Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other
Author Message
gbhughs
Regular
Regular


Joined: Sep 11, 2004
Posts: 84

PostPosted: Sat May 06, 2006 10:26 am Reply with quote

There was another exploit against my site again today.

This second round of attack was a Phishing exploit script installed into my directory.

This time the exploit file contained a link to a url that includes several hacks against software such as PHPNuke, PHPBB, and others. The list of hacks this site offers is at Only registered users can see links on this board! Get registered or login! The newest exploit file (from that website) can give someone the ability to create new admin level accounts in the affected software (PHPBB and Wordpress among them).

The first round of attacks on my site was..
1) Setup an htaccess file which created a custom "error document" directive (i.e. what gets shown when the "page cannot be found").

2) Create the custom error document which contained some encoded URLs to a script which was (seemingly) designed to display some links to a site that would then apparently be paying someone for the traffic.

I am running phpBB 2.0.19, 76v2.02, (nuke sentinel) 2.4.2pl3.

So my question is is there a patch or should I just upgrade to the newest version? Are you guys aware of this?

Thanks in advance
 
View user's profile Send private message
jaded
Theme Guru


Joined: Nov 01, 2003
Posts: 1006

PostPosted: Sat May 06, 2006 10:40 am Reply with quote

you should consider listing the addons you are using such as galleries, old modules, and anything that allows people to upload to your server. Those are normally the causes. There are also 3.2 patches out from chatserv.

_________________
Themes BB Skins Only registered users can see links on this board! Get registered or login!
Graphic Tees Only registered users can see links on this board! Get registered or login!
Paranormal Tees Only registered users can see links on this board! Get registered or login!
Ghost Stories & More Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
gbhughs
PostPosted: Sat May 06, 2006 12:37 pm Reply with quote

Right now I can't do anything, my host has shut down the site.

I guess, according to my host, other sites were infected to.
My site being the epicenter of the attack.

The only addons I am using, that didnt come with the package, are NukeC30 and a rss reader. I also created a block with links to the site, for members.

I use a NukeC30 (classifieds) block for recent posts, and recent forum posts block, user info block, and a google adsense block.
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Sat May 06, 2006 3:36 pm Reply with quote

What I do know about this is there is one form of it going around - if you look in your /tmp folder on your server, you will see an "eggdrop" that produces an IRC channel amongst other things. That is where the phishing is coming from, if that's it. The other possibility is that you either have a third party addon that allows uploads that is being exploited or possibly a rootkit on your server.
 
View user's profile Send private message
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Sat May 06, 2006 5:13 pm Reply with quote

Seems that exploit site is no longer loading?
I don't know of any active exploits with what you are using, at least within phpNuke and phpBB.

Your host should provide all the logs on how the attack was done. That way, we could help prevent it

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©