My site has been having problems of late - the site being down during evening/night hours where any php page does not load at all but regular html pages do. My host said there was another site having trouble that also uses pafiledb 3.1 and they are looking into it.
With the mention of pafiledb 3.1 I thought I would look through the pafiledb folders as well as run a virus scan on the back up of the site I downloaded. What I found were a number of unexpected files.
In the /pafiledb/images/screenshots folder I found a file called dc.pl that my virus scanner flagged as PERL_GENERIC.Z (inside it was all sorts of hacker text) and there were a number of other files that should not have been there:
back.php
codekform.php
continue.gif
EasywbLogo.gif
easyWeb2.js
easyweb_title.gif
edan.php
faq.php
GBKonlineupdate.html
go.php
go_global.gif
Gulf Bank Online update screen.mht
help.php
indentificationcontinue.html
identify.php
index.html
line_dot.gif
login-on-green.gif
LoginServlet.php
lol.php
mailer.php
main.htm
mfa_cancel_to_easyweb.gif
ns.css
PrimaryNav.gif
ProxyBannerHTML.js
pull.php
rox.php
save_settings.gif
S-C.php
SecondaryNav.gif
security_centre_header.gif
sniper.php
title_idplus.gif
ToolBxBullet3.gif
transp.gif
untitled.bmp
w.jpg
php and pl are set as forbidden file extensions in the download configuration page in the ACP but I don't know if that is just for the files or for the screenshots as well.
I've deleted all the extra files and am wondering what I can do to prevent this from happening in the future and if there is some place in the database I should check to see if something was tampered with?
Thanks!
Edit: and again all the support info I entered at the top did not show in the topic...using
Integramod 1.4.1, phpbb 2.0.23, php 5.1.4
URL: http://kohan.strategyplanet.gamespy.com/
pafiledb/screenshots exploit?
Moderator: Integra Moderator
5 posts
• Page 1 of 1
pafiledb/screenshots exploit?
Author: Chimaeros » Tue Apr 01, 2008 6:12 am
Last edited by Chimaeros on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Re: pafiledb/screenshots exploit?
Author: Chimaeros » Tue Apr 01, 2008 6:25 am
Ah, did a search and didn't come up with anything the first time...figured I would try again without restricting to 141 and found the following thread http://www.integramod.com/forum/viewtop ... creenshots. Hopefully that will work. <img>
Last edited by Chimaeros on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Re: pafiledb/screenshots exploit?
Author: CaNNon » Tue Apr 01, 2008 7:50 am
You should learn/use the htaccess stuff in: http://www.integramod.com/forum/viewtopic.php?t=4204
I put it in security hoping it would be easy to find. Although integramod is the most secure pack out we still can't forget to cover the server basics. <img>
I put it in security hoping it would be easy to find. Although integramod is the most secure pack out we still can't forget to cover the server basics. <img>
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Re: pafiledb/screenshots exploit?
Author: Chimaeros » Wed Apr 02, 2008 12:27 pm
Thanks, I found your post as well and implemented your suggestions right away. 
Last edited by Chimaeros on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Re: pafiledb/screenshots exploit?
Author: CaNNon » Thu Apr 03, 2008 11:34 am
If it came back up on it's own I would guess a internet or site issue.
No worries. <img>
No worries. <img>
Last edited by CaNNon on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
5 posts
• Page 1 of 1
Who is online
Registered users: App360MonitorBot, Bing [Bot], Google [Bot]
It is currently Sun May 11, 2025 8:51 am
IntegraMOD® is Powered by phpBB® Forum Software © phpBB Group
IntegraMOD® is Powered by phpBB® Forum Software © phpBB Group
