Comus Thumbs.com down after big hack?
Collapse
X
-
Have to agree, I used it when it first came out oh so many years ago. Now fuck that shit smart thumbs is way to go....Comment
-
Maybe some script runs on your server that constantly inserts that code. Check your Server for files that have been changed on or around the date when the exploit first appeared
Comment
-
you have to change the permissions of ST after the install, the standard permissions are still vulnerable to the hack. I finally have a safe working version of ST on my server now and a script that will update all my new installs of ST to correct, safe permissions.
I installed ST to replace CT and it was hacked within about 2 mins until i did the above. Its a bitch of a hack
Take it Easy !!!

Comment
-
Comus users, if you looking to buy ST license for migraton I found a great deal here.
http://www.gfy.com/showthread.php?t=917058254-282-542Comment
-
-
Assuming there is a hack and that it is based on permissions, the comus staff is to blame.
They always advised people to "just chmod the whole comus folder to 777".
That's never a good idea. People should not have followed that advise in the first place.---
ICQ 14-76-98 <-- I don't use this at allComment
-
You need to scan your PC first. the hacker might own your ftp login already.you have to change the permissions of ST after the install, the standard permissions are still vulnerable to the hack. I finally have a safe working version of ST on my server now and a script that will update all my new installs of ST to correct, safe permissions.
I installed ST to replace CT and it was hacked within about 2 mins until i did the above. Its a bitch of a hack
I'm sure hacker running remote script that stored your login info. so it frequently injects JS/iframs code into your site files.
Clean your PC with anti-spyware then change all server passwords.
after that, remove the code in all files with text editor. Don't open infected webpages with browser until all removal is done.
it did work for me.254-282-542Comment
-
man it sucks to see such a great program go.PornGuy skype me pornguy_epic
AmateurDough The Hottes Shemales online!
TChicks.com | Angeles Cid | Mariana Cordoba | MAILERS WELCOME!Comment
-
yeah done that, cleaned machine, changed all passwords, removed infected code from all pages but it still managed to spread to clean pages in a couple of minutes. thanks to my host we've got it locked down now and its not spreading.You need to scan your PC first. the hacker might own your ftp login already.
I'm sure hacker running remote script that stored your login info. so it frequently injects JS/iframs code into your site files.
Clean your PC with anti-spyware then change all server passwords.
after that, remove the code in all files with text editor. Don't open infected webpages with browser until all removal is done.
it did work for me.
Now i have to repair the sites and install ST over 40 times to replace CT
Take it Easy !!!

Comment
-
Also need to check for malisious bots/programs running hidden as httpd. Easy to find if you do a ps auxwwwww and see something like [httpd] or related then followed by a blank line under it and some random word like start or log etc.you have to change the permissions of ST after the install, the standard permissions are still vulnerable to the hack. I finally have a safe working version of ST on my server now and a script that will update all my new installs of ST to correct, safe permissions.
I installed ST to replace CT and it was hacked within about 2 mins until i did the above. Its a bitch of a hack
Also please check your /tmp folder so its set to noexec so pearl scripts cannot be ran out of this location after being uploaded.
I can go on and on but thats the jist of it.Comment
-
Just checked one of my comus sites and sure enough - i've got the code being injected as well. BooYour Paysite Partner
Strength In Numbers!
StickyDollars | RadicalCash | KennysPennies | HomegrownCashComment
-
Anyone using Comus needs to get rid of it quickly if they haven't already been infected. Specially as it looks like its now a dead script.
sorry to here you got the hack, good luck getting rid of it.Take it Easy !!!

Comment
-
i said months ago ct was goneTRUMP 2026 KEKAW!!! - The Laken Riley Act Is Law!
DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.comComment
-
grrrr dont even know where to start right now! need to get ST installed but also get all the links to trades,sponsors ect copied and pasted to hard drive! and reading about the exploit returning after a ST install! fuck its gonna be a long weekend for me! as well as for you guys!
Comment
-
-
My hosts require 755 and still didnt stop my sites getting hacked....although I must add my sites seems to try and redirect rather then actual malicious code embedded in my html....Comment
-
finally got thru to ST and having a go with with it to see what does what...kinda similar to comus but different interface....will be a few days till I can get my head round it and be up and running...hopefully!
Comment
-
Comment
-
too bad for comus... It was pretty good script.
I guess I'll have to make a switch over st too...
Sig for sale. Affordable prices. Contact me and get a great deal ;)
My contact:
ICQ: 944-320-46
e-mail: manca {AT} HotFreeSex4All.comComment
-
Check your tmpl files in ct/templates directory. those are infected as well and also there are more .tmpl and .php(no Zend) files in some other dirs.
Just delete unnecessary files under the ct directory.(backups, welcome.html, example.html, old data, etc.)
But again, YOU MUST SCAN YOUR PC in advance of code removal.
The hacker has your ftp password. so he will inject the code again automatically. Moreover this hacker(his remote software) will scan other directories in /home. then it will attack other php sites too. My other TGPX and TEVS sites on the same box also got hit.
Once the hacker has your ftp login, changing file/dir permission won't be a solution.
I had found these malwares in my pc.
Exploit,PDF.JS-Gen
Trojan.Script.7685
These came from the injected code.
Remove them and reboot. Scan again with another antispyware, reboot, then change server passwords.
Now edit all infected files. Use server-side text editor or file manager.
If there is a blank line under the <body> tag. Scroll to right and you will find the hidden code.
DON'T load infected or suspicious php/html files with browser. Your PC will get malwares again and it will sniff new password when you using ftp.
So it's the most important that your pc is not infected by malwares during code removal.
Good luck.254-282-542Comment
-
-
I wonder why the owner stopped giving a shit? It seemed like he bought out epower trader but shortly after that stopping doing much.
Did he have health problems or something or just give up?In November, you can vote for America's next president or its first dictator.Comment
-
I remember Tony having health problems and it when down hill from there, havn't heard from him in a long timeCarbon is not the problem, it makes up 0.041% of our atmosphere , 95% of that is from Volcanos and decomposing plants and stuff. So people in the US are responsible for 13% of the carbon in the atmosphere which 95% is not from Humans, like cars and trucks and stuff and they want to spend trillions to fix it while Solar Panel plants are powered by coal plants
think about thatComment
-

ICQ: 266990876Comment
-
I sale 100 licenses of glorious script APTGP3Comment
-
Yea that's what I was thinking. I wonder if he's ok or if it's because of the health problems. He used to always be pretty active with his scripts. He didn't seem like one that would just disappear.In November, you can vote for America's next president or its first dictator.Comment
-
this is my first time having to do this. i only have one site though. trying just to get that to work right. at least i have a dedicated managed server so they can take care of that crap for me. i have no clue about it. i think my site is okay though, but not to sure.Comment
-
-
http://comusthumbs.com/ is online again.
yeah but all the links at top of the page for support forum ect isnt there ...Comment
-
Good advice. Just go ahead and randomly delete files. That will stuff the security hole, for sure!
---
ICQ 14-76-98 <-- I don't use this at allComment
-

Comment