Back To Microsoft Windows Forum

Help if you can please

  • suzie
  • Guru
  • Guru
  • User avatar
  • Joined: Feb 07, 2004
  • Posts: 1127
  • Loc: England
  • Status: Offline

Post March 27th, 2009, 12:50 pm

I posted here in this section because its a windows problem..

I would like to help a friend who was hacked.

Quote:
I've been searching for *fixes* and can only find others with the same
problem.



Many of the files in my installation of phpBB have an ugly patch of
scripting (I'm googling the fairly unique string ' tmp_lkojfghx')



Last night, the bb stopped working. I found the problem with the files,
deleted them and uploaded fresh. It was working when I went to bed. (I
assumed it had happened recently when the files were set to 777 briefly
for a config change. They're changed back, and it's still happened.)



This morning, it's happened again. The files are read only. There are
only two of us with ftp access and I trust us both.



Crystal Tech is feeding me canned answers from a book, some of which
refer to versions of phpBB which are three years old; one link they sent
was regarding an exploit patched in 2005. (When CT works, it's great,
but for some reason, when there's the slightest issue, they suddenly
become corporate stiffs who just keep repeating "not our fault; not our
fault." Also a bit scary, this morning I'm having problems connecting to
them via ftp.)



I'm not a MySQL admin, nor do I know much about PHP security. But I
can't find any helpful info about preventing this from happening again,
and Crystal Tech is pretty much leaving it up to me.


Thanks!
S
http://jungaling.com/katecorner/
  • Anonymous
  • Bot
  • No Avatar
  • Joined: 25 Feb 2008
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post March 27th, 2009, 12:50 pm

  • grinch2171
  • Moderator
  • Genius
  • User avatar
  • Joined: Feb 11, 2004
  • Posts: 6741
  • Loc: Martinsburg, WV
  • Status: Offline

Post March 27th, 2009, 12:55 pm

How is this a Windows problem? This is a website problem. Sounds like his website is getting hacked to me.
‎"Be polite, be professional, but have a plan to kill everybody you meet." Maj. Gen. James Mattis
  • joebert
  • Sledgehammer
  • Genius
  • No Avatar
  • Joined: Feb 10, 2004
  • Posts: 13455
  • Loc: Florida
  • Status: Offline

Post March 27th, 2009, 1:04 pm

Are you thinking there's a keylogger on one of the systems with FTP access ?

Other than that or it being Windows hosting and a Windows flaw on the server giving the attacker access (which would make it the fault of the host), I don't see any other way this would be a Windows issue. :scratchhead:
Strong with this one, the sudo is.
  • suzie
  • Guru
  • Guru
  • User avatar
  • Joined: Feb 07, 2004
  • Posts: 1127
  • Loc: England
  • Status: Offline

Post March 27th, 2009, 1:05 pm

Hi Grinch,

He says after someone else said dl the Apache access log, it's running on a Windows server. Thats why I posted here grinch, sorry if it was in the wrong place after all.
http://jungaling.com/katecorner/
  • suzie
  • Guru
  • Guru
  • User avatar
  • Joined: Feb 07, 2004
  • Posts: 1127
  • Loc: England
  • Status: Offline

Post March 27th, 2009, 1:08 pm

Thanks Jobert!

Other than that or it being Windows hosting and a Windows flaw on the server giving the attacker access

I think its maybe the above jobert. Not having such an experience (me) I would have to ask.
http://jungaling.com/katecorner/
  • spinhead
  • Born
  • Born
  • User avatar
  • Joined: Mar 27, 2009
  • Posts: 1
  • Status: Offline

Post March 27th, 2009, 1:43 pm

howdy; I'm the original victim.

there are only two ftp accounts to the shared hosting in question. it's only accessed from two machines right here in my office. although it's not impossible that it's some keylogging whatever, it seems highly unlikely due to my network security and general paranoic attitude.

I doubt that it's Windows specific; that only came up because someone suggested looking at the Apache logs, and it's running on IIS so unless my head is seriously broken, there are no Apache logs.

if this isn't the right place for this conversation please redirect me; I'm only here replying to the existing thread from the link I was sent.

thankies.

Page 1 of 1

Post Information

  • Total Posts in this topic: 6 posts
  • Users browsing this forum: No registered users and 109 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 2011 Unmelted, LLC. Ozzu® is a registered trademark of Unmelted, LLC.