hello
I am using integramod 141 quite a while. Few days ago the company that hosts my site deactivate it for security reasons. They told me that probably someone hacked it and sent lots of spam emails. They emailed me a sample of the server's log
Possible Scripts:
/home/nikoz/public_html/IM141/cache/tpl_Integra2.admin.blocks_edit_body.php
/home/nikoz/public_html/IM141/cache/tpl_Integra2.posting_body.php
/home/nikoz/public_html/IM141/cache/tpl_subBlack.posting_body.php
/home/nikoz/public_html/IM141/cache/tpl_Integra2.profilcp.profil_signature_body.php
/home/nikoz/public_html/IM141/cache/tool.php
/home/nikoz/public_html/IM141/cache/tpl_EQ2.profilcp.profil_signature_body.php
Sample of the first 10 emails:
2008-05-16 18:30:36 1Jx1tE-0001f9-FW <= [url=mailto:nikoz@minoan.hostsun.com]nikoz@minoan.hostsun.com[/url] U=nikoz P=local S=2710 T="URGENT SOFTWARE UPGRADE"
2008-05-16 18:30:36 1Jx1tE-0001fN-SH <= [url=mailto:nikoz@minoan.hostsun.com]nikoz@minoan.hostsun.com[/url] U=nikoz P=local S=2704 T="URGENT SOFTWARE UPGRADE"
They told me if there is any way to block one of these possible scipts that used to send the spam emails.
Any idea what should i do? (My site is still susspended until i fix it)
Thanx a lot in advance
lots of spam emails
Moderator: Integra Moderator
2 posts
• Page 1 of 1
lots of spam emails
Author: nikoz » Fri Jun 06, 2008 10:51 am
Last edited by nikoz on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Re: lots of spam emails
Author: Helter » Fri Jun 06, 2008 4:52 pm
/home/nikoz/public_html/IM141/cache/tool.php
this is not from the IM141 package. have you added any mods?
you can disable sending emails from the acp, but if a .script has been uploaded to send emails, disabling it from the acp will not stop it.
check in root/pafiledb/images/screenshots/ for any file without an image suffix...ie .gif, .png, .jpg ..etc.
you will also have an index.html but anything with a file extension such as .php should not be there.
one thing you can do is to upload a new integramod folder and copy these files from your original IM to your new one
config.php
album_mod/upload/
backup/
files/
images/avatars/
includes/def_auth.php
includes/def_qbar.php
includes/def_themes.php
includes/def_tree.php
includes/phpbb_security.php
pafiledb/uploads/
now, once all is working, make a local backup of your old site in case there are files you may need, then delete your old site from your webserver. If your still sending mail, then chances are that your hosting account, or the server itself has been hacked, and not your IM141 installation
this is not from the IM141 package. have you added any mods?
you can disable sending emails from the acp, but if a .script has been uploaded to send emails, disabling it from the acp will not stop it.
check in root/pafiledb/images/screenshots/ for any file without an image suffix...ie .gif, .png, .jpg ..etc.
you will also have an index.html but anything with a file extension such as .php should not be there.
one thing you can do is to upload a new integramod folder and copy these files from your original IM to your new one
config.php
album_mod/upload/
backup/
files/
images/avatars/
includes/def_auth.php
includes/def_qbar.php
includes/def_themes.php
includes/def_tree.php
includes/phpbb_security.php
pafiledb/uploads/
now, once all is working, make a local backup of your old site in case there are files you may need, then delete your old site from your webserver. If your still sending mail, then chances are that your hosting account, or the server itself has been hacked, and not your IM141 installation
Last edited by Helter on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
"Success is getting what you want. Happiness is wanting what you get." - Dale Carnegie
2 posts
• Page 1 of 1
Who is online
Registered users: App360MonitorBot, Bing [Bot], Google [Bot], Majestic-12 [Bot]
It is currently Fri May 09, 2025 12:46 pm
IntegraMOD® is Powered by phpBB® Forum Software © phpBB Group
IntegraMOD® is Powered by phpBB® Forum Software © phpBB Group
