Thread: Paying 250 to replicate and fix donation bug system

Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14
  1. #11  
    Extreme Donator

    woof woof bish's Avatar
    Join Date
    May 2011
    Age
    26
    Posts
    2,444
    Thanks given
    2,212
    Thanks received
    1,019
    Rep Power
    5000
    Is he changing the donation price on your homepage? Check and let me know, same happened to me.
    Reply With Quote  
     

  2. #12  
    Respected Member


    Join Date
    Jan 2009
    Posts
    5,743
    Thanks given
    1,162
    Thanks received
    3,603
    Rep Power
    5000
    Quote Originally Posted by Project View Post
    What type of shells and how were they being executed?
    https://pastebin.com/07sttVKs

    the usual hackforum stuff, this code was gzipped and base64 decoded 4 times, most likely to try hide it. he switched webhosts just after this happened, so I don't have any logs of how these files got there to begin with, based on directories it was placed, an IPB exploit when he was using nulled IPB.
    Reply With Quote  
     

  3. #13  
    Donator

    LionLF's Avatar
    Join Date
    Aug 2017
    Posts
    234
    Thanks given
    76
    Thanks received
    76
    Rep Power
    115
    Quote Originally Posted by Spooky View Post
    https://pastebin.com/07sttVKs

    the usual hackforum stuff, this code was gzipped and base64 decoded 4 times, most likely to try hide it. he switched webhosts just after this happened, so I don't have any logs of how these files got there to begin with, based on directories it was placed, an IPB exploit when he was using nulled IPB.
    is there any tool to find shells on your website? I remember having exactly same issue lmao
    Reply With Quote  
     

  4. #14  
    Respected Member


    Join Date
    Jan 2009
    Posts
    5,743
    Thanks given
    1,162
    Thanks received
    3,603
    Rep Power
    5000
    Quote Originally Posted by zukke View Post
    is there any tool to find shells on your website? I remember having exactly same issue lmao
    Good web hosts already do this for you, some will even patch your software for you. If you must use PHP then you should disable functions which you do not need and could cause malicious code to run, a good example would be shell_exec. Finding such scripts as these is as simple as doing a grep on the user folder looking for these functions.

    Code:
    set_ini,php_uname,getmyuid,getmypid,passthru,leak,listen,diskfreespace,tmpfile,link,ignore_user_abord,shell_exec,dl,set_time_limit,exec,system,highlight_file,source,show_source,fpaththru,virtual,posix_ctermid,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix,_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_times,posix_ttyname,posix_uname,proc_open,proc_close,proc_get_status,proc_nice,proc_terminate,phpinfo,popen,parse_ini_file,allow_url_fopen,allow_url_include,pcntl_exec,chgrp,chmod,chown,lchgrp,lchown,putenv
    also eval() when possible.
    Reply With Quote  
     

  5. Thankful users:


Page 2 of 2 FirstFirst 12

Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. Paying someone to do my auto donate and vote
    By Dizzy King in forum Requests
    Replies: 3
    Last Post: 09-19-2013, 05:26 AM
  2. Paying someone to host and make my 317 server
    By Blood-rain in forum Buying
    Replies: 3
    Last Post: 03-10-2012, 06:25 PM
  3. Replies: 2
    Last Post: 12-28-2011, 06:48 PM
  4. Replies: 0
    Last Post: 10-25-2011, 12:49 AM
  5. Paying for Auto-Vote and Auto-Donate
    By football1smylife in forum Help
    Replies: 5
    Last Post: 01-22-2011, 08:44 PM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •