IntegraMOD

Home of phpBB Integrated Modifications
https://www.integramod.com/forum/

lots of spam emails

https://www.integramod.com/forum/viewtopic.php?f=18&t=5002

Page 1 of 1

lots of spam emails

PostPosted: Fri Jun 06, 2008 10:51 am
Author: nikoz
hello
I am using integramod 141 quite a while. Few days ago the company that hosts my site deactivate it for security reasons. They told me that probably someone hacked it and sent lots of spam emails. They emailed me a sample of the server's log

Possible Scripts:

/home/nikoz/public_html/IM141/cache/tpl_Integra2.admin.blocks_edit_body.php
/home/nikoz/public_html/IM141/cache/tpl_Integra2.posting_body.php
/home/nikoz/public_html/IM141/cache/tpl_subBlack.posting_body.php
/home/nikoz/public_html/IM141/cache/tpl_Integra2.profilcp.profil_signature_body.php
/home/nikoz/public_html/IM141/cache/tool.php
/home/nikoz/public_html/IM141/cache/tpl_EQ2.profilcp.profil_signature_body.php

Sample of the first 10 emails:

2008-05-16 18:30:36 1Jx1tE-0001f9-FW <= [url=mailto:nikoz@minoan.hostsun.com]nikoz@minoan.hostsun.com[/url] U=nikoz P=local S=2710 T="URGENT SOFTWARE UPGRADE"
2008-05-16 18:30:36 1Jx1tE-0001fN-SH <= [url=mailto:nikoz@minoan.hostsun.com]nikoz@minoan.hostsun.com[/url] U=nikoz P=local S=2704 T="URGENT SOFTWARE UPGRADE"

They told me if there is any way to block one of these possible scipts that used to send the spam emails.

Any idea what should i do? (My site is still susspended until i fix it)
Thanx a lot in advance

Re: lots of spam emails

PostPosted: Fri Jun 06, 2008 4:52 pm
Author: Helter
/home/nikoz/public_html/IM141/cache/tool.php

this is not from the IM141 package. have you added any mods?
you can disable sending emails from the acp, but if a .script has been uploaded to send emails, disabling it from the acp will not stop it.

check in root/pafiledb/images/screenshots/ for any file without an image suffix...ie .gif, .png, .jpg ..etc.
you will also have an index.html but anything with a file extension such as .php should not be there.

one thing you can do is to upload a new integramod folder and copy these files from your original IM to your new one
config.php
album_mod/upload/
backup/
files/
images/avatars/
includes/def_auth.php
includes/def_qbar.php
includes/def_themes.php
includes/def_tree.php
includes/phpbb_security.php
pafiledb/uploads/

now, once all is working, make a local backup of your old site in case there are files you may need, then delete your old site from your webserver. If your still sending mail, then chances are that your hosting account, or the server itself has been hacked, and not your IM141 installation
All times are UTC - 8 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/