Author Topic: Toplist Hacked  (Read 8359 times)

0 Members and 1 Guest are viewing this topic.

Offline invisible

  • Newbie
  • *
  • Posts: 7
    • View Profile
Toplist Hacked
« on: March 07, 2009, 09:20:48 AM »
Just an hour ago I logged into one of my sites and was prompted to do an update. None of my other sites (they're all running V1.0.2 13) asked for the update.

I clicked it and the file that was updated was footer.php

Ok, so i go to surf my site, just checking trades etc, and get "google-search.ro is an attack site ..." in fire fox.
I checked in maxthon and chrome same thing


I want to repeat. I had surfed the site before the "update" and it was perfect, no attack site warning.


After looking around the server, scanning my pc, I found this at the bottom of one of my toplist templates

--- CODE REMOVED -- may cause false positives from anti-virus software
Code: [Select]

I deleted it, copied footer.php from one of my other sites and now its back to normal.

This is really messed up guys. Please take a look at this
« Last Edit: March 08, 2009, 10:20:26 PM by invisible »

Offline invisible

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Toplist Hacked
« Reply #1 on: March 08, 2009, 01:02:51 PM »
Now I'm getting this fake update on a lot more sites

Fake update:



Normal site

Offline ip0li

  • mgSearkGD
  • Administrator
  • Hero Member
  • *****
  • Posts: 1963
    • View Profile
    • Pretty Girls from your city for night
Re: Toplist Hacked
« Reply #2 on: March 08, 2009, 06:53:52 PM »
before we can check anything I need ftp data, please send me open ftp access (no ip-blocking) to info@scriptpulse.com ASAP so we can check this early in the AM since it's 4am here.

Also gimme url to some of your TP admins and username/pwd...also over email...

Waiting for email, cheers

Offline invisible

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Toplist Hacked
« Reply #3 on: March 08, 2009, 10:21:16 PM »
Thanks ip0li. email sent