Welcome,
Guest
.
Please
login
or
register
.
Did you miss your
activation email
?
News:
Did you know that
Elxis 5.x
uses HTML5, CSS3 and pure javascript without external libraries such as jQuery?
Home
Help
Login
Register
Elxis CMS Forum
»
Support
»
Security
»
Help ... Hacked !!! [SOLVED]
« previous
next »
Print
Pages: [
1
]
Author
Topic: Help ... Hacked !!! [SOLVED] (Read 12534 times)
ks-net
Elxis Community
Hero Member
Posts: 2072
Kostas Stathopoulos
Help ... Hacked !!! [SOLVED]
«
on:
September 23, 2008, 04:06:05 »
possible hacking???
help here please as this page sends true creditcard's information stollen from people
to my maillbox , i hope that they didn't manage yet to take any.
i was suspicious when mail delivery fails reports came from my mailserver
with the messages that failed to send ... they have complete and real creditcard informations, phones, address
etc.
that url below was in my servers logs, also site visits increased 50 times the two last days
look at that page and you will see that is totally fake. no ssl , no links to aol no right click.
seopro
all samples filter enabled in defender
how can i stop this... is there a filter to add?
palaiopyrgos.gr /upload/webscr/m01.webmail.aol.com/SignIn&co_partnerId=2&pUserId/AOL=user_cmdID12549JDk23/and_login=921831288329,sequence=291038129383.html?t=1222125432671;b=807x477;s=1024x768;c=32;j=1.3;o=300;p=http%3A//palaiopyrgos.gr/upload/webscr/m01.webmail.aol.com/SignIn%26co_partnerId%3D2%26pUserId/AOL%3Duser_cmdID12549JDk23/and_login%3D921831288329%2Csequence%3D291038129383.html;r=;alive=1;t=1222130682828%20HTTP/1.1%22%20200%2043582%20%22http://palaiopyrgos.gr/upload/webscr/m01.webmail.aol.com/SignIn&co_partnerId=2&pUserId/AOL=user_cmdID12549JDk23/and_login=921831288329,sequence=291038129383.html%22%20%22Mozilla/4.0%20(compatible;%20MSIE%207.0;%20AOL%209.1;%20AOLBuild%204334.34;%20Windows%20NT%205.1;%20FunWebProducts;%20(R1%201.3);%20(R1%201.6);%20.NET%20CLR%201.1.4322)%22
edit: deactivated the url for search engines bots.
«
Last Edit: September 23, 2008, 14:04:56 by ks-net
»
Logged
ks-net.gr
Ivan Trebješanin
Elxis Team
Hero Member
Posts: 1663
Re: Help ... Hacked !!!
«
Reply #1 on:
September 23, 2008, 04:50:32 »
This is really good hack! But, tell me something: do you have the /uploads folder?
Logged
I've got a snap in my finger...
Got rhythm in my walk...
CREATIVE Options
Authorized Elxis Professional
Elxis Community
Hero Member
Posts: 2334
Professional services for Elxis CMS
Re: Help ... Hacked !!!
«
Reply #2 on:
September 23, 2008, 12:13:05 »
Isn't this outside from your Elxis directory ?
And in first place check this out.
Logged
ks-net
Elxis Community
Hero Member
Posts: 2072
Kostas Stathopoulos
Re: Help ... Hacked !!!
«
Reply #3 on:
September 23, 2008, 13:19:35 »
found ... ftp hacked
i must change passwords
they made a dir in my server ( attached here)and they waiting for victims
but i don't now how they send people to me...
[attachment deleted by admin]
Logged
ks-net.gr
nikos65
Hero Member
Posts: 1043
Re: Help ... Hacked !!!
«
Reply #4 on:
September 23, 2008, 13:23:59 »
The dir was the upload directory ?
Logged
----
Γηράσκω αεί διδασκόμενος
www.dallas.gr
|
www.igoumenitsahotels.com
ks-net
Elxis Community
Hero Member
Posts: 2072
Kostas Stathopoulos
Re: Help ... Hacked !!!
«
Reply #5 on:
September 23, 2008, 13:27:30 »
yes
Logged
ks-net.gr
datahell
Elxis Team
Hero Member
Posts: 10356
Re: Help ... Hacked !!!
«
Reply #6 on:
September 23, 2008, 13:28:29 »
It is not a hack. You have spyware on your computer. Check this: FunWebProducts.
I think you open a bad e-mail...
«
Last Edit: September 23, 2008, 13:36:09 by datahell
»
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
ks-net
Elxis Community
Hero Member
Posts: 2072
Kostas Stathopoulos
Re: Help ... Hacked !!!
«
Reply #7 on:
September 23, 2008, 13:47:04 »
well .. the files attached above were in my server
also my mailserver received mails that refuses to forward to $maill='breatheresult@voila.fr,pennehart99@yahoo.com';
An other thing is:
also i noticed apache error logs have some lines :
[Tue Sep 23 03:42:27 2008] [error] [client 213.5.200.189] mod_security: Access denied with code 403. Pattern match "select.+from" at POST_PAYLOAD [severity "EMERGENCY"] [hostname "
www.palaiopyrgos.gr
"] [uri "/administrator/index2.php"]
the same time defender didn't work i couldn't add a new flter(it forward me to frontend) and printed the error above.
so i had to manually remove any SELECT filter.
why this happend ?
is there a conflict with mod_security?
Logged
ks-net.gr
datahell
Elxis Team
Hero Member
Posts: 10356
Re: Help ... Hacked !!!
«
Reply #8 on:
September 23, 2008, 13:51:45 »
"select from" is a mod_security filter and you can not use it via POST request even for defender. Apache's mod_security runs before defender.
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
ks-net
Elxis Community
Hero Member
Posts: 2072
Kostas Stathopoulos
Re: Help ... Hacked !!!
«
Reply #9 on:
September 23, 2008, 14:01:06 »
the only weired think here is that i haven't any problem at the past
And must say that defender is totally needed
as a have and i am sure all you have every day at least 3-4 attacks especially with mos_config.
Logged
ks-net.gr
Print
Pages: [
1
]
« previous
next »
Elxis CMS Forum
»
Support
»
Security
»
Help ... Hacked !!! [SOLVED]