Announcement

Collapse
No announcement yet.

Spam Exploit?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Steve Machol
    replied
    Did you follow the sugegstions posted by San-Deep? We have no way of knowing how your server was exploited. The best place to start this investigation is with your host.

    Leave a comment:


  • RetroDreams
    replied
    Bump.

    Leave a comment:


  • SaN-DeeP
    replied
    Originally posted by RetroDreams
    Yeah, that is the question and my web host cannot answer. I only have 1 FTP account with a pretty difficult password.

    Have you enabled uploading .php files to your servers? I didn't think so, but if that were the case, it would be even a bigger mystery.
    Check your ftp logs, server logs.
    If you do not have access to those, request the same from your provider.

    If the file upload date is too old (more then 24 hours).. I think you have to take some importants steps to re-check your entire site/forums security and change all your passwords.
    Database, Cpanel, FTP, Forums, etc.

    Leave a comment:


  • RetroDreams
    replied
    Originally posted by SaN-DeeP
    Important Question: How the file got uploaded ??
    Have you enabled uploading .php files to your servers ?
    How many users have access to your ftp account ?
    Yeah, that is the question and my web host cannot answer. I only have 1 FTP account with a pretty difficult password.

    Have you enabled uploading .php files to your servers? I didn't think so, but if that were the case, it would be even a bigger mystery.

    Leave a comment:


  • SaN-DeeP
    replied
    Important Question: How the file got uploaded ??
    Have you enabled uploading .php files to your servers ?
    How many users have access to your ftp account ?

    Leave a comment:


  • RetroDreams
    replied
    I have attached the file that was uploaded to my forums. Has anyone ever seen this?
    Attached Files

    Leave a comment:


  • RetroDreams
    started a topic Spam Exploit?

    Spam Exploit?

    I have had my server "exploited" for the past two days by an apparent spammer. I am running 3.0.7 and they are somehow putting a subdir titles "m" into my forums. I wish I had more info, but my webhost is being a total prick and won't even let me FTP into my forums.

    Snippet from a "log" from my webhost:

    Your site was caught spamming again:

    Wed Mar 30 04:18:45 CST 2005 - /home/kaoboda/public_html/irish/m - nobody x 99 99 Nobody / /sbin/nologin

    Wed Mar 30 04:18:45 CST 2005 - /home/kaoboda/public_html/irish/m - nobody x 99 99 Nobody / /sbin/nologin

    Wed Mar 30 04:18:45 CST 2005 - /home/kaoboda/public_html/irish/m - nobody x 99 99 Nobody / /sbin/nologin

    Wed Mar 30 04:18:45 CST 2005 - /home/kaoboda/public_html/irish/m - nobody x 99 99 Nobody / /sbin/nologin


    Does anyone know about this, how this is caused, etc?
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X