PHP-Nuke website compromised

Posted: Thu Nov 25, 2010 1:52 pm

It seems from recent email I received that a third party has gained access to the userbase at php-nuke.org and is using it to send spam.

The email contains links to various software products, services and networking sites and although some links have anchor text displaying downloads.php-nuke.org that isn't where the links actually go.

Posted: Fri Nov 26, 2010 11:15 am

It's in my hotmail spam box so no worries.
Shame though that MicroSucks Hotmail doesn't allow me to view the mail source to see which server send the spam

Posted: Fri Nov 26, 2010 5:30 pm

ns60935.ovh.net
[188.165.14.124]:55494

Posted: Sat Nov 27, 2010 3:46 am

So it's not compromised but only the name is falsely used Wink

Posted: Sat Nov 27, 2010 4:14 am

No it isn't compromised in the sense that the domain is being used as a mail relay but I have two accounts at php-nuke.org and both got spammed with the same advertising email at the same time so I think it's a safe bet that someone has accessed the userlist to create a mailinglist - the email indicates it's being sent to a mailinglist (powered by Inspire).
Someone obviously went to a fair amount of trouble as the mail uses a number of hot linked images at php-nuke.org

Of course it's also possible the website owner was responsible (but unlikely).

As if we didn't have enough to do with the 'imitation' Facebook and Twitter emails and compromised Hotmail account address books...

Posted: Sat Nov 27, 2010 10:12 am

Good points there.
Especially those from hotmail are a PITA.
They use the friends list and send an email to them with a friend in the "from" address so that you never know which msn account was compromised.

And don't forget all those compromised Windows OS computers out there!

Thank god i run on GNU/Linux