gbrain
09-04-2006, 09:12 AM
If you have recently been hacked due to flashchat or topXstats you may also want to search you site for the following.
I recieved this email the day after my site was also defaced (due to flashchat)
//-----------------------------------------------
"The internal monitoring tool has flagged up the following script has
tried to bind to the port : 49388
/dndgamer/forums/chat/inc/cmses/c57.php
Please note that this is not allowed on the shared hosting package.
Binding to certain TCP/UDP port mean that your script is expecting some
sort of input and this can be used by someone to exploit your webspace. "
This is a hosting program that looks like was also placed on the server. You may want to check this file and see if its on your site."
//---------------------------------------------
Luckly my provider only allow a handful of ports or be used so this was flagged up early.
They have also banned the address that tried to access it.
G.
I recieved this email the day after my site was also defaced (due to flashchat)
//-----------------------------------------------
"The internal monitoring tool has flagged up the following script has
tried to bind to the port : 49388
/dndgamer/forums/chat/inc/cmses/c57.php
Please note that this is not allowed on the shared hosting package.
Binding to certain TCP/UDP port mean that your script is expecting some
sort of input and this can be used by someone to exploit your webspace. "
This is a hosting program that looks like was also placed on the server. You may want to check this file and see if its on your site."
//---------------------------------------------
Luckly my provider only allow a handful of ports or be used so this was flagged up early.
They have also banned the address that tried to access it.
G.