Author Topic: TP directory hacked  (Read 14669 times)

0 Members and 1 Guest are viewing this topic.

Offline Ben

  • Newbie
  • *
  • Posts: 4
    • View Profile
TP directory hacked
« on: October 10, 2009, 04:40:47 AM »
Hi,

I was informed by my host that the php files within my TP directory had been hacked which ended with the hosts mail server being blacklisted.

So this looks like it was my fault as I didn't CHMOD the folder/files after the install!

The original TP directory has been renamed and most of my access to this folder has been removed. I now have a site with no script running. Some of the php files may have been modified by the hacker so it's too risky to start using these files again. Can I create a new install and copy the original data folder over? Or is it not that simple?

Ben

Offline ip0li

  • mgSearkGD
  • Administrator
  • Hero Member
  • *****
  • Posts: 1963
    • View Profile
    • Pretty Girls from your city for night
Re: TP directory hacked
« Reply #1 on: October 10, 2009, 05:17:17 AM »
U should leave all as it was and simply try to update your script. But if files are hacked its not related to TP, it's some other exploit on your server or other script. Check with your host and check around on forums, there are vulnerable versions of Comus and Wordpress in which as result U get many of your files hacked.

Offline Ben

  • Newbie
  • *
  • Posts: 4
    • View Profile
Re: TP directory hacked
« Reply #2 on: October 10, 2009, 05:45:55 AM »
My host seems to think the root of the problem was the ssi_in.php file which I had left with 777 permissions. So you're saying the hacker would have found another way into the server (possibly through a wordpress install i have) and then looked for any files he/she had access to.

My TP directory has been renamed to TP.lock by my host and I can browse to login.php but my username and password do not work. I don't get an error message but the page just refreshes. what usually happens when you input an incorrect password? should I be seeing an error?

Am I correct in assuming I cannot update the script without first logging in?

Ben

Offline ip0li

  • mgSearkGD
  • Administrator
  • Hero Member
  • *****
  • Posts: 1963
    • View Profile
    • Pretty Girls from your city for night
Re: TP directory hacked
« Reply #3 on: October 10, 2009, 08:29:05 AM »
U need to rename directory to original name since now paths are all messed up and then login.

Offline Ben

  • Newbie
  • *
  • Posts: 4
    • View Profile
Re: TP directory hacked
« Reply #4 on: October 14, 2009, 03:00:19 AM »
For some reason I don't currently have access to my data folder. Sent another email to my host to sort this one out.

So, at the moment I still can't log into tradepulse. I've looked in my TP directory and there's a file called aca.php which is 39MB in size! I'm guessing this is not a legit file?

Do you have a list of the files I should have in this folder?

Idealy I want to do a clean install of Tradepulse. Will it then be possible for me to copy the old site/trade details accross? ie. which files/folders would i need to copy?

Ben

Offline ip0li

  • mgSearkGD
  • Administrator
  • Hero Member
  • *****
  • Posts: 1963
    • View Profile
    • Pretty Girls from your city for night
Re: TP directory hacked
« Reply #5 on: October 14, 2009, 05:09:25 AM »
do fresh install and copy entire data folder, that will do the trick ;)

Offline Ben

  • Newbie
  • *
  • Posts: 4
    • View Profile
Re: TP directory hacked
« Reply #6 on: October 14, 2009, 12:24:48 PM »
I've created the clean install of TP.

Tried copying the entire data folder over from old install but although it worked, it was flagging up various php errors in the tp backend.

I instead copied the 'backup' folder across to the new install and selected tools,backup and performed a restore. This has now got me up and running again. Is there a file within the data folder that holds the information/settings for the toplists?

ben

Offline ip0li

  • mgSearkGD
  • Administrator
  • Hero Member
  • *****
  • Posts: 1963
    • View Profile
    • Pretty Girls from your city for night
Re: TP directory hacked
« Reply #7 on: October 15, 2009, 05:25:57 AM »
/tp/tops

toplist data is stored there.

Offline Andy

  • Newbie
  • *
  • Posts: 6
    • View Profile
Re: TP directory hacked
« Reply #8 on: November 24, 2009, 10:53:18 PM »
My tp directory just got hacked and when accessing now /tp via firefox I get the "reported attack site" screen.

Should I make a fresh install or upgrade?

In case of fresh install, copy which files and folders from old installation exactly?

What are the minimum file and folder permissions that tp requires to run effectively after the install? currently all files and folders in tp directory seem 777  :-[

Offline Andy

  • Newbie
  • *
  • Posts: 6
    • View Profile
Re: TP directory hacked
« Reply #9 on: November 25, 2009, 12:51:27 AM »
In particular, webmaster central showed this:

Sample pages that may be distributing malware: /tp/out.php?to=sometrade.com&link=top

I removed now sometrade.com from tradelist and blacklisted.

I removed an entry regarding sometrade.com manually from data/stats folder. Are there any other possible entries in other files that could be related to this?

Offline Kildoozer

  • Administrator
  • Sr. Member
  • *****
  • Posts: 420
    • View Profile
Re: TP directory hacked
« Reply #10 on: November 25, 2009, 09:42:37 AM »
Andy, please send me URL of your site, I have to look what's wrong there.
kildoozer at gmail