Does anyone know yet exactly where/how this exploit starts? Is it the missing code in functions_portal.php?
I want to make sure that before I bring stuff back up it really is fixed.
As it is my provider has shut my site down as they had uploaded several trojans and were using my server as a point o launch other attacks.
backdoors to look for are:
Ronin
dc
bindtty
tomorrow is going to be a long day
I was Hacked
Moderator: Integra Moderator
59 posts
• Page 3 of 4 • 1, 2, 3, 4
Re: I was Hacked
Author: ihammo » Fri Aug 25, 2006 6:02 pm
Last edited by ihammo on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
-
ihammo - Newbie
- Posts: 28
- Likes: 0 post
- Liked in: 0 post
- Joined: Thu May 25, 2006 1:42 am
- Cash on hand: 0.00
Re: I was Hacked
Author: ihammo » Fri Aug 25, 2006 6:10 pm
further to that - i noticed other function_xxxxx files in the includes folder also dont have the code below at the top. can anyone say if they shoudl have or not??
if (!defined('IN_PHPBB'))
{
die('Hacking attempt');
}
if (!defined('IN_PHPBB'))
{
die('Hacking attempt');
}
Last edited by ihammo on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
-
ihammo - Newbie
- Posts: 28
- Likes: 0 post
- Liked in: 0 post
- Joined: Thu May 25, 2006 1:42 am
- Cash on hand: 0.00
Re: I was Hacked
Author: MercAngel » Fri Aug 25, 2006 7:50 pm
just found out a site i am and admin on was also hacked
but the other site i own was not and ther are links back to mine on the one that was hacked so maybe is is a host thing
but the other site i own was not and ther are links back to mine on the one that was hacked so maybe is is a host thing
Last edited by MercAngel on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
-
MercAngel - Newbie
- Posts: 5
- Likes: 0 post
- Liked in: 0 post
- Joined: Sun Jul 30, 2006 7:38 pm
- Cash on hand: 0.00
Author: Unregistered » Sat Aug 26, 2006 5:13 am
all the sites which used premoded files were hacked? or did u guys updated manually by using FIND / REPLACE codes?
Last edited by Unregistered on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
J O N H | P L A Y E R
-
Unregistered - Sr Integra Member
- Posts: 254
- Likes: 0 post
- Liked in: 0 post
- Joined: Wed Jun 07, 2006 1:51 pm
- Cash on hand: 0.00
Re: I was Hacked
Author: Driver 7 » Sat Aug 26, 2006 6:22 am
Bloody hell. I was hacked also.
Last edited by Driver 7 on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[img=left]http://www.btusquad.net/stuff/new_sig.gif[/img]
-
Driver 7 - Integra Member
- Posts: 129
- Likes: 0 post
- Liked in: 0 post
- Joined: Sun Mar 26, 2006 5:25 pm
- Cash on hand: 0.00
- Location: Vancouver, BC
Author: Drop-Forged » Sat Aug 26, 2006 6:29 am
"Unregistered";p="14109" wrote:all the sites which used premoded files were hacked? or did u guys updated manually by using FIND / REPLACE codes?
I used premoded files on my site, and yes was hackedà¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¦. <img>
Last edited by Drop-Forged on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[url=http][img=left]http://www.christiansoldiers.com/Sig/sig.png[/img][/url]
[url=http]Free IntegraMod 141 Themes at webhutch.net[/url]
[url=http]Free IntegraMod 141 Themes at webhutch.net[/url]
-
Drop-Forged - Integra Member
- Posts: 167
- Likes: 0 post
- Liked in: 0 post
- Joined: Sat Apr 08, 2006 7:07 pm
- Cash on hand: 0.00
Author: ZacFields » Sat Aug 26, 2006 7:29 am
ihammo,
yes that string of code is supposed to be there for security purposes.
Zac
yes that string of code is supposed to be there for security purposes.
Zac
Last edited by ZacFields on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
-
ZacFields - Sr Integra Member
- Posts: 426
- Likes: 0 post
- Liked in: 0 post
- Joined: Wed May 24, 2006 10:14 pm
- Cash on hand: 0.00
Re: I was Hacked
Author: Rabi » Sat Aug 26, 2006 7:39 am
I was hacked also....
