Author Topic: How to deal with TP hack  (Read 36837 times)

0 Members and 1 Guest are viewing this topic.

Offline ip0li

  • Administrator
  • Hero Member
  • *****
  • Posts: 1950
    • View Profile
Re: How to deal with TP hack
« Reply #30 on: June 07, 2012, 04:46:37 AM »
You need to ask your server admin then, since we always use root user.

Offline Vas

  • Newbie
  • *
  • Posts: 21
    • View Profile
Re: How to deal with TP hack
« Reply #31 on: June 07, 2012, 07:51:56 AM »
I tried using /usr/bin/php lock.php  on it's own and it seemed to work, the response was:

usage:  lock.php  owner: group

I think that did it.  OR not ??  let me know  :D

Offline ip0li

  • Administrator
  • Hero Member
  • *****
  • Posts: 1950
    • View Profile
Re: How to deal with TP hack
« Reply #32 on: June 07, 2012, 09:00:44 AM »
/usr/local/bin/php lock.php user:group

U need to use something similar to that, where user:group is your ftp user and group and /usr/local/bin/php is path to your php

best is to ask hosting support to do it for you!

Offline oil

  • Sr. Member
  • ****
  • Posts: 288
    • View Profile
Re: How to deal with TP hack
« Reply #33 on: June 10, 2012, 09:50:00 AM »
when those hackers got shells on your box, the lock doesnt help either, for me it was they did the ST variables, then the hacked the .htaccess files, well the list is endless you guys MUST cleanout your box first, if you dont do that in the first place you can lock whatever you want - it wont help

i was troubled with this hack more then anybody else, the only, and for me it was after 50+ hacks the only thing which worked permantley is to hire the cleanout package of the soft-com.biz guys, they charge 75$ one time fee for the cleanout and they keep monitoring your box for hacks for some time after it,

« Last Edit: June 10, 2012, 09:51:57 AM by oil »

Offline Vas

  • Newbie
  • *
  • Posts: 21
    • View Profile
Re: How to deal with TP hack
« Reply #34 on: June 10, 2012, 12:35:30 PM »
Yep, it was via scripts like tp and proton that they managed to get into my boxes - all index.php files had new includes in them, the /tmp folder had a new binary file in it called x11, which added an include <?php @include_once('/tmp/x11'); ?> on all index.php files.  I had Traffic Revenue pop ups coming up on all index files of my sites, it took me 3 days to clean all the shit, I lost $100's .... Permissions are such that it can be easy for hackers to get in. Especially when all files are 777.

Tp has to become much more safe for me to continue using it. 

It's a pity cause it's a good script otherwise.

Offline oil

  • Sr. Member
  • ****
  • Posts: 288
    • View Profile
Re: How to deal with TP hack
« Reply #35 on: June 10, 2012, 06:37:29 PM »
Yep, it was via scripts like tp and proton that they managed to get into my boxes - all index.php files had new includes in them, the /tmp folder had a new binary file in it called x11, which added an include <?php @include_once('/tmp/x11'); ?> on all index.php files.  I had Traffic Revenue pop ups coming up on all index files of my sites, it took me 3 days to clean all the shit, I lost $100's .... Permissions are such that it can be easy for hackers to get in. Especially when all files are 777.

Tp has to become much more safe for me to continue using it. 

It's a pity cause it's a good script otherwise.
true, TP / Proton was the script which caused all the hacks, however unfort. you really need to clean out your servers and it has to be done by proffessionals like the soft-com.biz guys, whenever my host cleaned it, they cleaned the hack but NOT the way they came in, so cleaning the hack does not mean your box is secure after it

Offline Shawn

  • Newbie
  • *
  • Posts: 40
    • View Profile
Re: How to deal with TP hack
« Reply #36 on: June 11, 2012, 05:20:06 AM »
hire the cleanout package of the soft-com.biz guys, they charge 75$ one time fee for the cleanout and they keep monitoring your box for hacks for some time after it,
How'd you get that price?  They are charging me 25/hour

Offline oil

  • Sr. Member
  • ****
  • Posts: 288
    • View Profile
Re: How to deal with TP hack
« Reply #37 on: June 11, 2012, 06:43:02 AM »
i would say its depending on whats needs to be done, in general, for me the cleanout was 75 or for 120 cleanout with whole server tuning, i took the tuning package, and i am glad i did

Offline Shoplifter

  • Newbie
  • *
  • Posts: 48
    • View Profile
Re: How to deal with TP hack
« Reply #38 on: June 12, 2012, 07:35:09 PM »
So I am finding that the geoip.inc in most of my installs has an include in it again.

Was this found to be dangerous or not ?

 :(

Offline Vas

  • Newbie
  • *
  • Posts: 21
    • View Profile
Re: How to deal with TP hack
« Reply #39 on: June 12, 2012, 11:24:53 PM »
What does the include say ... ?  Is it reading from a folder on your server ?   Is it calling up and iframe ? 

Offline Shoplifter

  • Newbie
  • *
  • Posts: 48
    • View Profile
Re: How to deal with TP hack
« Reply #40 on: June 13, 2012, 06:05:24 PM »
What does the include say ... ?  Is it reading from a folder on your server ?   Is it calling up and iframe ? 

It's encoded and I don't know what it says. It seems to cause TP to send about every 4th click to some tube site.

Offline oil

  • Sr. Member
  • ****
  • Posts: 288
    • View Profile
Re: How to deal with TP hack
« Reply #41 on: June 13, 2012, 06:24:08 PM »
he was saying post it so we can see, however most likely when its encoded remove the include, its most likely a hack

Offline Adam Crosso

  • Newbie
  • *
  • Posts: 1
    • View Profile
Re: How to deal with TP hack
« Reply #42 on: September 13, 2012, 02:35:48 AM »
Guys do your job right and correct, we have much script with trade but only this one always hacked, ALWAYS ONLY YOUR SCRIPT! Do your job correct and normally, always when hack your script, the same time we losing our money because you guys playing and nobody pay to us for that, many people who we trade speak only one, stop trade with that script? Then stop write rules what to do if your script hack, do your job like other script who don't have the problem ;)