- This topic is empty.
-
AuthorPosts
-
December 12, 2007 at 2:39 pm #756313
Anonymous
InactiveIf this guy truely came from VA he’s going to get some suprises
December 12, 2007 at 4:06 pm #756321
prettieMemberWell I told you that there is some cron job:)
December 12, 2007 at 5:50 pm #756333Anonymous
Inactivenot an actual cron job though

I see now in my FTP log (yes i didnt catch this to start with) im getting hex data transfered to my servers mail system – /home/account/mail/.Sent/cur/ and i am going to guess that is automatically processed as well into somthing.
user is from
inetnum: 117.0.0.0 – 117.7.255.255
netname: VIETEL-VNNIC-VN
descr: Vietel Corporation
descr: No 1, Giang Van Minh Street, Ba Dinh District, Hanoi City
country: VN
admin-c: LHN1-AP
tech-c: NMH2-AP
status: ALLOCATED PORTABLE
remarks: For spamming matters, mail to *****@viettel.com.vn
mnt-by: MAINT-VN-VNNIC
mnt-lower: MAINT-VN-VIETEL
mnt-routes: MAINT-VN-VIETELIm changing all passwords as we speak and will continue to monitor whats up.
December 12, 2007 at 8:23 pm #756348Anonymous
InactiveI pm’ed you a link which may help to find out what kind of attack this is and how to fix it.
December 12, 2007 at 9:24 pm #756353Anonymous
InactiveAs im going over the hacked links some really piss me off
like..
InetBet affiliate id 1471
December 12, 2007 at 9:54 pm #756356Anonymous
InactiveSomebody you know? Is that person on CAP?
December 13, 2007 at 2:46 am #756368Anonymous
Inactivenobody I know, and of course the affiliate managers can not reveal anyone.
December 13, 2007 at 11:22 pm #756462
supervinceMemberIt looks like the user found a phpbb vulnerability and is doing some XSS. I would search google for phpbb2 exploits and see what comes up. Maybe you will find a patch. If you can’t get it fixed and want to give someone else a shot then send me a pm and I can look into it.
December 13, 2007 at 11:42 pm #756466Anonymous
Inactiveno phpbb here

it all got moved to VB months ago when I had issues with it, they had access via http://FTP.. all new crptographical passwords accross the board now and heavy log monitoring has shown no more access as of yet
-
AuthorPosts