Comus Thumbs.com down after big hack?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Spudman
    Confirmed User
    • Aug 2002
    • 3198

    #1

    Comus Thumbs.com down after big hack?

    hey,

    Is http://comusthumbs.com/ down for you guys? I can't access it.
    Take it Easy !!!
  • hjnet
    Confirmed User
    • May 2002
    • 3815

    #2
    Yes, looks like their Server is down

    Comment

    • fpforum
      Confirmed User
      • Dec 2006
      • 1045

      #3
      Yup, the site is down here in central USA as well!

      Email: strikedata |@| gmail.com Skype: mistercashman

      Comment

      • Spudman
        Confirmed User
        • Aug 2002
        • 3198

        #4
        Guessing this is the end of comus then. After this last hack i'm never using comus again anyway. I dont think the owner has giving a shit about comus for years now.
        Take it Easy !!!

        Comment

        • Darkhorse
          Horsing Around
          • Sep 2002
          • 5879

          #5
          Originally posted by Spudman
          Guessing this is the end of comus then. After this last hack i'm never using comus again anyway. I dont think the owner has giving a shit about comus for years now.
          Have to agree, I used it when it first came out oh so many years ago. Now fuck that shit smart thumbs is way to go....

          Comment

          • Bhunter
            Confirmed User
            • Dec 2006
            • 1119

            #6
            even after deleting CT folder in your root and switichig to ST, the exploit code returns.

            I'm done with CT

            Comment

            • hjnet
              Confirmed User
              • May 2002
              • 3815

              #7
              Originally posted by Bhunter
              even after deleting CT folder in your root and switichig to ST, the exploit code returns.

              I'm done with CT
              Maybe some script runs on your server that constantly inserts that code. Check your Server for files that have been changed on or around the date when the exploit first appeared

              Comment

              • Bhunter
                Confirmed User
                • Dec 2006
                • 1119

                #8
                yup I'm affraid that's the case. working on it ;)

                Comment

                • Davy
                  Confirmed User
                  • Apr 2006
                  • 4323

                  #9
                  Weird. I only checked the site of comusthumbs a couple of days ago...

                  Anybody want to buy two spare comus licenses?
                  ---
                  ICQ 14-76-98 <-- I don't use this at all

                  Comment

                  • Bhunter
                    Confirmed User
                    • Dec 2006
                    • 1119

                    #10
                    yesterday the site was up, but nobody in the forum mentioned about the hack

                    Comment

                    • Spudman
                      Confirmed User
                      • Aug 2002
                      • 3198

                      #11
                      Originally posted by Bhunter
                      even after deleting CT folder in your root and switichig to ST, the exploit code returns.

                      I'm done with CT
                      you have to change the permissions of ST after the install, the standard permissions are still vulnerable to the hack. I finally have a safe working version of ST on my server now and a script that will update all my new installs of ST to correct, safe permissions.

                      I installed ST to replace CT and it was hacked within about 2 mins until i did the above. Its a bitch of a hack
                      Take it Easy !!!

                      Comment

                      • Bhunter
                        Confirmed User
                        • Dec 2006
                        • 1119

                        #12
                        did you set it to 755?

                        Comment

                        • katharos
                          So Fucking Banned
                          • Nov 2005
                          • 1515

                          #13
                          the power of hackers ... there is always someone better, and if hackers want to put something down, they will find a way, and looks like its working ...

