Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar Mark Forums Read
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 06-24-2008, 07:00 AM   #1
RayVega
Confirmed User
 
RayVega's Avatar
 
Industry Role:
Join Date: Jul 2004
Location: New York ICQ#348007554
Posts: 4,212
Hacking question...hacking gurus step inside.

Ok, check this out.
our computer system is being hacked. It is a password protected area for brokers (mainstream) It appears that somone is hitting the response form and since they are not under a brokers ID, it is trying to send the response to a non existent broker.

Am I correct about this, and how should I stop it? Advice anyone?

LOG:
[23/JUNE/2008 01:30:19] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
[23/JUNE/2008 01:30:22] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
[23/JUNE/2008 01:30:28] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
[23/JUNE/2008 01:30:30] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
[23/JUNE/2008 01:30:34] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
[23/JUNE/2008 01:30:36] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
__________________
Ray "The Don" Vega

Managing Director
Private Equity Fund

[email protected]
RayVega is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 07:07 AM   #2
HorseShit
Too lazy to set a custom title
 
Join Date: Dec 2004
Posts: 17,513
uh that doesn't look like a hack attempt
HorseShit is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 07:11 AM   #3
Dirty F
Too lazy to set a custom title
 
Dirty F's Avatar
 
Industry Role:
Join Date: Jul 2001
Posts: 59,204
Well you got his IP address.
127.0.0.1 <--- very evil, used by lots of hackers.
Ask your host to block 127.0.0.1
Dirty F is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 07:24 AM   #4
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,167
Your script is attacking you. Uber eleet hacking is going on
__________________
agentGFY *at* gmail.com
ladida is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 07:27 AM   #5
Iron Fist
Too lazy to set a custom title
 
Join Date: Dec 2006
Posts: 23,400
Quote:
Originally Posted by ladida View Post
Your script is attacking you. Uber eleet hacking is going on
Iron Fist is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 07:43 AM   #6
DamianJ
Too lazy to set a custom title
 
DamianJ's Avatar
 
Industry Role:
Join Date: Jul 2006
Location: A magical land
Posts: 15,808
There's no place like 127.0.0.1
DamianJ is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 07:45 AM   #7
Chris
Too lazy to set a custom title
 
Chris's Avatar
 
Industry Role:
Join Date: May 2003
Location: icq: 71462500 Skype: Jupzchris
Posts: 27,880
i cant hack my way out of a paper bag and to me that looks like your computer is doing it
__________________
[email protected]
Chris is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 08:06 AM   #8
V_RocKs
Damn Right I Kiss Ass!
 
Industry Role:
Join Date: Dec 2003
Location: Cowtown, USA
Posts: 32,420
Would need a link to your form...
V_RocKs is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 08:08 AM   #9
Jens Van Assterdam
The Dupre Pimp
 
Jens Van Assterdam's Avatar
 
Join Date: Feb 2008
Location: Koh Samui
Posts: 6,677
Quote:
Originally Posted by DamianJ View Post
There's no place like 127.0.0.1
no shit
__________________
Read TOS for signature rules
Jens Van Assterdam is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 08:12 AM   #10
Phoenix
BACON BACON BACON
 
Industry Role:
Join Date: Nov 2002
Location: Poems everybody, the laddie fancies himself a poet
Posts: 35,465
hello fbi....i just wanted to say hello
__________________
Skype Phoenixskype1
Telegram PhoenixBrad
https://quantads.io
Phoenix is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 08:13 AM   #11
StuartD
Sofa King Band
 
StuartD's Avatar
 
Join Date: Jul 2002
Location: Outside the box
Posts: 29,903
http://www.thinkgeek.com/tshirts/generic/5d6a/?cpg=ab
StuartD is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 08:30 AM   #12
RayVega
Confirmed User
 
RayVega's Avatar
 
Industry Role:
Join Date: Jul 2004
Location: New York ICQ#348007554
Posts: 4,212
Thanks guys. So there is a possibility that it is just a bug in the form submission script and not a hack at all? This shit is driving me nuts...every few days the server goes down and we lose the last few days of data.
__________________
Ray "The Don" Vega

Managing Director
Private Equity Fund

[email protected]
RayVega is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 08:44 AM   #13
woj
<&(©¿©)&>
 
woj's Avatar
 
Industry Role:
Join Date: Jul 2002
Location: Chicago
Posts: 47,882
Quote:
Originally Posted by DamianJ View Post
There's no place like 127.0.0.1
__________________
Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager
woj is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 09:43 AM   #14
RayVega
Confirmed User
 
RayVega's Avatar
 
Industry Role:
Join Date: Jul 2004
Location: New York ICQ#348007554
Posts: 4,212
bump bump
__________________
Ray "The Don" Vega

Managing Director
Private Equity Fund

[email protected]
RayVega is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 09:52 AM   #15
StuartD
Sofa King Band
 
StuartD's Avatar
 
Join Date: Jul 2002
Location: Outside the box
Posts: 29,903
Quote:
Originally Posted by RayVega View Post
Thanks guys. So there is a possibility that it is just a bug in the form submission script and not a hack at all? This shit is driving me nuts...every few days the server goes down and we lose the last few days of data.
I'd start checking your automated scripts. Anything that is supposed to run on it's own.
StuartD is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 10:01 AM   #16
2MuchMark
Videochat Solutions
 
2MuchMark's Avatar
 
Industry Role:
Join Date: Aug 2004
Location: Canada
Posts: 49,423
Quote:
Originally Posted by RayVega View Post
Ok, check this out.
our computer system is being hacked. It is a password protected area for brokers (mainstream) It appears that somone is hitting the response form and since they are not under a brokers ID, it is trying to send the response to a non existent broker.

Am I correct about this, and how should I stop it? Advice anyone?

LOG:
[23/JUNE/2008 01:30:19] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
[23/JUNE/2008 01:30:22] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
[23/JUNE/2008 01:30:28] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
[23/JUNE/2008 01:30:30] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
[23/JUNE/2008 01:30:34] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
[23/JUNE/2008 01:30:36] Attempt to deliver to unknown recipient </script>, from <[email protected]>, IP address 127.0.0.1
Hi Ray -

You're not being hacked.

The IP Address 127.0.0.1 is your local machine that is running this script. (hence the "home" jokes). The messages above are trying to tell you that This Local Machine cannot send the message because the recipient is unknown. (Wrong email address).

That's all - no hackers are doing anything nasty to you.

Cheers!
__________________

Custom Coding | Videochat Solutions | Age Verification | IT Help & Support
www.2Much.net
2MuchMark is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 10:02 AM   #17
munki
Do Fun Shit.
 
munki's Avatar
 
Industry Role:
Join Date: Dec 2004
Location: OC
Posts: 13,393
Quote:
Originally Posted by DamianJ View Post
There's no place like 127.0.0.1
I still want that shirt...
__________________

I have the simplest tastes. I am always satisfied with the best.” -Oscar Wilde
munki is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 10:13 AM   #18
sumphatpimp
Confirmed User
 
Join Date: Aug 2002
Posts: 5,235
you should do a whois on that 127.0.0.1 and see where he lives then go over his place and fuck his ass up good. he fucked with me a few years ago but I found him and beat the living shit out of him with baseball bat. I fucked him up good, he went to the hospital and all.
now this fucker at 192.1683.0.3 is fucking with me, guess I will have to go over his place and straighten out that sonuvabitch too!
I am telling you. being a webmaster ain't easy!
sumphatpimp is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 10:27 AM   #19
RayVega
Confirmed User
 
RayVega's Avatar
 
Industry Role:
Join Date: Jul 2004
Location: New York ICQ#348007554
Posts: 4,212
Very funny guys...I am very well aware that 127.0.0.1 is the local machine. The problem is that someone or something is triggering it to attempt to send an email every few minutes and in some cases several times a second. This is not a regular user trying to use the form improperly causing an error message, this is either a crazy loop, DOS attack, or attempt to use the form to spam. The attempts are crashing the system.

The way the scripts were designed, the main script(script one) passes info to script two to send the form results to several people...therefore my thoughts on this could be that someone (or a bot they use) are trying to use script number two to send out email to targets so it is untraceable to them, they are using script number two to attempt a DOS attack on someone, or it's just a bug that loops causing the scripting engine to blow up.

problem is that I am not familiar enough with ASP (or the windows web server platform). If the script was in PERL or PHP on a linux box for example, the issue would be resolved already.
__________________
Ray "The Don" Vega

Managing Director
Private Equity Fund

[email protected]
RayVega is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 12:54 PM   #20
RayVega
Confirmed User
 
RayVega's Avatar
 
Industry Role:
Join Date: Jul 2004
Location: New York ICQ#348007554
Posts: 4,212
Anyone recommend somone to go in and fix it (without spending a fortune)? I don't have the time to debug it.
__________________
Ray "The Don" Vega

Managing Director
Private Equity Fund

[email protected]
RayVega is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 01:03 PM   #21
sumphatpimp
Confirmed User
 
Join Date: Aug 2002
Posts: 5,235
problem is that I am not familiar enough with ASP (or the windows web server platform). If the script was in PERL or PHP on a linux box for example, the issue would be resolved already.

