Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.4.x
Author Message
dholt
Regular
Regular



Joined: Nov 21, 2005
Posts: 67

PostPosted: Sun May 14, 2006 9:31 am Reply with quote

logout(modules//includes/functions_common.php): failed to open stream: No such file or directory in *path edited by admin*/modules/Your_Account/index.php on line 1003

Not sure what happen this Morning as I was on then my site went to a white blank page. usually the hacker says something like you got owned by, but he did not.

I had a user around the same time from Romania so I blocked his IP.

Not sure were to look as I want this guy as I had to do a full backup from yesterday and lost posts due to the Back up.

We just got our teamspeak hacked last night and now our web site.

Were should I look as this at the top is the only error message I am seeing in my c panel error logs.

I tried to just replace files in the root but that did not correct the problem, so had to do a full back up.

any advice will be helpful as I am trying to find how he got in.

Thanks in advance

I also have this mambo file that I found that I did not put there.
 
View user's profile Send private message
hitwalker
Sells PC To Pay For Divorce



Joined:
Posts: 5661

PostPosted: Sun May 14, 2006 10:27 am Reply with quote

well it would have been better to check before you replaced the content with the backup..
you can check your latest visitors to....
 
View user's profile Send private message
dholt







PostPosted: Sun May 14, 2006 10:28 am Reply with quote

I tried to post some lines from it using the code thing and I hope I just didn't ban myself. sorry as I wanted someone to look at it.


Last edited by dholt on Sun May 14, 2006 8:02 pm; edited 1 time in total 
dholt







PostPosted: Sun May 14, 2006 10:30 am Reply with quote

Thanks Hitwalker I found a mambo file with starnge letters, I saved it to desktop and deleted.

I know Should have looked first but even with the backup this file is still there, maybe planted I don't know

PHP.RSTBackdoor is a back door Trojan that is written in PHP. It runs only on HTTP servers with PHP interpreters installed.


Last edited by dholt on Sun May 14, 2006 10:32 am; edited 1 time in total 
hitwalker







PostPosted: Sun May 14, 2006 10:31 am Reply with quote

well a bit confusing....
what do you want now ?
 
hitwalker







PostPosted: Sun May 14, 2006 10:35 am Reply with quote

is there also a r57shell.php ?
 
dholt







PostPosted: Sun May 14, 2006 10:38 am Reply with quote

no
 
hitwalker







PostPosted: Sun May 14, 2006 10:40 am Reply with quote

but is all ok now or not?
 
dholt







PostPosted: Sun May 14, 2006 10:48 am Reply with quote

Its fine, I was just wondering if anyone had the same with this mambo file. I am going thru everything.

Just not sure how they uploaded.

Thanks bro
 
hitwalker







PostPosted: Sun May 14, 2006 10:50 am Reply with quote

as far as i know of mambo and joomla aren't a security risk.
if it has weird whatever in it ,then show me..
 
hitwalker







PostPosted: Sun May 14, 2006 11:04 am Reply with quote

i think your post was deleted ...
out of security reasons...probably..
but yes i saw it....
again.....if you or anyone else give rights on a server to upload anything then things like this can happen...
 
dholt







PostPosted: Sun May 14, 2006 11:06 am Reply with quote

Deleted file


Last edited by dholt on Sun May 14, 2006 8:04 pm; edited 1 time in total 
dholt







PostPosted: Sun May 14, 2006 11:07 am Reply with quote

I had to put it in another file you can look at it thru this link I posted i hope

you will have to disable your anti virus to see it


Last edited by dholt on Sun May 14, 2006 11:13 am; edited 1 time in total 
hitwalker







PostPosted: Sun May 14, 2006 11:12 am Reply with quote

yes i already saw it the first time...
if you look you see who is behind this....
allthough this doesnt mean anything...
search in the file for .com
 
dholt







PostPosted: Sun May 14, 2006 11:14 am Reply with quote

ok let me get this file off my server first i don't even want it near anything

They uploaded to my root, not to any file that allows uploading into.

I think it may have to do with a program I use vwar as i updated and patched this program as was told to do but think there are still holes in it.


Last edited by dholt on Sun May 14, 2006 8:07 pm; edited 1 time in total 
dholt







PostPosted: Sun May 14, 2006 11:15 am Reply with quote

[ Only registered users can see links on this board! Get registered or login! ]
 
hitwalker







PostPosted: Sun May 14, 2006 1:44 pm Reply with quote

yes indeed but do take out the link...
just take away all options to upload anything..
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.4.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©