Go Back   vb.org Archive > Community Discussions > Forum and Server Management
Reload this Page help a script is sending my user passwords to an email
FAQ Community Calendar Today's Posts Search

Reply
Page 1 of 2 1 2
 
Thread Tools Display Modes
  #1  
Old 11-06-2009, 04:57 PM
msimen msimen is offline
 
Join Date: Jun 2009
Posts: 5
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default help a script is sending my user passwords to an email
hello please can you help me to solve this problem ,i found many emails queued on my server when i stopped postfix ,the emails contains username and correct password of many logged in users , i cleaned many files , but the emails still sending ,i don't know where is the script and how to stop it plz help
Reply With Quote
  #2  
Old 11-06-2009, 05:06 PM
SVTCobraLTD SVTCobraLTD is offline
 
Join Date: Jul 2007
Location: PA
Posts: 841
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Disable your products and contact vB support.
Reply With Quote
  #3  
Old 11-06-2009, 05:10 PM
msimen msimen is offline
 
Join Date: Jun 2009
Posts: 5
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
i disabled all products and cleaned all garbage ,still the same problem
Reply With Quote
  #4  
Old 11-06-2009, 05:47 PM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
ps ax | more

check what processes are running, anything typical like ./name kill it, find the scripts on the server and remove them, my guess is your already to late anyways and your server is probably compromised, i would shut the forum down as well as kill apache/php, as well as postfix.

upgrade your server backend as well.
Reply With Quote
  #5  
Old 11-06-2009, 05:50 PM
TNCclubman's Avatar
TNCclubman TNCclubman is offline
 
Join Date: Sep 2008
Posts: 690
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
arent the passwords encrypted? Theyre not stored in their native text anywhere, even in the database
Reply With Quote
  #6  
Old 11-06-2009, 05:53 PM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
@tnc, that is true, but that is changable.
Reply With Quote
  #7  
Old 11-06-2009, 06:10 PM
msimen msimen is offline
 
Join Date: Jun 2009
Posts: 5
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
yes the passwords and the username are clear not encrypted , here is an exemple

From www-data@host.xxxxx.com (www-data)
To xxxxxx@windowslive.com
Date Fri, 6 Nov 2009 20:02:49 +0100 (CET)
Subject Victim

username: username
Password: clear password



########

i found a fil in avatars named avatar662.php and the code is crypted there

and other fil on the attachments ,but not sure if it's

here is the text

-- the 'correct' password
real_password = "password";

-- prompt the user to enter a password
user_password = Dialog.PasswordInput("Password", "Please enter the password: ", MB_ICONQUESTION);

-- compare the user's password to the 'correct' password.
-- If the user supplies the wrong password, exit the program.
if real_password ~= user_password then
Application.Exit();
end
Reply With Quote
  #8  
Old 11-06-2009, 06:24 PM
TNCclubman's Avatar
TNCclubman TNCclubman is offline
 
Join Date: Sep 2008
Posts: 690
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
what mods do you have installed?
Reply With Quote
  #9  
Old 11-06-2009, 07:03 PM
msimen msimen is offline
 
Join Date: Jun 2009
Posts: 5
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
i removed all mods ,still the same problem where is the script sending that !!
Reply With Quote
  #10  
Old 11-06-2009, 08:17 PM
TNCclubman's Avatar
TNCclubman TNCclubman is offline
 
Join Date: Sep 2008
Posts: 690
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
what were the mods. The fact you removed them means nothing if thats how they got in.
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 12:05 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04479 seconds
  • Memory Usage 2,242KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete