Log in Register FAQ Memberlist Search Welcome to RCF - WHF Forum Index
alt : test.swf
Welcome to RCF - WHF
4fx3.gif 
Contact the Webmasters of RCFContact   Invite a friend to Join usRecommend   Chat in IRCChat   EZ Template Change OptionEZStyle   Listen to Internet Radio while you browse...iRadio   See your private message.Login for PMs   Important LinksLinks
Member Website LinksWeb Links   Play/View our GamesGames   Register.Register
calendar_open_closeCalendar 
what is yahoo counter?
Post new topic   Reply to topic View previous topic :: View next topic
Goto page: Previous  1, 2, 3, 4, 5, 6  Next
Welcome to RCF - WHF Forum Index -> Area 51 - phpBB & Easymod Tech Support Add To Bookmarks
Re: what is yahoo counter?
PostPosted: 01/26/2009 9:49 PM Reply with quote
Site Admin
Nightrider
Site Admin
Posts 30756
Word Cnt. 2,628,678
BDay Jul 28
Sign Leo
Sex Sex:Male
Joined: Sep 25, 2004
Local time: 5:08 AM
Location: St Pete, FL
peace.gif
Ok, these files do not belong here:



The .htaccess file redirects to the php files that have numbers for their names.  This is a fairly common hack where the hacker does not modify any of your files but is able to grab traffic or use the files for spamming purposes.  They can use your domain email server to send out spam that can't be tracked back to them...

I will delete these files for you and continue looking for others...

munky2
Back to Top
View all pictures posted by this userView user's profile Find all posts by Nightrider Send private message   AIM Address Yahoo Messenger Phoogle Map ICQ Number
Re: what is yahoo counter?
PostPosted: 01/27/2009 11:34 AM Reply with quote
Citation
fishead
Citation
Posts 4813
Word Cnt. 427,864
BDay Oct 23
Sign Scorpio
Sex Sex:Male
Joined: Feb 09, 2005
Local time: 5:08 PM
Location: Sterling IL
usaCa.gif
Thanks nr. IX did reply, you can check it if you want but I will post what they said

Paste:

Also we can try to restore your account from our backup. Restoration may help in fixing this issue.


Paste:

Let me express the most sincere apologies according to the inconveniences you have faced. But, please, note that most of hackers' attacks are usually done through vulnerabilities of website software which you are using (like forums, blogs, CMS). We cannot keep them secured as we are not the developers of such kind of software. From our side, all server-side software (web services, FTP services, etc..) we are keeping up-to-date and protected. Anyway, it is strongly recommended to review everything that you have in website folder and check web server logs to determine the way you may protect your application against further intrusions. If you have any widely-used software installed, check the vendor site for recent updates or security fixes.

The attack that happened to your sites could be made via an FTP access to your account. Unfortunately, we don't suggest secure FTP connection, for the reason of shared hosting. Please, could you change the FTP passwords under FTP MANAGER icon -> opposite to password field click on Edit. Please, take all of the appropriate measures to prevent other people access your FTP account and use your FTP login information.

Well, what could be done to prevent it from happening again? Please note that most of hackers' attacks are usually done through vulnerabilities of website software which you are using (like forums, blogs, CMS, any other php-based applications). We cannot keep them secured as we are not the developers of such kind of software. From our side, all server-side software (web services, FTP services, etc..) we are keeping up-to-date and protected.

So, It is strongly recommended to review everything that you have in website folder and try to determine the way you may protect your applications. For example, If you have any widely-used software installed (forum, blog, etc.etc.), check the vendor site for recent updates or security fixes.