                          Comment

                          • HEAT
                            Confirmed User
                            • Sep 2003
                            • 2255

                            #14
                            Comus users, if you looking to buy ST license for migraton I found a great deal here.
                            http://www.gfy.com/showthread.php?t=917058
                            254-282-542

                            Comment

                            • area51 - BANNED FOR LIFE
                              So Fucking Banned
                              • Aug 2009
                              • 3163

                              #15
                              oh well, shit hasn't been updated forever, what do you expect to happen

                              Comment

                              • Davy
                                Confirmed User
                                • Apr 2006
                                • 4323

                                #16
                                Assuming there is a hack and that it is based on permissions, the comus staff is to blame.
                                They always advised people to "just chmod the whole comus folder to 777".
                                That's never a good idea. People should not have followed that advise in the first place.
                                ---
                                ICQ 14-76-98 <-- I don't use this at all

                                Comment

                                • HEAT
                                  Confirmed User
                                  • Sep 2003
                                  • 2255

                                  #17
                                  Originally posted by Spudman
                                  you have to change the permissions of ST after the install, the standard permissions are still vulnerable to the hack. I finally have a safe working version of ST on my server now and a script that will update all my new installs of ST to correct, safe permissions.

                                  I installed ST to replace CT and it was hacked within about 2 mins until i did the above. Its a bitch of a hack
                                  You need to scan your PC first. the hacker might own your ftp login already.
                                  I'm sure hacker running remote script that stored your login info. so it frequently injects JS/iframs code into your site files.

                                  Clean your PC with anti-spyware then change all server passwords.
                                  after that, remove the code in all files with text editor. Don't open infected webpages with browser until all removal is done.

                                  it did work for me.
                                  254-282-542

                                  Comment

                                  • pornguy
                                    Too lazy to set a custom title
                                    • Mar 2003
                                    • 62912

                                    #18
                                    man it sucks to see such a great program go.
                                    PornGuy skype me pornguy_epic

                                    AmateurDough The Hottes Shemales online!
                                    TChicks.com | Angeles Cid | Mariana Cordoba | MAILERS WELCOME!

                                    Comment

                                    • Spudman
                                      Confirmed User
                                      • Aug 2002
                                      • 3198

                                      #19
                                      Originally posted by HEAT
                                      You need to scan your PC first. the hacker might own your ftp login already.
                                      I'm sure hacker running remote script that stored your login info. so it frequently injects JS/iframs code into your site files.

                                      Clean your PC with anti-spyware then change all server passwords.
                                      after that, remove the code in all files with text editor. Don't open infected webpages with browser until all removal is done.

                                      it did work for me.
                                      yeah done that, cleaned machine, changed all passwords, removed infected code from all pages but it still managed to spread to clean pages in a couple of minutes. thanks to my host we've got it locked down now and its not spreading.
                                      Now i have to repair the sites and install ST over 40 times to replace CT
                                      Take it Easy !!!

                                      Comment

                                      • Spudstr
                                        Confirmed User
                                        • Jan 2003
                                        • 2321

                                        #20
                                        Originally posted by Spudman
                                        you have to change the permissions of ST after the install, the standard permissions are still vulnerable to the hack. I finally have a safe working version of ST on my server now and a script that will update all my new installs of ST to correct, safe permissions.

                                        I installed ST to replace CT and it was hacked within about 2 mins until i did the above. Its a bitch of a hack
                                        Also need to check for malisious bots/programs running hidden as httpd. Easy to find if you do a ps auxwwwww and see something like [httpd] or related then followed by a blank line under it and some random word like start or log etc.

                                        Also please check your /tmp folder so its set to noexec so pearl scripts cannot be ran out of this location after being uploaded.

                                        I can go on and on but thats the jist of it.
                                        Managed Hosting - Colocation - Network Services
                                        Yellow Fiber Networks
                                        icq: 19876563

                                        Comment

                                        • Lace
                                          Too lazy to set a custom title
                                          • Mar 2004
                                          • 16116

                                          #21
                                          Just checked one of my comus sites and sure enough - i've got the code being injected as well. Boo
                                          Your Paysite Partner
                                          Strength In Numbers!
                                          StickyDollars | RadicalCash | KennysPennies | HomegrownCash

                                          Comment

                                          • Spudman
                                            Confirmed User
                                            • Aug 2002
                                            • 3198

                                            #22
                                            Originally posted by Lace
                                            Just checked one of my comus sites and sure enough - i've got the code being injected as well. Boo
                                            Anyone using Comus needs to get rid of it quickly if they haven't already been infected. Specially as it looks like its now a dead script.

