hacker alert

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • jpoker
    Confirmed User
    • Feb 2003
    • 362

    #1

    hacker alert

    one of our MGPs just got hacked and was dishing out a trojan. I discovered an iframe in the HTML code that had this as the src:

    "hahaha104;hahaha116;hahaha116;hahaha112;hahaha58; hahaha47;hahaha47;hahaha116;hahaha114;hahaha97;hah aha102;hahaha102;hahaha115;hahaha97;hahaha108;haha ha101;hahaha46;hahaha98;\
    hahaha105;hahaha122;hahaha47;hahaha100;hahaha108;h ahaha47;hahaha97;hahaha100;hahaha118;hahaha52;haha ha52;hahaha49;hahaha46;hahaha112;hahaha104;hahaha1 12;"

    I've just heard of this happening to a couple of other people as well so I suggest you check your sites to see if it has occured to you as well.

    So far I have no idea how the code was actually inserted. We run autogallery sql 3.03 and tm3. The server otherwise looks clean from what the security guys can tell.

    - jpoker
    http://www.bigboobdreams.com
    Big Juicy Healthy Boobs
  • diggz
    Registered User
    • Apr 2005
    • 302

    #2
    You are using a version of AGSQL with a security hole. I suggest you visit jmbsoft.com and PATCH!

    Comment

    • jpoker
      Confirmed User
      • Feb 2003
      • 362

      #3
      Thanks, I will look into that.
      http://www.bigboobdreams.com
      Big Juicy Healthy Boobs

      Comment

      • KyleHoppes
        So Fucking Banned
        • Sep 2005
        • 354

        #4
        Originally posted by jpoker
        one of our MGPs just got hacked and was dishing out a trojan. I discovered an iframe in the HTML code that had this as the src:

        "hahaha104;hahaha116;hahaha116;hahaha112;hahaha58; hahaha47;hahaha47;hahaha116;hahaha114;hahaha97;hah aha102;hahaha102;hahaha115;hahaha97;hahaha108;haha ha101;hahaha46;hahaha98;\
        hahaha105;hahaha122;hahaha47;hahaha100;hahaha108;h ahaha47;hahaha97;hahaha100;hahaha118;hahaha52;haha ha52;hahaha49;hahaha46;hahaha112;hahaha104;hahaha1 12;"

        I've just heard of this happening to a couple of other people as well so I suggest you check your sites to see if it has occured to you as well.

        So far I have no idea how the code was actually inserted. We run autogallery sql 3.03 and tm3. The server otherwise looks clean from what the security guys can tell.

        - jpoker

        Is your autogallery username and password "admin" ?

        Comment

        • Makingcoin
          Confirmed User
          • Aug 2002
          • 8919

          #5
          Sorry to hear that bro, I will check out my sites now.

          www.MAKINGCOIN.com

          icq. 166-662-831
          "Start making large coin!"


          Daddy I Get Paid To Be A Whore - Coming Soon

          Comment

          • jpoker
            Confirmed User
            • Feb 2003
            • 362

            #6
            Originally posted by KyleHoppes
            Is your autogallery username and password "admin" ?
            I've been known to do silly things, but I didn't leave the default password
            as admin, though i did leave the username as 'admin' and that opens me up to brute force attacks i guess.
            http://www.bigboobdreams.com
            Big Juicy Healthy Boobs

            Comment

            • Fucksakes
              Shit... Fuck! What the Hell?
              • Dec 2003
              • 7567

              #7
              my server been pretty fucking slow too

              Comment

              • Fucksakes
                Shit... Fuck! What the Hell?
                • Dec 2003
                • 7567

                #8
                may I ask where you are hosted?

                Comment

                • High Quality
                  Confirmed User
                  • Feb 2002
                  • 5741

                  #9
                  Ouch, that sounds no fun.

                  RecurCash.com - Averaging $38/sale with 60% revshare in the first 4 months alone!

                  Convert your TEEN traffic today @ better than 1:500 guaranteed. ICQ me: 18287590!

                  Comment

                  • Ace_luffy
                    www.creationcrew.com
                    • Feb 2005
                    • 12164

                    #10
                    that's scares me


                    ++ Adult and Mainstream Websites Designs | 10 banners for only $50 | html5 Banners ++
                    email : [email protected] Telegram : https://t.me/creationcrew WhatsApp : +63 956 420 4819 | HTML5/Responsive Site - Div/CSS - ElevatedX - NATs - Wordpress

                    Comment

                    • phonesex
                      Confirmed User
                      • Mar 2005
                      • 3437

                      #11
                      Id call the hosting company fast

                      Comment

                      • darksoul
                        Confirmed User
                        • Apr 2002
                        • 4997

                        #12
                        do you have any php scripts ?
                        those are usually the culprit.
                        1337 5y54|)m1n: 157717888
                        BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
                        Cambooth

                        Comment

                        • SmokeyTheBear
                          ►SouthOfHeaven
                          • Jun 2004
                          • 28609

                          #13
                          that doesnt look like the full code..

                          traffsale.biz ?
                          hatisblack at yahoo.com

                          Comment

                          • SmokeyTheBear
                            ►SouthOfHeaven
                            • Jun 2004
                            • 28609

                            #14
                            looks like thats the domain registered a few days ago..


                            oh its that idiot..

                            http://traffsale.biz/dl/adv435.php
                            hatisblack at yahoo.com

                            Comment

                            • SmokeyTheBear
                              ►SouthOfHeaven
                              • Jun 2004
                              • 28609

                              #15
                              same guy that got sleazy and thehun
                              hatisblack at yahoo.com

                              Comment

                              • SmokeyTheBear
                                ►SouthOfHeaven
                                • Jun 2004
                                • 28609

                                #16
                                pretty sure this site has something to do with it ( affiliate / trade partner)

                                http://marta.sexmadams.net/?rev=variusmanx
                                hatisblack at yahoo.com

                                Comment

                                • SmokeyTheBear
                                  ►SouthOfHeaven
                                  • Jun 2004
                                  • 28609

                                  #17
                                  http://traffsale.biz/dl/

                                  theres the directory of the crapola
                                  hatisblack at yahoo.com

                                  Comment

                                  • SmokeyTheBear
                                    ►SouthOfHeaven
                                    • Jun 2004
                                    • 28609

                                    #18
                                    looks like a directory of ip's of infected users..

                                    http://traffsale.biz/dl/ips/
                                    hatisblack at yahoo.com

                                    Comment

                                    • SmokeyTheBear
                                      ►SouthOfHeaven
                                      • Jun 2004
                                      • 28609

                                      #19
                                      looks like he changed a few things
                                      hatisblack at yahoo.com

                                      Comment

                                      • ServerGenius
                                        Confirmed User
                                        • Feb 2002
                                        • 9377

                                        #20
                                        chkrootkit
                                        | http://www.sinnerscash.com/ | ICQ: 370820 | Skype: SinnersCash | AdultWhosWho |

                                        Comment

                                        • pornguy
                                          Too lazy to set a custom title
                                          • Mar 2003
                                          • 62912

                                          #21
                                          The good thing is, that this guy will continue to get away with this, because itis far more important to arrest pornographers than hackers.
                                          PornGuy skype me pornguy_epic

                                          AmateurDough The Hottes Shemales online!
                                          TChicks.com | Angeles Cid | Mariana Cordoba | MAILERS WELCOME!

                                          Comment

                                          Working...