IntegraMOD

Posted: **Wed Jul 18, 2007 9:48 pm**

Your phpBB Version: 2.0.
phpBB Type: phpBB / IMPortal
MODs: No
Your knowledge: Beginner
Board URL: http://www.killyourboredom.com

PHP Version:
MySQL Version:

What was done before the problem appeared?

What was done to try to solve the problem?

De.scription and Message

So, my site that has integramod messed up, it showed up "you have no permission" page or something. Then I contacted my hosting administrator, and asked them about this and they disabled my website just because of integramod, they are thinking that the .scripts I have are outdate, which of course it is NOT out date, because I have 141 version. So I told them that it might be .htaccess, and they said that they think that amod or album, or whatever it is that what it mess up.

Here's their e-mail message -

Hi Joshie,

I would be happy to set it as you would prefer.

Also, it seems someone uploaded weird stuff to your site - for now it is disabled. Can you let us know if you are ready to upgrade or patch any software that may be outdated?

Here is a list of all files that seem to have changed this month:

root@secure08 [/home/killyour/public_html]# ls -l | grep Jul
drwxr-x--- 36 killyour nobody 4096 Jul 17 16:07 ./
drwx--x--x 17 killyour killyour 4096 Jul 14 00:32 ../
drwxr-xr-x 7 killyour killyour 4096 Jul 17 19:19 .access.login/
-rw-r--r-- 1 killyour killyour 11918 Jul 14 01:07 ADDENDA.txt
drwxr-xr-x 3 killyour killyour 12288 Jul 13 00:29 admin/
drwxr-xr-x 3 killyour killyour 4096 Jul 6 08:08 album_mod/
drwxr-xr-x 174 killyour killyour 4096 Jul 10 05:22 Amod/
drwxr-xr-x 5 killyour killyour 4096 Jul 6 08:08 amod_files/
drwxr-xr-x 3 killyour killyour 4096 Jul 6 08:08 attach_mod/
drwxrwxrwx 4 killyour killyour 4096 Jul 17 18:00 backup/
-rw-r--r-- 1 killyour killyour 16387 Jul 17 15:46 ban.jpg
drwxr-xr-x 3 killyour killyour 4096 Jul 6 08:08 blocks/
drwxr-xr-x 2 killyour killyour 36864 Jul 13 18:48 cache/
drwxr-xr-x 4 killyour killyour 4096 Jul 6 08:08 captcha/
drwxr-xr-x 3 killyour killyour 4096 Jul 6 08:08 cgi-bin/
drwxr-xr-x 16 killyour killyour 4096 Jul 14 01:43 chat/
drwxr-xr-x 2 killyour killyour 4096 Jul 6 08:07 chatspot/
drwxr-xr-x 3 killyour killyour 4096 Jul 14 00:02 checkmypro/
drwxr-xr-x 7 killyour killyour 4096 Jul 6 08:08 ctracker/
drwxr-xr-x 2 killyour killyour 4096 Jul 6 08:08 db/
-rw-r--r-- 1 killyour killyour 477 Jul 14 01:07 DOCUMENTATION.txt
-rw-r--r-- 1 killyour killyour 69682 Jul 17 17:25 error_log
drwxr-xr-x 3 killyour killyour 4096 Jul 6 08:07 files/
drwxr-xr-x 2 killyour killyour 4096 Jul 6 08:07 game_root/
drwxr-xr-x 2 killyour killyour 4096 Jul 6 08:08 hl/
-rw-r--r-- 1 killyour killyour 4038 Jul 10 22:27 .htaccess
drwxr-xr-x 15 killyour killyour 4096 Jul 6 08:08 images/
drwxr-xr-x 4 killyour killyour 4096 Jul 14 04:09 includes/
-rw-r--r-- 1 killyour killyour 672 Jul 17 03:22 index.html
-rw-r--r-- 1 killyour killyour 228 Jul 12 02:15 info.txt
-rw-r--r-- 1 killyour killyour 1501 Jul 14 01:07 INSTALL.txt
drwxr-xr-x 2 killyour killyour 4096 Jul 8 08:52 invite/
-rw-r--r-- 1 killyour killyour 5276 Jul 14 01:07 JAVA SOCKET SERVER.txt
drwxr-xr-x 3 killyour killyour 4096 Jul 6 08:08 language/
drwxr-xr-x 7 killyour killyour 4096 Jul 6 08:08 mods/
drwxr-xr-x 17 killyour killyour 4096 Jul 6 08:08 modules/
-rw-r--r-- 1 killyour killyour 1490 Jul 13 04:06 ms-code.html
drwxr-xr-x 7 killyour killyour 4096 Jul 6 08:07 pafiledb/
-rw-r--r-- 1 killyour killyour 36288 Jul 17 03:21 photocopy.swf
-rw-r--r-- 1 killyour killyour 567 Jul 17 03:19 photocopy.txt
drwxr-xr-x 3 killyour killyour 4096 Jul 6 08:08 profilcp/
-rw-r--r-- 1 killyour killyour 1641 Jul 9 20:51 readhere.html
-rw-r--r-- 1 killyour killyour 1639 Jul 9 20:51 read.html
drwxr-xr-x 2 killyour killyour 4096 Jul 6 08:08 spelling/
drwxr-xr-x 4 killyour killyour 4096 Jul 14 00:54 src/
drwxr-xr-x 4 killyour killyour 4096 Jul 6 08:08 stats_mod/
drwxr-xr-x 8 killyour killyour 4096 Jul 6 08:08 templates/
drwxr-xr-x 3 killyour killyour 4096 Jul 10 23:41 upload/
drwxr-xr-x 2 killyour killyour 4096 Jul 17 12:39 var_cache/
drwxr-xr-x 4 killyour killyour 4096 Jul 6 08:07 xs_mod/
root@secure08 [/home/killyour/public_html]# chmod 000 ../public_html/
root@secure08 [/home/killyour/public_html]#