                                            sorry to here you got the hack, good luck getting rid of it.
                                            Take it Easy !!!

                                            Comment

                                            • brassmonkey
                                              Pay It Forward
                                              • Sep 2005
                                              • 77396

                                              #23
                                              i said months ago ct was gone
                                              TRUMP 2026 KEKAW!!! - The Laken Riley Act Is Law!
                                              DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com

                                              Comment

                                              • smoothballs
                                                Confirmed User
                                                • Aug 2004
                                                • 151

                                                #24
                                                grrrr dont even know where to start right now! need to get ST installed but also get all the links to trades,sponsors ect copied and pasted to hard drive! and reading about the exploit returning after a ST install! fuck its gonna be a long weekend for me! as well as for you guys!

                                                Comment

                                                • smoothballs
                                                  Confirmed User
                                                  • Aug 2004
                                                  • 151

                                                  #25
                                                  fuck sake, cant even get pass install.php for smart thumbs here!

                                                  Comment

                                                  • Altheon
                                                    Confirmed User
                                                    • May 2004
                                                    • 506

                                                    #26
                                                    Anyone know how to tighten Comus if we haven't been hacked yet? All I could think to do is change the permissions of the CT folder to 755.

                                                    Comment

                                                    • smoothballs
                                                      Confirmed User
                                                      • Aug 2004
                                                      • 151

                                                      #27
                                                      Originally posted by Altheon
                                                      Anyone know how to tighten Comus if we haven't been hacked yet? All I could think to do is change the permissions of the CT folder to 755.
                                                      My hosts require 755 and still didnt stop my sites getting hacked....although I must add my sites seems to try and redirect rather then actual malicious code embedded in my html....

                                                      Comment

                                                      • smoothballs
                                                        Confirmed User
                                                        • Aug 2004
                                                        • 151

                                                        #28
                                                        finally got thru to ST and having a go with with it to see what does what...kinda similar to comus but different interface....will be a few days till I can get my head round it and be up and running...hopefully!

                                                        Comment

                                                        • boneless
                                                          Confirmed User
                                                          • Dec 2002
                                                          • 3625

                                                          #29
                                                          Originally posted by Bhunter
                                                          yesterday the site was up, but nobody in the forum mentioned about the hack
                                                          so you failed to read my topic called important info ;)
                                                          icq:148573096 skype:dabone2 email:boneless(a)mgpteam(.)com

                                                          Comment

                                                          • boneless
                                                            Confirmed User
                                                            • Dec 2002
                                                            • 3625

                                                            #30
                                                            Originally posted by Spudman
                                                            Now i have to repair the sites and install ST over 40 times to replace CT
                                                            wanna trade places and do my 100+ :D
                                                            icq:148573096 skype:dabone2 email:boneless(a)mgpteam(.)com

                                                            Comment

                                                            • Spudman
                                                              Confirmed User
                                                              • Aug 2002
                                                              • 3198

                                                              #31
                                                              Originally posted by boneless
                                                              wanna trade places and do my 100+ :D
                                                              I feel your pain bro I really do, give sixzeros a slap if you ever speak to him again ! Thanks for your help through out my conus days dude, you were a star! Good luck with the sites
                                                              Take it Easy !!!

                                                              Comment

                                                              • Bhunter
                                                                Confirmed User
                                                                • Dec 2006
                                                                • 1119

                                                                #32
                                                                Originally posted by boneless
                                                                so you failed to read my topic called important info ;)
                                                                ... hmmm. now i remember there was such thread but i must have in hurry overlook it's content

                                                                Comment

                                                                • beta-tester
                                                                  Rock 'n Roll Baby!
                                                                  • Sep 2004
                                                                  • 22562

                                                                  #33
                                                                  too bad for comus... It was pretty good script.