Please also note that your files are located on the Linux-based server and you are able to change file/folder permissions so make sure you do not have any "open" files/folders with write permissions set for all.
So please check if any folders has full granted permissions 777 set, which is means that it's worldwriteable for anyone from the Web. Recommended permissions are 755 or 644.
For changing permissions you can use following steps:
1 Go to webshell
2 Find certain folder
3 click on little folder icon left from folder name
4 at right side you will see permissions table
5 choose needful permission mask
6 click change
Also we can try to restore your account from our backup. Restoration may help in fixing this issue.
Back to Top
View all pictures posted by this userView user's profile Find all posts by fishead Send private message   Visit poster's website Phoogle Map Visit poster's Blog
Re: what is yahoo counter?
PostPosted: 01/27/2009 11:37 AM Reply with quote
Citation
fishead
Citation
Posts 4813
Word Cnt. 427,864
BDay Oct 23
Sign Scorpio
Sex Sex:Male
Joined: Feb 09, 2005
Local time: 5:08 PM
Location: Sterling IL
usaCa.gif
BTW, thias may mean nothing but IX and your forum are very slow loading today,. My forum loads ok and others sites, but when I went to IX and here it almost stalls out.
Back to Top
View all pictures posted by this userView user's profile Find all posts by fishead Send private message   Visit poster's website Phoogle Map Visit poster's Blog
Re: what is yahoo counter?
PostPosted: 01/27/2009 2:41 PM Reply with quote
Citation
fishead
Citation
Posts 4813
Word Cnt. 427,864
BDay Oct 23
Sign Scorpio
Sex Sex:Male
Joined: Feb 09, 2005
Local time: 5:08 PM
Location: Sterling IL
usaCa.gif
I think I will delete both my website emails. I need to change my password for cp too. I don't want to lock you out nr, but what if the hacker comes back in before I change it...
Back to Top
View all pictures posted by this userView user's profile Find all posts by fishead Send private message   Visit poster's website Phoogle Map Visit poster's Blog
Re: what is yahoo counter?
PostPosted: 01/27/2009 4:21 PM Reply with quote
Citation
fishead
Citation
Posts 4813
Word Cnt. 427,864
BDay Oct 23
Sign Scorpio
Sex Sex:Male
Joined: Feb 09, 2005
Local time: 5:08 PM
Location: Sterling IL
usaCa.gif
I finally got done babysitting so I will search some of my folders with wingrep. Here is what I found to do:

------

Go into the CP->scripts folder and look for things likechat, forum, guestlog, weird pictures etc. They always accompanied the yahoo counter virus thing.

http://www.wingrep.com/

For example, download your website folder to your computer, and do a search for
Code:
"<script language=JavaScript>function "

in that folder using wingrep and you will find all the pages on your site that contain that bad code.
Back to Top
View all pictures posted by this userView user's profile Find all posts by fishead Send private message   Visit poster's website Phoogle Map Visit poster's Blog
Re: what is yahoo counter?
PostPosted: 01/27/2009 4:44 PM Reply with quote
Site Admin
Nightrider
Site Admin
Posts 30756
Word Cnt. 2,628,678
BDay Jul 28
Sign Leo
Sex Sex:Male
Joined: Sep 25, 2004
Local time: 5:08 AM
Location: St Pete, FL
peace.gif
The CP folder is stored on our domain and every sub-domain.  If you run the cp/scripts/forum.html file, it runs the Extropia software.  I'm guessing that this folder and its contents were added to every domain and sub-domain by IX.  It would be good to find out though...

IX will continue to blame lots of things on your end for the attacks.  They have told me the same thing.  I don't know about you, but we are not in the habit of giving out our FTP login information.  So if the hacker is gaining access to our server through the FTP server, they are not getting it from us.  IX will blame rogue software on our PCs for obtaining the FTP login information, but if that was the case, every site that I have ever worked on would be getting hacked too.  That is not happening.  Mostly, this seems to be happening to IX customers only.  So for me, it seems clear that IX has security problems on their servers...

IX blamed outdated software for the attacks that started on our site November 26.  But if you remember, no one could access any of our code on November 26 because they were all offline due to the server move.  If we could not access our own code, then a hacker could not have been able to do it either.  The outdated software explanation falls flat too...

IX continues to attempt to blame everyone else for these problems but they don't seem to be putting any effort into tracking the security problems on their own servers.  I managed to get them to tell me what security software they use, which turns out to only be used for the incoming email servers and the software apparently isn't rated well in every review I have read.  Their security software is Open Source and Beta software.  Based on what I have been told, IX doesn't seem to have invested anything in security software for its servers...

