Ohai. Today a guy named "Baku" hacked my computer and OTS. Ive noticed that there is another GOD on my ots besides me, so something was wrong. He was able to create/open/delete files from my desktop, besides that he created himself a GOD char. I scanned my computer with avast/spybot sd and no viruses were found. I have COMODO firewall, no idea how he hacked through. Any tips how to prevent something like that, how to configure firewall or sth? I changed my ip so I think Im safe for now. HELP PLZ, if u will help me I'm giving rep+ and gm on my ots (if any1 cares about that).
Windows Whole computer & OTS hacked HALP *begs*
- Thread starter lycefur
- Start date
Sonical
Inactive
http://otland.net/f14/pot-security-warning-36593/
http://otland.net/f14/warning-everyone-whos-running-xampp-15321/
http://otland.net/f479/gesior-aac-exploits-all-versions-76074/
Change your latestnews to this
[News tickers disabled, one backdoor was here]
http://otland.net/f14/warning-everyone-whos-running-xampp-15321/
http://otland.net/f479/gesior-aac-exploits-all-versions-76074/
Change your latestnews to this
PHP:
<?PHP
//######################## SHOW TICKERS AND NEWS #######################
$main_content .= ' </tr>
</table>';
if($group_id_of_acc_logged >= $config['site']['access_admin_panel']){$main_content .= '<a href="?subtopic=forum&action=new_topic§ion_id=1">Add new news</a>';}
$zapytanie = $SQL->query("SELECT `z_forum`.`post_topic`, `z_forum`.`author_guid`, `z_forum`.`post_date`, `z_forum`.`post_text`, `z_forum`.`id`, `z_forum`.`replies`, `players`.`name` FROM `z_forum`, `players` WHERE `section` = '1' AND `z_forum`.`id` = `first_post` AND `players`.`id` = `z_forum`.`author_guid` ORDER BY `post_date` DESC LIMIT 3;")->fetchAll();
foreach ($zapytanie as $row)
{
$BB = array(
'/\[b\](.*?)\[\/b\]/is' => '<strong>$1</strong>',
'/\[quote\](.*?)\[\/quote\]/is' => '<table cellpadding="0" style="background-color: #c4c4c4; width: 480px; border-style: dotted; border-color: #007900; border-width: 2px"><tr><td>$1</td></tr></table>',
'/\[u\](.*?)\[\/u\]/is' => '<u>$1</u>',
'/\[i\](.*?)\[\/i\]/is' => '<i>$1</i>',
'/\[url](.*?)\[\/url\]/is' => '<a href=$1>$1</a>',
'/\[img\](.*?)\[\/img\]/is' => '<img src=$1 alt=$1 />',
'/\[player\](.*?)\[\/player\]/is' => '<a href='.$server['ip'].'?subtopic=characters&name=$1>$1</a>',
'/\[code\](.*?)\[\/code\]/is' => '<div dir="ltr" style="margin: 0px;padding: 2px;border: 1px inset;width: 500px;height: 290px;text-align: left;overflow: auto"><code style="white-space:nowrap">$1</code></div>'
);
$message = preg_replace(array_keys($BB), array_values($BB), nl2br($row['post_text']));
$main_content .= '<div class=\'NewsHeadline\'>
<div class=\'NewsHeadlineBackground\' style=\'background-image:url('.$layout_name.'/images/news/newsheadline_background.gif)\'>
<table border=0><tr><td><img src="'.$layout_name.'/images/news/icon_1.gif" class=\'NewsHeadlineIcon\' alt=\'\' />
</td><td><font color="'.$layout_ini['news_title_color'].'">'.date('d.m.y H:i:s', $row['post_date']).' - <b>'.$row['post_topic'].'</b></font></td></tr></table>
</div>
</div>
<table style=\'clear:both\' border=0 cellpadding=0 cellspacing=0 width=\'100%\'><tr>
<td><img src="'.$layout_name.'/images/global/general/blank.gif" width=10 height=1 border=0 alt=\'\' /></td>';
if($group_id_of_acc_logged >= $config['site']['access_admin_panel'])
{
$main_content .='<td width="100%">'.$message.'<br><h6><i>Posted by </i><font color="green">'.$row['name'].'</font></h6><p align="right"><a href="?subtopic=forum&action=remove_post&id='.$row['id'].'"><font color="red">[Delete this news]</font></a> <a href="?subtopic=forum&action=edit_post&id='.$row['id'].'"><font color="green">[Edit this news]</font></a> <a href="?subtopic=forum&action=show_thread&id='.$row['id'].'">Comments: '.$row['replies'].'</a></p>';
}
else
{
$main_content .='<td width="100%">'.$message.'<br><h6><i>Posted by </i><font color="green">'.$row['name'].'</font></h6><p align="right"><a href="?subtopic=forum&action=show_thread&id='.$row['id'].'">Comments: '.$row['replies'].'</a></p>';
}
$main_content .= '</td>
<td><img src="'.$layout_name.'/images/global/general/blank.gif" width=10 height=1 border=0 alt=\'\' /></td>
</tr></table>';
}
?>Thanks, but was that possible to gain access to my desktop through these exploits?? I removed PMA user before, so maybe was that POT/newsticker exploit? I hope so. Ty a lot Sonical, I'm open for more tips tho.
Sonical
Inactive
Maybe he had access to your computer through one of those backdoors and he/she installed a rootkit tool to your computer, I really recommend you to run Hijackthis virus tool and send the log which it gave to forum that is meant to be Hijac-log analyzing forum 
Also one of the best scan tool is Malvarebytes-Anti malvare
Also one of the best scan tool is Malvarebytes-Anti malvare
Hermes
dziwki kola gramy w lola
Indeed. It's just one tiny shell file that allows you to do everything. And you can put the shell into the victim's computer via (even) pma account on your phpMyAdmin. So I suggest also changing the directory of phpMyAdmin.
Avast found nothing, Spybot S&D found nothing, Malwarebytes' Anti-Malware found nothing, HijackThis found only low risk things. I enabled router firewall and changed Comodo firewall's settings to highest protection. Removed all known (and posted above) exploits. I Hope I'm safe now, and if 4 antiviruses haven't found any backdoor or virus it must mean that my computer is safe in that case. Ty all.
Cykotitan
Experienced G'
- Joined
- Nov 4, 2008
- Messages
- 16,892
- Solutions
- 5
- Reaction score
- 849
access to phpMyAdmin is only allowed for localhost by default