Posted: **Thu Jul 19, 2007 10:05 pm**

where is your site hosted?

Posted: **Thu Jul 19, 2007 11:56 pm**

http://www.hostito.com

Posted: **Fri Jul 20, 2007 12:00 am**

Hey, I just wondering about something that popped up on my mind, some of the .scripts they could type a link out and it'll take them to database information.

Some of the .scripts link is like this - http://yourdomain.com/index.php?id=999/ ... **/ALL/**/
null,null,null,null,null,value,null,null,null,null,null,null,null,null/**/FROM/**/settings--

Posted: **Fri Jul 20, 2007 7:38 am**

That looks like the same .script I got hit with, was your site defaced?

Posted: **Fri Jul 20, 2007 8:22 am**

yep it was, by thehacker on 2007/07/18 and his score card is....

Total attacks: 42944 of which 7072 single ip and 35872 mass defacements

Posted: **Sat Jul 21, 2007 8:52 pm**

"CaNNon";p="27460" wrote:yep it was, by thehacker on 2007/07/18 and his score card is....

Total attacks: 42944 of which 7072 single ip and 35872 mass defacements

Where did you find that?

Posted: **Sat Jul 21, 2007 10:25 pm**

don't matter, point is if you left anything at all open he was getting in.

Posted: **Sun Jul 22, 2007 4:00 am**

yep hackers are in full force trying to break 141 forums

Posted: **Sun Jul 22, 2007 4:04 am**

only sure fire was to stop them kind of folks is to work your way into their inner circle to ID who they are then let us know so we can arrange a lunch party and beat them till they got the IQ of a box of cereal.

Can't kill em, folks don't learn from that.

IntegraMOD

Integramod screwed up.

Integramod screwed up.

Re: Integramod screwed up.

Re: Integramod screwed up.

Re: Integramod screwed up.

Re: Integramod screwed up.