Announcement

Collapse
No announcement yet.

Spam Exploit?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spam Exploit?

    I have had my server "exploited" for the past two days by an apparent spammer. I am running 3.0.7 and they are somehow putting a subdir titles "m" into my forums. I wish I had more info, but my webhost is being a total prick and won't even let me FTP into my forums.

    Snippet from a "log" from my webhost:

    Your site was caught spamming again:

    Wed Mar 30 04:18:45 CST 2005 - /home/kaoboda/public_html/irish/m - nobody x 99 99 Nobody / /sbin/nologin

    Wed Mar 30 04:18:45 CST 2005 - /home/kaoboda/public_html/irish/m - nobody x 99 99 Nobody / /sbin/nologin

    Wed Mar 30 04:18:45 CST 2005 - /home/kaoboda/public_html/irish/m - nobody x 99 99 Nobody / /sbin/nologin

    Wed Mar 30 04:18:45 CST 2005 - /home/kaoboda/public_html/irish/m - nobody x 99 99 Nobody / /sbin/nologin


    Does anyone know about this, how this is caused, etc?

  • #2
    I have attached the file that was uploaded to my forums. Has anyone ever seen this?
    Attached Files

    Comment


    • #3
      Important Question: How the file got uploaded ??
      Have you enabled uploading .php files to your servers ?
      How many users have access to your ftp account ?
      TechArena - TechArena Community - News - Download - Video - Guide - Review

      Comment


      • #4
        Originally posted by SaN-DeeP
        Important Question: How the file got uploaded ??
        Have you enabled uploading .php files to your servers ?
        How many users have access to your ftp account ?
        Yeah, that is the question and my web host cannot answer. I only have 1 FTP account with a pretty difficult password.

        Have you enabled uploading .php files to your servers? I didn't think so, but if that were the case, it would be even a bigger mystery.

        Comment


        • #5
          Originally posted by RetroDreams
          Yeah, that is the question and my web host cannot answer. I only have 1 FTP account with a pretty difficult password.

          Have you enabled uploading .php files to your servers? I didn't think so, but if that were the case, it would be even a bigger mystery.
          Check your ftp logs, server logs.
          If you do not have access to those, request the same from your provider.

          If the file upload date is too old (more then 24 hours).. I think you have to take some importants steps to re-check your entire site/forums security and change all your passwords.
          Database, Cpanel, FTP, Forums, etc.
          TechArena - TechArena Community - News - Download - Video - Guide - Review

          Comment


          • #6
            Bump.

            Comment


            • #7
              Did you follow the sugegstions posted by San-Deep? We have no way of knowing how your server was exploited. The best place to start this investigation is with your host.
              Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
              Change CKEditor Colors to Match Style (for 4.1.4 and above)

              Steve Machol Photography


              Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


              Comment

              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
              Working...
              X