Brick wall
Back to Top
View all pictures posted by this userView user's profile Find all posts by Nightrider Send private message   AIM Address Yahoo Messenger Phoogle Map ICQ Number
Re: what is yahoo counter?
PostPosted: 01/27/2009 4:46 PM Reply with quote
Site Admin
Nightrider
Site Admin
Posts 30756
Word Cnt. 2,628,678
BDay Jul 28
Sign Leo
Sex Sex:Male
Joined: Sep 25, 2004
Local time: 5:08 AM
Location: St Pete, FL
peace.gif
fishead wrote:
I think I will delete both my website emails. I need to change my password for cp too. I don't want to lock you out nr, but what if the hacker comes back in before I change it...

You can go ahead and change everything.  If need be, you can give me the new information.  I really am doubting that the hacker has your login information though.  That seems to be a lame excuse that IX is using to pass the blame instead of taking responsibility and fixing the problems on their end...

violent1
Back to Top
View all pictures posted by this userView user's profile Find all posts by Nightrider Send private message   AIM Address Yahoo Messenger Phoogle Map ICQ Number
Re: what is yahoo counter?
PostPosted: 01/27/2009 4:48 PM Reply with quote
Site Admin
Nightrider
Site Admin
Posts 30756
Word Cnt. 2,628,678
BDay Jul 28
Sign Leo
Sex Sex:Male
Joined: Sep 25, 2004
Local time: 5:08 AM
Location: St Pete, FL
peace.gif
fishead wrote:
BTW, thias may mean nothing but IX and your forum are very slow loading today,. My forum loads ok and others sites, but when I went to IX and here it almost stalls out.

The server we are on is not stable.  It really has nothing to do with the hacker or anything else.  IX just updated our ticket claiming that they fixed the problem, so it will be interesting to see if the slowness and the lockups continue.  I don't have any faith in IX tech support anymore, so I will not be surprised if the problems continue on the server we are on right now...

violent1
Back to Top
View all pictures posted by this userView user's profile Find all posts by Nightrider Send private message   AIM Address Yahoo Messenger Phoogle Map ICQ Number
Re: what is yahoo counter?
PostPosted: 01/27/2009 5:14 PM Reply with quote
Citation
fishead
Citation
Posts 4813
Word Cnt. 427,864
BDay Oct 23
Sign Scorpio
Sex Sex:Male
Joined: Feb 09, 2005
Local time: 5:08 PM
Location: Sterling IL
usaCa.gif
wow, maybe we should be looking for a new host. Darn I just paid two years too.

I did a search in two places, cp and everything in there plus images in forum and it didn't find anything.

OK I will do that later, change my passwords. I agree, I don't think anyone hacked in to the server. I don't need those emails, don't use them much anyway.
Back to Top
View all pictures posted by this userView user's profile Find all posts by fishead Send private message   Visit poster's website Phoogle Map Visit poster's Blog
Re: what is yahoo counter?
PostPosted: 01/27/2009 11:19 PM Reply with quote
Site Admin
Nightrider
Site Admin
Posts 30756
Word Cnt. 2,628,678
BDay Jul 28
Sign Leo
Sex Sex:Male
Joined: Sep 25, 2004
Local time: 5:08 AM
Location: St Pete, FL
peace.gif
We already attempted to move to Host Monster (Bluehost) but I didn't like their server setup and the limitations in phpMyAdmin and with the FTP connections.  We will continue to look for a host that is worthy of our business.  I am really sick of dealing with IX...

munky2
Back to Top
View all pictures posted by this userView user's profile Find all posts by Nightrider Send private message   AIM Address Yahoo Messenger Phoogle Map ICQ Number
 Post new topic  Reply to topic
Information
Welcome to RCF - WHF Forum Index -> Area 51 - phpBB & Easymod Tech Support

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
All times are GMT - 5 Hours
Goto page: Previous  1, 2, 3, 4, 5, 6  Next
Page 2 of 6


Add To Bookmarks

 
  
  


  Google

Powered by phpBB © 2001, 2005 phpBB Group
  ImageShack  
  Putfile  
  TinyURL  
  CommonDreams  
  Log in  

Page generation time: 0.1407s (PHP: 85% - SQL: 15%) - SQL queries: 61 - GZIP enabled - Debug on