                                                                  I guess I'll have to make a switch over st too...

                                                                  Sig for sale. Affordable prices. Contact me and get a great deal ;)

                                                                  My contact:
                                                                  ICQ: 944-320-46
                                                                  e-mail: manca {AT} HotFreeSex4All.com

                                                                  Comment

                                                                  • HEAT
                                                                    Confirmed User
                                                                    • Sep 2003
                                                                    • 2255

                                                                    #34
                                                                    Check your tmpl files in ct/templates directory. those are infected as well and also there are more .tmpl and .php(no Zend) files in some other dirs.
                                                                    Just delete unnecessary files under the ct directory.(backups, welcome.html, example.html, old data, etc.)

                                                                    But again, YOU MUST SCAN YOUR PC in advance of code removal.
                                                                    The hacker has your ftp password. so he will inject the code again automatically. Moreover this hacker(his remote software) will scan other directories in /home. then it will attack other php sites too. My other TGPX and TEVS sites on the same box also got hit.
                                                                    Once the hacker has your ftp login, changing file/dir permission won't be a solution.

                                                                    I had found these malwares in my pc.
                                                                    Exploit,PDF.JS-Gen
                                                                    Trojan.Script.7685

                                                                    These came from the injected code.

                                                                    Remove them and reboot. Scan again with another antispyware, reboot, then change server passwords.
                                                                    Now edit all infected files. Use server-side text editor or file manager.
                                                                    If there is a blank line under the <body> tag. Scroll to right and you will find the hidden code.
                                                                    DON'T load infected or suspicious php/html files with browser. Your PC will get malwares again and it will sniff new password when you using ftp.
                                                                    So it's the most important that your pc is not infected by malwares during code removal.

                                                                    Good luck.
                                                                    254-282-542

                                                                    Comment

                                                                    • smoothballs
                                                                      Confirmed User
                                                                      • Aug 2004
                                                                      • 151

                                                                      #35
                                                                      Spudman....see you are from the UK too send me a PM see if we can help each other out

                                                                      Comment

                                                                      • czarina
                                                                        Webmaster Extraordinaire
                                                                        • Jul 2002
                                                                        • 10752

                                                                        #36
                                                                        can't get it here

                                                                        Comment

                                                                        • Spudman
                                                                          Confirmed User
                                                                          • Aug 2002
                                                                          • 3198

                                                                          #37
                                                                          Originally posted by smoothballs
                                                                          Spudman....see you are from the UK too send me a PM see if we can help each other out
                                                                          Yes dude, I'll hit you up in the morning
                                                                          Take it Easy !!!

                                                                          Comment

                                                                          • crockett
                                                                            in a van by the river
                                                                            • May 2003
                                                                            • 76818

                                                                            #38
                                                                            I wonder why the owner stopped giving a shit? It seemed like he bought out epower trader but shortly after that stopping doing much.

                                                                            Did he have health problems or something or just give up?
                                                                            In November, you can vote for America's next president or its first dictator.

                                                                            Comment

                                                                            • Vendzilla
                                                                              Biker Gnome
                                                                              • Mar 2004
                                                                              • 23200

                                                                              #39
                                                                              I remember Tony having health problems and it when down hill from there, havn't heard from him in a long time
                                                                              Carbon is not the problem, it makes up 0.041% of our atmosphere , 95% of that is from Volcanos and decomposing plants and stuff. So people in the US are responsible for 13% of the carbon in the atmosphere which 95% is not from Humans, like cars and trucks and stuff and they want to spend trillions to fix it while Solar Panel plants are powered by coal plants
                                                                              think about that

                                                                              Comment

                                                                              • qxm
                                                                                Confirmed User
                                                                                • Jul 2006
                                                                                • 5970

                                                                                #40
                                                                                Originally posted by Vendzilla
                                                                                I remember Tony having health problems and it when down hill from there, havn't heard from him in a long time
                                                                                yeap I remember seeing u there.... Comus was a great tool while it lasted.... luckily I moved away from TGPs a while back.... glad I did it too!

