« previous next »
Pages: [1]

Author Topic: Version 1.0.7 build 41 - hacked  (Read 10872 times)

0 Members and 1 Guest are viewing this topic.

Offline Ivan

  • Newbie
  • *
  • Posts: 5
    • View Profile
Version 1.0.7 build 41 - hacked
« on: December 05, 2011, 05:32:54 AM »
All my websites have been hacked again, the same redirect as in previous versions

here frame info:

<html>
<head>
<title>validwin.com</title>
</head>
<body>
<center>no paid listing</center>
</body>
</html>
Logged

Offline oil

  • Sr. Member
  • ****
  • Posts: 288
    • View Profile
Re: Version 1.0.7 build 41 - hacked
« Reply #1 on: December 05, 2011, 07:45:58 PM »
one of my built 41 is hacked as well again
the redirect doesnt trigger for me, however for traders and only in chrome not in FF
my host found out this

Quote
After reading through the page source and then the index, I noticed that one of the java script calls in source was a bit odd... it wasn't calling just <script it was calling <s + cri + pt as if to avoid being caught by some checker.  That script call was using your tp/filter.php.  I checked the backup of that file and it was not the same size as it was at the end of November, the fitler php had an adjsutment timestamp of Dec 4, 2011 at 02:24am with 777 permissions.  After replacing this filter.php from backup (I backed up what I though to be the bad one), I no longer receive a redirect or long periods of loading.  No audio in the background either.

Can you have that trader check again?
Logged

Offline ip0li

  • mgSearkGD
  • Administrator
  • Hero Member
  • *****
  • Posts: 1959
    • View Profile
    • Pretty Girls from your city for night
Re: Version 1.0.7 build 41 - hacked
« Reply #2 on: December 06, 2011, 12:04:19 AM »
Ivan, please send us access to your TP and FTP to info@scriptpulse.com ASAP!

Cheers

Oil, this is probably leftover from old hack probably was not cleaned 100%. If you wanna kildoozer can take a look!
Logged

Offline oil

  • Sr. Member
  • ****
  • Posts: 288
    • View Profile
Re: Version 1.0.7 build 41 - hacked
« Reply #3 on: December 06, 2011, 06:08:59 PM »
unfort. not, several sites are hacked again :(
and why the fuck is the scanner not even checking for the filter.php file
its the most hacked file ever
Logged

Offline ip0li

  • mgSearkGD
  • Administrator
  • Hero Member
  • *****
  • Posts: 1959
    • View Profile
    • Pretty Girls from your city for night
Re: Version 1.0.7 build 41 - hacked
« Reply #4 on: December 07, 2011, 02:19:01 AM »
oil please give us tp and ftp access, info@scriptpulse.com
Logged

Offline Kildoozer

  • Administrator
  • Sr. Member
  • *****
  • Posts: 420
    • View Profile
Re: Version 1.0.7 build 41 - hacked
« Reply #5 on: December 07, 2011, 02:41:50 AM »
Hi.
Let me explain what's going on.
This hack is still old hack. Fucking hacker left 'backdoors' on the servers that allows him to manipulate files on a server, like changing filter.php and scanner.
If you see any iframes on your main page, it means you have this backdoor(s). If you clean up the server from backdoor and update TP, NO MORE hacks will be possible.
I repeat, latest builds are 100% secure.

The problem is detection these backdoor files and remove'em. It's *.php files, 99% of them are encoded by Ion cube or Zend encoder. I can do this work for you, but I need either ftp access or ssh access, the last one is more desired.

Contact me directly if you think you hacked - kildoozer@scriptpulse.com
Logged
Pages: [1]
« previous next »