Last edited by Rabi on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
-
Rabi - Members
- Posts: 49
- Likes: 0 post
- Liked in: 0 post
- Joined: Mon Apr 24, 2006 1:30 am
- Cash on hand: 0.00
Re: I was Hacked
Author: Solomon » Sat Aug 26, 2006 10:33 am
Make that 3x hacked in less than 48 hours. See this thread if you already havent. http://integramod.com/forum/viewtopic.php?t=1944
Last edited by Solomon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[hr]
-
Solomon - Members
- Posts: 90
- Likes: 0 post
- Liked in: 0 post
- Joined: Sat May 20, 2006 8:22 am
- Cash on hand: 0.00
Re: I was Hacked
Author: Driver 7 » Sat Aug 26, 2006 10:43 am
It's an automated hacking script as far as I can tell.
It looks to me like the place of entry was through somewhere inside the chatspot folder.
It looks to me like the place of entry was through somewhere inside the chatspot folder.
Last edited by Driver 7 on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[img=left]http://www.btusquad.net/stuff/new_sig.gif[/img]
-
Driver 7 - Integra Member
- Posts: 129
- Likes: 0 post
- Liked in: 0 post
- Joined: Sun Mar 26, 2006 5:25 pm
- Cash on hand: 0.00
- Location: Vancouver, BC
Re: I was Hacked
Author: Teelk » Sat Aug 26, 2006 12:43 pm
Chatspot 1.0.0 is installed with IM, while version 2.0.0a7 is the latest version. I'll make the update available as soon as I have it all put together.
Last edited by Teelk on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
-
Teelk - Dev Team
- Posts: 1309
- Likes: 0 post
- Liked in: 0 post
- Joined: Tue Mar 14, 2006 5:25 pm
- Cash on hand: 0.00
- Location: Canada
Re: I was Hacked
Author: Driver 7 » Sat Aug 26, 2006 12:55 pm
Thanks Teelk.
What is chatspot and what exactly does it do? Is it something we use or can it be removed?
What is chatspot and what exactly does it do? Is it something we use or can it be removed?
Last edited by Driver 7 on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[img=left]http://www.btusquad.net/stuff/new_sig.gif[/img]
-
Driver 7 - Integra Member
- Posts: 129
- Likes: 0 post
- Liked in: 0 post
- Joined: Sun Mar 26, 2006 5:25 pm
- Cash on hand: 0.00
- Location: Vancouver, BC
Re: I was Hacked
Author: MercAngel » Sat Aug 26, 2006 1:49 pm
are we sure they are getting in throught the forum software it self and not the host or some toher way
i had my other site open now for 48 hours i CHMOD all the file and folders to 777 so it chould be hacked easy.
i also have a packet sniffer running and so far nothing.
i had my other site open now for 48 hours i CHMOD all the file and folders to 777 so it chould be hacked easy.
i also have a packet sniffer running and so far nothing.
Last edited by MercAngel on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
-
MercAngel - Newbie
- Posts: 5
- Likes: 0 post
- Liked in: 0 post
- Joined: Sun Jul 30, 2006 7:38 pm
- Cash on hand: 0.00
Re: I was Hacked
Author: MercAngel » Sat Aug 26, 2006 2:19 pm
i have been checking the internet on this file called c99.php
i have found sites that have been hacked by this thing back to 2004
it looks like they have hacked just about every forum software there is as well as some not forums sites
i have found sites that have been hacked by this thing back to 2004
it looks like they have hacked just about every forum software there is as well as some not forums sites
Last edited by MercAngel on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
-
MercAngel - Newbie
- Posts: 5
- Likes: 0 post
- Liked in: 0 post
- Joined: Sun Jul 30, 2006 7:38 pm
- Cash on hand: 0.00
Author: Solomon » Sat Aug 26, 2006 3:02 pm
How come this site hasn't been hacked yet? What are they doing right, that we are all doing wrong?
Last edited by Solomon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[hr]
-
Solomon - Members
- Posts: 90
- Likes: 0 post
- Liked in: 0 post
- Joined: Sat May 20, 2006 8:22 am
- Cash on hand: 0.00
59 posts
• Page 3 of 4 • 1, 2, 3, 4
Who is online
Registered users: Bing [Bot], Majestic-12 [Bot]
IntegraMOD® is Powered by phpBB® Forum Software © phpBB Group
