Help if you can please

  • suzie
  • Guru
  • Guru
  • User avatar
  • Posts: 1134
  • Loc: England

Post 3+ Months Ago

I posted here in this section because its a windows problem..

I would like to help a friend who was hacked.

Quote:
I've been searching for *fixes* and can only find others with the same
problem.



Many of the files in my installation of phpBB have an ugly patch of
scripting (I'm googling the fairly unique string ' tmp_lkojfghx')



Last night, the bb stopped working. I found the problem with the files,
deleted them and uploaded fresh. It was working when I went to bed. (I
assumed it had happened recently when the files were set to 777 briefly
for a config change. They're changed back, and it's still happened.)



This morning, it's happened again. The files are read only. There are
only two of us with ftp access and I trust us both.



Crystal Tech is feeding me canned answers from a book, some of which
refer to versions of phpBB which are three years old; one link they sent
was regarding an exploit patched in 2005. (When CT works, it's great,
but for some reason, when there's the slightest issue, they suddenly
become corporate stiffs who just keep repeating "not our fault; not our
fault." Also a bit scary, this morning I'm having problems connecting to
them via ftp.)



I'm not a MySQL admin, nor do I know much about PHP security. But I
can't find any helpful info about preventing this from happening again,
and Crystal Tech is pretty much leaving it up to me.


Thanks!
S
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • grinch2171
  • Moderator
  • Genius
  • User avatar
  • Posts: 6809
  • Loc: Martinsburg, WV

Post 3+ Months Ago

How is this a Windows problem? This is a website problem. Sounds like his website is getting hacked to me.
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13503
  • Loc: Florida

Post 3+ Months Ago

Are you thinking there's a keylogger on one of the systems with FTP access ?

Other than that or it being Windows hosting and a Windows flaw on the server giving the attacker access (which would make it the fault of the host), I don't see any other way this would be a Windows issue. :scratchhead:
  • suzie
  • Guru
  • Guru
  • User avatar
  • Posts: 1134
  • Loc: England

Post 3+ Months Ago

Hi Grinch,

He says after someone else said dl the Apache access log, it's running on a Windows server. Thats why I posted here grinch, sorry if it was in the wrong place after all.
  • suzie
  • Guru
  • Guru
  • User avatar
  • Posts: 1134
  • Loc: England

Post 3+ Months Ago

Thanks Jobert!

Other than that or it being Windows hosting and a Windows flaw on the server giving the attacker access

I think its maybe the above jobert. Not having such an experience (me) I would have to ask.
  • spinhead
  • Born
  • Born
  • User avatar
  • Posts: 1

Post 3+ Months Ago

howdy; I'm the original victim.

there are only two ftp accounts to the shared hosting in question. it's only accessed from two machines right here in my office. although it's not impossible that it's some keylogging whatever, it seems highly unlikely due to my network security and general paranoic attitude.

I doubt that it's Windows specific; that only came up because someone suggested looking at the Apache logs, and it's running on IIS so unless my head is seriously broken, there are no Apache logs.

if this isn't the right place for this conversation please redirect me; I'm only here replying to the existing thread from the link I was sent.

thankies.

Post Information

  • Total Posts in this topic: 6 posts
  • Users browsing this forum: No registered users and 58 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.