Sub Menu
Links Menu
Online Users

In total there are 321 users online :: 1 registered, 0 hidden and 320 guests

Most users ever online was 1091 on Wed Aug 16, 2023 5:27 pm

Registered users: Google [Bot] based on users active over the past 60 minutes

Spam exploit

This is where youll find security related information.
Discuss Integramod/phpbb security issues here.

Moderator: Integra Moderator

Spam exploit

PostAuthor: BMD » Wed Oct 04, 2006 5:09 pm

Hi Guys

I got home from work today to find a message on my answering machine from my Host provider.

They are telling me that some one has hacked my site and is senting out spam.

My Host Provider is asking me to disable all files from write and exicute.....

Not good.

I checked my directories for modified files and found the following files had been changed somehow.

root/includes/def_tree.php (modified Oct 1)
root/modules/explain/e-1.html (modified Oct 4) ***What is this?***
root/modules/cache/templates/fisubice/decompiled.php.html (modified Oct 4)

I went directory by directory.... those are the only files that have been noted as modified that I know i did not make any changes to.... there are 2 php scripts that I wrote that I made a time chaange to indicate the change in sunset.


As a note... The only thing I have added since doing a compleat from scratch install of phpBB2.0.21 / Security 1.0.3 / IM 1.4.0 and the new security patches
is the Classified Module.

I am awaiting a call from the HP to get more details on what they want me to do.

Anyone else have spam problems? or any suggestions?
Last edited by BMD on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

BMD
Members
Members
 
Posts: 84
Likes: 0 post
Liked in: 0 post
Joined: Thu Aug 24, 2006 4:12 am
Cash on hand: 0.00

PostAuthor: Michaelo » Thu Oct 05, 2006 4:28 am

These files could be OK... root/modules/explain/e-1.html, root/modules/cache/templates/fisubice/decompiled.php.html...
Examine them for suspicious code and delete them if they have been altered

Replace the root/includes/def_tree.php (if it contains suspicious code) with original and check the Classified Module in google for possible hacks...

It doesn't look like you were hacked... what is the addy used in the spanning?... disable your email temporarily...
Mike
Last edited by Michaelo on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Likes: 0 post
Liked in: 0 post
Joined: Sat Mar 11, 2006 5:14 pm
Cash on hand: 0.00
Location: Dublin, Ireland

PostAuthor: BMD » Thu Oct 05, 2006 6:41 am

"Michaelo";p="16123" wrote:These files could be OK... root/modules/explain/e-1.html, root/modules/cache/templates/fisubice/decompiled.php.html...
Examine them for suspicious code and delete them if they have been altered

Replace the root/includes/def_tree.php (if it contains suspicious code) with original and check the Classified Module in google for possible hacks...

It doesn't look like you were hacked... what is the addy used in the spanning?... disable your email temporarily...
Mike


Mike

I made a few catagory changes... that might account for the Def_tree modification.

As for looking for suspicious code I would not know where to begin...

I'm a videographer.... What I have is pretty much stock off the shelf IM with the exception of 3 weather scripts I trew together (lean as you go) and the Classified Mod. The only other thing is custom images I threw together.

Disabling the mail was the first thing I did on hearing about spam.

The HP tech seemed clueless on who or what ... only that the Admins reported a spam warning to them and they passed it on to me.

I checked with some of my users and they don't report any spam recieving any.

I have my mail accounts set to copy anything sent to a folder.... nothing there either.

?Right now I'm waiting, checking directories for modified files, and watching the site a little more.
Last edited by BMD on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

BMD
Members
Members
 
Posts: 84
Likes: 0 post
Liked in: 0 post
Joined: Thu Aug 24, 2006 4:12 am
Cash on hand: 0.00

PostAuthor: Michaelo » Fri Oct 06, 2006 11:21 am

I'm beginning to think the Spam Warning was erroneous... <img>
Last edited by Michaelo on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Likes: 0 post
Liked in: 0 post
Joined: Sat Mar 11, 2006 5:14 pm
Cash on hand: 0.00
Location: Dublin, Ireland

Re: Spam exploit

PostAuthor: BMD » Tue Oct 10, 2006 11:03 am

Mike

I also think it in error.

I have yet to hear anthing new on the matter....

I'm leaving the mail turned off though just the same.

Cheers
Doug
Last edited by BMD on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

BMD
Members
Members
 
Posts: 84
Likes: 0 post
Liked in: 0 post
Joined: Thu Aug 24, 2006 4:12 am
Cash on hand: 0.00


Return to Forum Security

Who is online

Registered users: Google [Bot]

cron