Greenguy's Board

Greenguy's Board (http://www.greenguysboard.com/board/index.php)
-   Link Lists & Getting Listed (http://www.greenguysboard.com/board/forumdisplay.php?f=7)
-   -   Trojan horse on my sites (http://www.greenguysboard.com/board/showthread.php?t=57745)

LD 2010-06-03 07:27 AM
Trojan horse on my sites
 
1 Attachment(s)
Avast is reporting problems on some of my sites:

Code:
http://www.lusciousdelights.com/
http://www.joyporn.net/
http://sleazyporntube.com/
http://www.pantyerotica.com/
http://fuckingfreeforall.com/
I am working on getting it fixed, sorry for the inconvenience.

Useless 2010-06-03 09:14 AM
I have AVG integrated with my Google search, and they're still saying your sites are safe, so that's good. As long as you get it fixed before Google begins de-listing you, you'll be fine. I clicked-through to all of them, and only the free for all site is popping something suspicious. Something about an unverified application attempting to run.

Cleo 2010-06-03 09:34 AM
1 Attachment(s)
Quote:
Originally Posted by Useless Warrior (Post 483143)
the free for all site is popping something suspicious. Something about an unverified application attempting to run.
This is it,
Code:










http://www.greenguysboard.com/board/...1&d=1275572048

LD 2010-06-03 10:37 AM
Chris at Colo-Cation is on it, looks like it's fixed. I just notified him this morning a little while ago, so it was a very quick response and fix.

It looks like someone uploaded something via ftp using my login. The interesting thing is, I recently entered my login info in the "hidden" area at JBM software's support forum for Jeremy to check something out. That's the only time I have ever given this info out...hmmm

cd34 2010-06-03 11:47 AM
That would explain the other client with tubex being compromised from the same IP.

LeRoy 2010-06-03 12:03 PM
Is this a tubex related incident or JBM Soft?

All of a sudden I'm a little worried now.

cd34 2010-06-03 12:16 PM
The hacker used the FTP username/password to modify a few files on the server. Generally when that happens, the username/password has been leaked somewhere through a keylogger/spyware/trojan or, like this case, a vendor storing the user/password/hostname in the clear somewhere.

When you give a password to a vendor, you should change it after they are done, or, change it to something, give it to them, and then change it after they are done.

You would be surprised at the frequency this happens.

Cleo 2010-06-03 12:22 PM
Quote:
Originally Posted by LeRoy (Post 483183)
Is this a tubex related incident or JBM Soft?
Quote:
Originally Posted by cd34 (Post 483185)
When you give a password to a vendor, you should change it after they are done, or, change it to something, give it to them, and then change it after they are done.
This is why I always add a user name with a temp password to my server that I then change after they are done.

I did this just last month after I wanted JBM Soft to take a look at my install of TubeX.

LD 2010-06-03 02:17 PM
Quote:
Originally Posted by cd34 (Post 483185)
The hacker used the FTP username/password to modify a few files on the server. Generally when that happens, the username/password has been leaked somewhere through a keylogger/spyware/trojan or, like this case, a vendor storing the user/password/hostname in the clear somewhere.

When you give a password to a vendor, you should change it after they are done, or, change it to something, give it to them, and then change it after they are done.

You would be surprised at the frequency this happens.
Thanks for getting fixed so quickly.

Guess you can't be too careful...live and learn.

SimonT 2010-06-03 03:43 PM
Had this happen to me too but not with JBM - created a temp ftp account and sure enough after the company had used it someone else sneaked in and installed a load of crap on the server.


All times are GMT -4. The time now is 06:25 AM.

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
© Greenguy Marketing Inc