                                                                                ICQ: 266990876

                                                                                Comment

                                                                                • V_RocKs
                                                                                  Damn Right I Kiss Ass!
                                                                                  • Nov 2003
                                                                                  • 32449

                                                                                  #41
                                                                                  I uninstalled it long ago when it kept getting hacked.

                                                                                  Comment

                                                                                  • willwank
                                                                                    Confirmed User
                                                                                    • Sep 2006
                                                                                    • 628

                                                                                    #42
                                                                                    I sale 100 licenses of glorious script APTGP3
                                                                                    icq 437 654 594

                                                                                    Comment

                                                                                    • crockett
                                                                                      in a van by the river
                                                                                      • May 2003
                                                                                      • 76818

                                                                                      #43
                                                                                      Originally posted by Vendzilla
                                                                                      I remember Tony having health problems and it when down hill from there, havn't heard from him in a long time
                                                                                      Yea that's what I was thinking. I wonder if he's ok or if it's because of the health problems. He used to always be pretty active with his scripts. He didn't seem like one that would just disappear.
                                                                                      In November, you can vote for America's next president or its first dictator.

                                                                                      Comment

                                                                                      • stoner529
                                                                                        Confirmed User
                                                                                        • Aug 2008
                                                                                        • 421

                                                                                        #44
                                                                                        this is my first time having to do this. i only have one site though. trying just to get that to work right. at least i have a dedicated managed server so they can take care of that crap for me. i have no clue about it. i think my site is okay though, but not to sure.

                                                                                        Comment

                                                                                        • MoreMagic
                                                                                          Confirmed User
                                                                                          • Feb 2006
                                                                                          • 2851

                                                                                          #45
                                                                                          http://comusthumbs.com/ is online again.

                                                                                          Comment

                                                                                          • smoothballs
                                                                                            Confirmed User
                                                                                            • Aug 2004
                                                                                            • 151

                                                                                            #46
                                                                                            Originally posted by MoreMagic
                                                                                            http://comusthumbs.com/ is online again.

                                                                                            yeah but all the links at top of the page for support forum ect isnt there ...

                                                                                            Comment

                                                                                            • Davy
                                                                                              Confirmed User
                                                                                              • Apr 2006
                                                                                              • 4323

                                                                                              #47
                                                                                              Originally posted by HEAT
                                                                                              Check your tmpl files in ct/templates directory. those are infected as well and also there are more .tmpl and .php(no Zend) files in some other dirs.
                                                                                              Just delete unnecessary files under the ct directory.(backups, welcome.html, example.html, old data, etc.)
                                                                                              Good advice. Just go ahead and randomly delete files. That will stuff the security hole, for sure!
                                                                                              ---
                                                                                              ICQ 14-76-98 <-- I don't use this at all

                                                                                              Comment

                                                                                              • SuzzyQ
                                                                                                Confirmed User
                                                                                                • Dec 2006
                                                                                                • 1557

                                                                                                #48
                                                                                                Besides Spybot S&D what is another good spyware removal progy?

                                                                                                Comment

                                                                                                • smoothballs
                                                                                                  Confirmed User
                                                                                                  • Aug 2004
                                                                                                  • 151

                                                                                                  #49
                                                                                                  jeez...this is gonna take forever! I'm tempted to just have static pages up...

                                                                                                  Comment

                                                                                                  • escorpio
                                                                                                    King of Canada
                                                                                                    • Oct 2002
                                                                                                    • 23487

                                                                                                    #50
                                                                                                    Originally posted by smoothballs
                                                                                                    jeez...this is gonna take forever! I'm tempted to just have static pages up...

                                                                                                    I've been thinking the same thing.
                                                                                                    Unvaxxed, still alive.

                                                                                                    Comment

                                                                                                    Working...