Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?



Login with username, password and session length
October 24, 2014, 03:16:24 PM

Pages: [1]   Go Down
  Print  
Author Topic: My site was hacked and files uploaded!!  (Read 15643 times)
Twizted
Jack of all Trades, Master of none
Pong! (the videogame) Master
*****
Offline Offline

Posts: 25


WWW
« on: September 02, 2004, 09:19:13 PM »

mmk I am running PHP-Nuke (not for much longer I might add) and I kinda got hit back around the 2nd week of aug. with a simple lil thing.. a missing table in my DB... no biggie I didnt know if it was a hack or not.. Well.. I fixed it and just today around 5:30 est I got hacked again.. This time they took out my Nuke tables BIG TIME.. Only lucky me I had a semi recent backup (from the first "hack?" I backed up what was left (all but the whos_online table which saved me.. but in the process of downloading the whole site onto my HDD I discovered some "odd" files... and it would seem some script kiddie has uploaded files onto my server in the modules directory... The script is question was "PhpShell 2.0" what I want to know is HOW they managed to upload files into that directory!... From that script you can run ANY command as root!!!

I am hoping there is a way to find out when this was done as I didnt find this until after midnight I cant see the log for yesterday but I am hoping Lunarpages Tech can cause maybe it will give an IP address to track and report to an ISP..  Anyway... Anyone else had this script used on them? Did you find out how they got it uploaded... (time to change my  pass  Crying or Very sad )

This crap really nix my drawers....

Any suggestions or comments...
Logged
Rhys
Galactic Royalty
*****
Offline Offline

Posts: 338



WWW
« Reply #1 on: September 03, 2004, 05:22:37 AM »

Try downloading and having a look in your raw access logs. that should say when the site was accessed. And as ive allways said get rid of php nuke completley. Its shabby and its easily hacked.
Logged

Its nice to be important, but its more important to be nice.
Shecky
Galactic Royalty
*****
Offline Offline

Posts: 456


WWW
« Reply #2 on: September 03, 2004, 06:22:08 AM »

Unfortunately, many of these script kiddies are in countries where it is either very hard to prosecute these crimes, or they aren't considered crimes at all. Russia, Brazil and Northern Europe are all big playgrounds for these folks, AFAIK.
Logged

Twizted
Jack of all Trades, Master of none
Pong! (the videogame) Master
*****
Offline Offline

Posts: 25


WWW
« Reply #3 on: September 03, 2004, 04:53:31 PM »

well I have contacted Support for the access logs and also to be moved to a new server for my own reasons..  I am hoping this person may be able to be given some grief atleast.. The kind of script used is rediculously easy I am just dumbfounded about how they managed to get it uploaded to the server (several files) anyway... I am going to do what I can to try to give this punk some grief for this...
Logged
Rhys
Galactic Royalty
*****
Offline Offline

Posts: 338



WWW
« Reply #4 on: September 04, 2004, 04:24:51 AM »

Give him some grief but dont you go and do nothing illegal. u dont wana be getting in trouble for it.
Logged

Its nice to be important, but its more important to be nice.
Twizted
Jack of all Trades, Master of none
Pong! (the videogame) Master
*****
Offline Offline

Posts: 25


WWW
« Reply #5 on: September 04, 2004, 09:27:47 AM »

The only grief I and my company plan on giving him will be Legal grief if possible...
Logged
Shecky
Galactic Royalty
*****
Offline Offline

Posts: 456


WWW
« Reply #6 on: September 04, 2004, 01:12:23 PM »

Right on!... I love watching a good game of "Squish the Script-Kiddie!"
Logged

mancipar
Newbie
*
Offline Offline

Posts: 1


« Reply #7 on: May 18, 2013, 09:37:55 AM »

mmk I am running PHP-Nuke (not for much longer I might add) and I kinda got hit back around the 2nd week of aug. with a simple lil thing.. a missing table in my DB... no biggie I didnt know if it was a hack or not.. Well.. I fixed it and just today around 5:30 est I got hacked again.. This time they took out my Nuke tables BIG TIME.. Only lucky me I had a semi recent backup (from the first "hack?" I backed up what was left (all but the whos_online table which saved me.. but in the process of downloading the whole site onto my HDD I discovered some "odd" files... and it would seem some script kiddie has uploaded files onto my server in the modules directory... The script is question was "PhpShell 2.0" what I want to know is HOW they managed to upload files into that directory!... From that script you can run ANY command as root!!!

I am hoping there is a way to find out when this was done as I didnt find this until after midnight I cant see the log for yesterday but I am hoping Lunarpages Tech can cause maybe it will give an IP address to track and report to an ISP..  Anyway... Anyone else had this script used on them? Did you find out how they got it uploaded... (time to change my  pass  Crying or Very sad )

This crap really nix my drawers....

Any suggestions or comments...

Those files can be uploaded to your website via any sort of "uploader"  wich u have on your website and is not properly set up OR:  ftp,ssh,telnet,SQL injection ... since you say they've accessed and modified your DB. it's most likely that SQL has been used.

have a good read through google about php shell injection and SQL injection.
Logged
austingrd
Intergalactic Cowboy
*****
Offline Offline

Posts: 65


« Reply #8 on: September 22, 2013, 04:41:17 AM »

I was wanting to set up SQL injection probably on a test environment first. Is there a good tutorial online? I was looking for a step by step process.
Logged
Pages: [1]   Go Up
  Print  
 
Jump to: