Newbie
Newbie
 
Posts: 22
Likes: 0 post
Liked in: 0 post
Joined: Tue Jan 30, 2007 4:04 pm
Cash on hand: 0.00

Re: Next attack - this time - phishing

PostAuthor: Maddeen » Tue Aug 09, 2011 2:48 am

Update:

i have seen this information in ACP-Start-Site

What should i have to do? There are no updates in the download-section?

phpBB Security Status
The newest release is . The version you are using is 1.0.3. So I would have to say you need to upgrade ASAP!

Maddeen
Newbie
Newbie
 
Posts: 22
Likes: 0 post
Liked in: 0 post
Joined: Tue Jan 30, 2007 4:04 pm
Cash on hand: 0.00

Re: Next attack - this time - phishing

PostAuthor: Helter » Thu Aug 11, 2011 4:10 pm

there is no .php file in your pafiledbimages folder.
If you find one, delete it. also check pafiledbimagesscreenshots for any php files and delete them if found.
there is no update for phpBB Security. It is showing that message because the domain hosting the info file for phpBB Security is gone. No worries though, it is still secure.
You should also check your cpanel DNS zone file for your site. It is far more common to hack the servers DNS software to perform a phishing attack.
Always use Protection
Image


Please do not PM for support
User avatar
Helter
Administrator
Administrator
 
Posts: 4167
Likes: 0 post
Liked in: 0 post
Images: 0
Joined: Sat Mar 11, 2006 3:46 pm
Cash on hand: 172.60
Location: Seattle Wa
IntegraMOD version: IM 3

Re: Next attack - this time - phishing

PostAuthor: Maddeen » Thu Aug 11, 2011 9:52 pm

Thx Helter,

but what you mean with "Check Cpanel DNS" -- don ´t know where to find it - or if i have this.
I only got an "Account" at the webhoster. Configurable with confixx.

Fact is, somebody had the access to upload miscellaneous *.php files on my space hiding in miscellaneous paths of the integramod-installation. Some in the pafiledb-path - some in the AMOD-Path (see info below)

I don ´t know what i can do to get rid of this shit in future. I don ´t think that they made an bruteforceattack on my ftp-login - password is more than 12 characters long - with case sensitive chars + numbers + special characters.

[spoil:oot2032k]Dear Website Administrator,
>
> We are contacting you to report that your website tmhosting.de has been compromised and fraudulent content targeting our client Chase Bank has been placed at:
>
> http://WEBSPACE/Amod/jewels/chase.html
>
> IP Address: 109.xxx.xxx.xxx
>
> A criminal has placed this fake login page for the purpose of credit card fraud and identity theft. Please remove all files related to this attack and take action to secure your website.[/spoil:oot2032k]

Maddeen
Newbie
Newbie
 
Posts: 22
Likes: 0 post
Liked in: 0 post
Joined: Tue Jan 30, 2007 4:04 pm
Cash on hand: 0.00

Re: Next attack - this time - phishing

PostAuthor: MWE_001 » Fri Aug 12, 2011 12:10 pm

What you need to do is go in and set permission to the pafiledb/screenshots folder to 000 if you do not use screenshots. I personally would not.

There is a couple other security measures floating around here that you can take as well like .hta file and dropping a index.html file in all folders.

BUT I agree with Helter, phishing skemes normally are hacked server side and then files dropped in to your folders. Hackers like files that are chmod to 777 because they can easily execute files from that folder.

Definitely look into setting the permission for that screenshots folder though. I got hit 4 times and it was that folder every single time. Also, look for any strange image file extensions. All of them that got dropped on me were like image.php.jpg
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
MWE_001
Sr Integra Member
Sr Integra Member
 
Posts: 1265
Likes: 0 post
Liked in: 0 post
Images: 12
Joined: Fri Apr 21, 2006 6:59 pm
Cash on hand: 0.00
Location: Illinois


Return to IntegraMOD 141

Who is online

Registered users: Bing [Bot], Google [Bot]

cron