IntegraMOD

Hi Guys

I got home from work today to find a message on my answering machine from my Host provider.

They are telling me that some one has hacked my site and is senting out spam.

My Host Provider is asking me to disable all files from write and exicute.....

Not good.

I checked my directories for modified files and found the following files had been changed somehow.

root/includes/def_tree.php (modified Oct 1)
root/modules/explain/e-1.html (modified Oct 4) ***What is this?***
root/modules/cache/templates/fisubice/decompiled.php.html (modified Oct 4)

I went directory by directory.... those are the only files that have been noted as modified that I know i did not make any changes to.... there are 2 php scripts that I wrote that I made a time chaange to indicate the change in sunset.


As a note... The only thing I have added since doing a compleat from scratch install of phpBB2.0.21 / Security 1.0.3 / IM 1.4.0 and the new security patches
is the Classified Module.

I am awaiting a call from the HP to get more details on what they want me to do.

Anyone else have spam problems? or any suggestions?

These files could be OK... root/modules/explain/e-1.html, root/modules/cache/templates/fisubice/decompiled.php.html...
Examine them for suspicious code and delete them if they have been altered

Replace the root/includes/def_tree.php (if it contains suspicious code) with original and check the Classified Module in google for possible hacks...

It doesn't look like you were hacked... what is the addy used in the spanning?... disable your email temporarily...
Mike

"Michaelo";p="16123" wrote:These files could be OK... root/modules/explain/e-1.html, root/modules/cache/templates/fisubice/decompiled.php.html...
Examine them for suspicious code and delete them if they have been altered

Replace the root/includes/def_tree.php (if it contains suspicious code) with original and check the Classified Module in google for possible hacks...

It doesn't look like you were hacked... what is the addy used in the spanning?... disable your email temporarily...
Mike

Mike

I made a few catagory changes... that might account for the Def_tree modification.

As for looking for suspicious code I would not know where to begin...

I'm a videographer.... What I have is pretty much stock off the shelf IM with the exception of 3 weather scripts I trew together (lean as you go) and the Classified Mod. The only other thing is custom images I threw together.

Disabling the mail was the first thing I did on hearing about spam.

The HP tech seemed clueless on who or what ... only that the Admins reported a spam warning to them and they passed it on to me.

I checked with some of my users and they don't report any spam recieving any.

I have my mail accounts set to copy anything sent to a folder.... nothing there either.

?Right now I'm waiting, checking directories for modified files, and watching the site a little more.

I'm beginning to think the Spam Warning was erroneous... <img>

Mike

I also think it in error.

I have yet to hear anthing new on the matter....

I'm leaving the mail turned off though just the same.

Cheers
Doug