Script Pulse

Trade Pulse => Trade Pulse Support => Topic started by: Ivan on December 05, 2011, 05:32:54 AM

Title: Version 1.0.7 build 41 - hacked
Post by: Ivan on December 05, 2011, 05:32:54 AM

All my websites have been hacked again, the same redirect as in previous versions

here frame info:

<html>
<head>
<title>validwin.com</title>
</head>
<body>
<center>no paid listing</center>
</body>
</html>

Title: Re: Version 1.0.7 build 41 - hacked
Post by: oil on December 05, 2011, 07:45:58 PM

one of my built 41 is hacked as well again
the redirect doesnt trigger for me, however for traders and only in chrome not in FF
my host found out this

Quote

After reading through the page source and then the index, I noticed that one of the java script calls in source was a bit odd... it wasn't calling just <script it was calling <s + cri + pt as if to avoid being caught by some checker.  That script call was using your tp/filter.php.  I checked the backup of that file and it was not the same size as it was at the end of November, the fitler php had an adjsutment timestamp of Dec 4, 2011 at 02:24am with 777 permissions.  After replacing this filter.php from backup (I backed up what I though to be the bad one), I no longer receive a redirect or long periods of loading.  No audio in the background either.

Can you have that trader check again?

Title: Re: Version 1.0.7 build 41 - hacked
Post by: ip0li on December 06, 2011, 12:04:19 AM

Ivan, please send us access to your TP and FTP to info@scriptpulse.com ASAP!

Cheers

Oil, this is probably leftover from old hack probably was not cleaned 100%. If you wanna kildoozer can take a look!

Title: Re: Version 1.0.7 build 41 - hacked
Post by: oil on December 06, 2011, 06:08:59 PM

unfort. not, several sites are hacked again :(
and why the fuck is the scanner not even checking for the filter.php file
its the most hacked file ever

Title: Re: Version 1.0.7 build 41 - hacked
Post by: ip0li on December 07, 2011, 02:19:01 AM

oil please give us tp and ftp access, info@scriptpulse.com

Title: Re: Version 1.0.7 build 41 - hacked
Post by: Kildoozer on December 07, 2011, 02:41:50 AM

Hi.
Let me explain what's going on.
This hack is still old hack. Fucking hacker left 'backdoors' on the servers that allows him to manipulate files on a server, like changing filter.php and scanner.
If you see any iframes on your main page, it means you have this backdoor(s). If you clean up the server from backdoor and update TP, NO MORE hacks will be possible.
I repeat, latest builds are 100% secure.

The problem is detection these backdoor files and remove'em. It's *.php files, 99% of them are encoded by Ion cube or Zend encoder. I can do this work for you, but I need either ftp access or ssh access, the last one is more desired.

Contact me directly if you think you hacked - kildoozer@scriptpulse.com