GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   hacker alert (https://gfy.com/showthread.php?t=525427)

jpoker 10-07-2005 11:36 AM
hacker alert
 
one of our MGPs just got hacked and was dishing out a trojan. I discovered an iframe in the HTML code that had this as the src:

"hahaha104;hahaha116;hahaha116;hahaha112;hahaha58; hahaha47;hahaha47;hahaha116;hahaha114;hahaha97;hah aha102;hahaha102;hahaha115;hahaha97;hahaha108;haha ha101;hahaha46;hahaha98;\
hahaha105;hahaha122;hahaha47;hahaha100;hahaha108;h ahaha47;hahaha97;hahaha100;hahaha118;hahaha52;haha ha52;hahaha49;hahaha46;hahaha112;hahaha104;hahaha1 12;"

I've just heard of this happening to a couple of other people as well so I suggest you check your sites to see if it has occured to you as well.

So far I have no idea how the code was actually inserted. We run autogallery sql 3.03 and tm3. The server otherwise looks clean from what the security guys can tell.

- jpoker

diggz 10-07-2005 12:18 PM
You are using a version of AGSQL with a security hole. I suggest you visit jmbsoft.com and PATCH! :thumbsup

jpoker 10-07-2005 02:20 PM
Thanks, I will look into that.

KyleHoppes 10-07-2005 02:22 PM
Quote:
Originally Posted by jpoker
one of our MGPs just got hacked and was dishing out a trojan. I discovered an iframe in the HTML code that had this as the src:

"hahaha104;hahaha116;hahaha116;hahaha112;hahaha58; hahaha47;hahaha47;hahaha116;hahaha114;hahaha97;hah aha102;hahaha102;hahaha115;hahaha97;hahaha108;haha ha101;hahaha46;hahaha98;\
hahaha105;hahaha122;hahaha47;hahaha100;hahaha108;h ahaha47;hahaha97;hahaha100;hahaha118;hahaha52;haha ha52;hahaha49;hahaha46;hahaha112;hahaha104;hahaha1 12;"

I've just heard of this happening to a couple of other people as well so I suggest you check your sites to see if it has occured to you as well.

So far I have no idea how the code was actually inserted. We run autogallery sql 3.03 and tm3. The server otherwise looks clean from what the security guys can tell.

- jpoker

Is your autogallery username and password "admin" ?

Makingcoin 10-07-2005 02:42 PM
Sorry to hear that bro, I will check out my sites now.

jpoker 10-07-2005 11:12 PM
Quote:
Originally Posted by KyleHoppes
Is your autogallery username and password "admin" ?
I've been known to do silly things, but I didn't leave the default password
as admin, though i did leave the username as 'admin' and that opens me up to brute force attacks i guess.

Fucksakes 10-07-2005 11:17 PM
my server been pretty fucking slow too

Fucksakes 10-07-2005 11:19 PM
may I ask where you are hosted?

High Quality 10-07-2005 11:22 PM
Ouch, that sounds no fun.

Ace_luffy 10-07-2005 11:22 PM
that's scares me

phonesex 10-07-2005 11:24 PM
Id call the hosting company fast

darksoul 10-07-2005 11:27 PM
do you have any php scripts ?
those are usually the culprit.

SmokeyTheBear 10-07-2005 11:33 PM
that doesnt look like the full code..

traffsale.biz ?

SmokeyTheBear 10-07-2005 11:38 PM
looks like thats the domain registered a few days ago..


oh its that idiot..

http://traffsale.biz/dl/adv435.php

SmokeyTheBear 10-07-2005 11:38 PM
same guy that got sleazy and thehun

SmokeyTheBear 10-07-2005 11:40 PM
pretty sure this site has something to do with it :) ( affiliate / trade partner)

http://marta.sexmadams.net/?rev=variusmanx

SmokeyTheBear 10-07-2005 11:42 PM
http://traffsale.biz/dl/

theres the directory of the crapola

SmokeyTheBear 10-07-2005 11:45 PM
looks like a directory of ip's of infected users..

http://traffsale.biz/dl/ips/

SmokeyTheBear 10-08-2005 01:32 PM
looks like he changed a few things

ServerGenius 10-08-2005 01:49 PM
chkrootkit

pornguy 10-08-2005 01:54 PM
The good thing is, that this guy will continue to get away with this, because itis far more important to arrest pornographers than hackers.


All times are GMT -7. The time now is 04:25 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123