Ray, as a suggestion, maybe you should start a thread "Need Windows programmer" and then work from there. may get you better results.
sumphatpimp is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 01:08 PM   #22
RayVega
Confirmed User
 
RayVega's Avatar
 
Industry Role:
Join Date: Jul 2004
Location: New York ICQ#348007554
Posts: 4,212
Quote:
Originally Posted by sumphatpimp View Post
problem is that I am not familiar enough with ASP (or the windows web server platform). If the script was in PERL or PHP on a linux box for example, the issue would be resolved already.

Ray, as a suggestion, maybe you should start a thread "Need Windows programmer" and then work from there. may get you better results.
Yes, I'll post later when more people are online...I really wanted some opinions as to what it was (ex.whether it is an attack or a script bug). Seems that it looks like a script bug and not an attack after all..
__________________
Ray "The Don" Vega

Managing Director
Private Equity Fund

[email protected]
RayVega is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 02:24 PM   #23
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,167
Quote:
Originally Posted by RayVega View Post
The way the scripts were designed, the main script(script one) passes info to script two to send the form results to several people.
DingDing..

Your scripts are attacking you man. I told you already. Get a programmer to debug that for you, and stop with hacking theories, they remind me of hollywood movies
__________________
agentGFY *at* gmail.com
ladida is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 02:40 PM   #24
psili
Confirmed User
 
Join Date: Apr 2003
Location: Loveland, CO
Posts: 5,526
If the scripts were running, unchanged, for a period of time without issue, it could be external. If the scripts were implemented and the problem arose soon after, it's probably a script issue.

Just my $.02 on where to start debugging.
__________________
Your post count means nothing.
psili is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 03:37 PM   #25
RayVega
Confirmed User
 
RayVega's Avatar
 
Industry Role:
Join Date: Jul 2004
Location: New York ICQ#348007554
Posts: 4,212
Quote:
Originally Posted by ladida View Post
DingDing..

Your scripts are attacking you man. I told you already. Get a programmer to debug that for you, and stop with hacking theories, they remind me of hollywood movies
um...yea...I think we acertained that almost right away. But it doesn't mean it's definitely what it is. Thanks for the help though.
__________________
Ray "The Don" Vega

Managing Director
Private Equity Fund

[email protected]
RayVega is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 03:40 PM   #26
RayVega
Confirmed User
 
RayVega's Avatar
 
Industry Role:
Join Date: Jul 2004
Location: New York ICQ#348007554
Posts: 4,212
Quote:
Originally Posted by psili View Post
If the scripts were running, unchanged, for a period of time without issue, it could be external. If the scripts were implemented and the problem arose soon after, it's probably a script issue.

Just my $.02 on where to start debugging.
Well, I just took over the problem. I didn't even know it was happening until recently. IT just restored the server every time without saying anything. Aparently, it has been doing it for a long time, like once a month, but it is getting worse and worse, now it crashes twice a day.
__________________
Ray "The Don" Vega

Managing Director
Private Equity Fund

[email protected]
RayVega is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-24-2008, 03:44 PM   #27
_Richard_
Too lazy to set a custom title
 
_Richard_'s Avatar
 
Industry Role:
Join Date: Oct 2006
Location: Earth
Posts: 30,989
Quote:
Originally Posted by DamianJ View Post
There's no place like 127.0.0.1
_Richard_ is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-25-2008, 01:42 PM   #28
RayVega
Confirmed User
 
RayVega's Avatar
 
Industry Role:
Join Date: Jul 2004
Location: New York ICQ#348007554
Posts: 4,212
OK well check this out...while this log file explosion is taking place, different websites show in the status bar, and these sites whois back to places like bulgaria etc.

In other words, while you are trying to go to the site, and it is hanging up trying to load, it say's in the status bar "loading www.bulgariasite.com" instead of "loading www.mysite.com". It is a different russian or bulgarian site every time and the url is registered but the site doesn't exist. Also, it is not putting my entire site into a giant iframe, I checked to see if that was the case, so how in the hell could another site name come up?

What in the hell would cause that?
__________________
Ray "The Don" Vega

Managing Director
Private Equity Fund

[email protected]
RayVega is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks
Thread Tools



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.