In fact I said: I always take it with calm... not that I'm a expert
I just check head-over-heels, and although I said to my Hosting Service that might my a Shell thing they say is script-related thing... so I don't discuss and go to the logs and clean everything and change passwords...
It came with many 'strange foreign files'
Any idea what that script compromise?
p.s. I consider a tootache more important that a vBulletin's board hacked
--------------- Added [DATE]1221886742[/DATE] at [TIME]1221886742[/TIME] ---------------
and everything start here:
Quote:
212.100.250.218 - - [11/Sep/2008:11:03:48 -0600] "GET /cpanel HTTP/1.0" 301 345 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Crazy Browser 2.0.1)"
212.100.250.218 - - [11/Sep/2008:11:07:34 -0600] "GET /version.php HTTP/1.0" 200 63599 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Crazy Browser 2.0.1)"
212.100.250.218 - - [11/Sep/2008:11:07:29 -0600] "GET /configscan.php HTTP/1.0" 200 1773 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Crazy Browser 2.0.1)"
41.219.229.144 - - [11/Sep/2008:11:09:54 -0600] "GET /configscan.php HTTP/1.1" 200 1813 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; FDM)"
41.219.229.144 - - [11/Sep/2008:11:26:00 -0600] "GET /yomistarz/yomistarz.php HTTP/1.1" 200 3698 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; FDM)"
212.100.250.218 - - [12/Sep/2008:03:24:41 -0600] "POST /GuXnnQshoT.php HTTP/1.0" 200 25610 "http://iogames.com/GuXnnQshoT.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.16)
09-20-2008, 03:45 AM
Threaded Mode