Author Topic: 1.0.7 build 41 - hacked again  (Read 15210 times)

0 Members and 1 Guest are viewing this topic.

Offline oil

  • Sr. Member
  • ****
  • Posts: 288
    • View Profile
1.0.7 build 41 - hacked again
« on: December 09, 2011, 12:36:51 PM »
not even 2 days after killdozer cleaned out the recent hack, all TP s are hacked again
what really is kinda strange is that the most hacked file is alwazs the filter.php file
why for god s sake is that not included in the Tools | Scanner
without that one the scanner is quite uselss

Offline Michal

  • Newbie
  • *
  • Posts: 19
    • View Profile
Re: 1.0.7 build 41 - hacked again
« Reply #1 on: December 09, 2011, 12:53:11 PM »
I had this problem too (after ion cube change), solution was to check permissions (by mistake host had 775 on domains solution change them to 755) and also browsing all tp directories in searching strange .php files (created near 20 august)

Offline ip0li

  • mgSearkGD
  • Administrator
  • Hero Member
  • *****
  • Posts: 1963
    • View Profile
    • Pretty Girls from your city for night
Re: 1.0.7 build 41 - hacked again
« Reply #2 on: December 10, 2011, 02:15:31 AM »
sending this to kildoozer he will answer soon!

Offline Chris

  • Jr. Member
  • **
  • Posts: 71
    • View Profile
Re: 1.0.7 build 41 - hacked again
« Reply #3 on: December 10, 2011, 04:52:23 AM »
I believe it is included

Offline ip0li

  • mgSearkGD
  • Administrator
  • Hero Member
  • *****
  • Posts: 1963
    • View Profile
    • Pretty Girls from your city for night
Re: 1.0.7 build 41 - hacked again
« Reply #4 on: December 10, 2011, 04:58:40 AM »
As kildoozer told me now this problem is solved yesterday.

Offline Shawn

  • Newbie
  • *
  • Posts: 40
    • View Profile
Re: 1.0.7 build 41 - hacked again
« Reply #5 on: December 12, 2011, 07:38:34 AM »
Not only am I hacked yet again but scanner doesn't see anything wrong...

Offline ip0li

  • mgSearkGD
  • Administrator
  • Hero Member
  • *****
  • Posts: 1963
    • View Profile
    • Pretty Girls from your city for night
Re: 1.0.7 build 41 - hacked again
« Reply #6 on: December 12, 2011, 07:53:33 AM »
Guys, all hacks what happen again is because old hacks were not cleaned properly.

Please contact kildoozer over kildoozer@scriptpulse.com and he will get care of it.

Cheers

Offline oil

  • Sr. Member
  • ****
  • Posts: 288
    • View Profile
Re: 1.0.7 build 41 - hacked again
« Reply #7 on: December 13, 2011, 07:55:02 PM »
this is just not true, killdozer cleaned my server already 3+ times with latest built,
and my sites get hacked again usually 2/3 days after everything was cleaned

and the guys are which are doing that are smart

Tools / Scanner /  - does not scan the infected files, it just jumps over them
so the scanner is useless in that case cause all is green and says everything is good

Settings - Updater , check for latest version
says all files are up to date,

besides the fact that the sites are full with thousand of stupid ads, redirect, playing sounds, bla bla whatsoever
there is nothing from TP backend itself which points to the fact that the site might have been hacked, just the fact that prod is really fucked
over

as it looks for me its seems impossible for you to secure some stuff, get me right on this one
i have 3 dedicated boxes at mojo, only one get hacked all of time, however its the one with the biggest sites

just as thought making some files different permisson wouldnt that close it down a bit, i recall the ST hacks in the past before we didnt do the templates on 444 is was all very good to still getting hacked
there must be option to secure tp as well, its not convenient in case a update rolls out but you might be better off writing a chmod script before the update and seal the files after update again
however

... current version of TP is in no way even close to be safe or secure, thats just not true, saying anything different is just denial
« Last Edit: December 13, 2011, 08:15:48 PM by oil »

Offline Michal

  • Newbie
  • *
  • Posts: 19
    • View Profile
Re: 1.0.7 build 41 - hacked again
« Reply #8 on: December 15, 2011, 06:03:34 AM »
check not only tp folders. maybe some bad files are located elsewhere at 777 directories and domains

hint: when you will be attacked again note what is date an hour of file changes and scan your account for all other files that were changed (created near that time) most of them will be probably bad stuff from hack - I found one for example at ST directory.

unfortunatelly it is creating this files since first infection, so you still have to search for more older files - but after first cleaning you will identify them easier

« Last Edit: December 15, 2011, 08:53:32 AM by Michal »

Offline ip0li

  • mgSearkGD
  • Administrator
  • Hero Member
  • *****
  • Posts: 1963
    • View Profile
    • Pretty Girls from your city for night
Re: 1.0.7 build 41 - hacked again
« Reply #9 on: December 15, 2011, 01:15:17 PM »
Thnx Michal, Kildoozer is already doing all that and more :)

Offline Chris

  • Jr. Member
  • **
  • Posts: 71
    • View Profile
Re: 1.0.7 build 41 - hacked again
« Reply #10 on: December 18, 2011, 02:09:55 PM »
I m sure filter.php was included in the scanner tool
Now it is not!!
Something is definitely wrong!

Offline Ivan

  • Newbie
  • *
  • Posts: 5
    • View Profile
Re: 1.0.7 build 41 - hacked again
« Reply #11 on: December 19, 2011, 11:39:35 AM »
filter.php is the most often hacked file.

Both of my servers get hacked every day and only the websites where Trade Pulse is installed.

I'm tired of cleaning it and reinstalling it every day, I will stop using it and get some other trade script.

Offline Kildoozer

  • Administrator
  • Sr. Member
  • *****
  • Posts: 420
    • View Profile
Re: 1.0.7 build 41 - hacked again
« Reply #12 on: December 19, 2011, 12:14:48 PM »
2 Ivan.
I know now about this hack more than you, so let me clean the your servers. I have now effective scanner for the backdoors files, give me access to the server(s) and I'll clean'em. I know, some servers I cleaned several times, but now I have more info about methods of this hack.
I repeat again, TP is absolutely secure. All the hacks you have now is using old backdoors on your servers. Remove backdors = no more hacks.
kildoozer@scriptpulse.com