Windows ZnoteAAC X Hack :(

[magmaguz]

I have a server online using ZnoteAAC

Znote got any error to invade the site? because hack change "admin_painel_acess" and deleted all news website, later change acc for acess 6 and logged in server and fucked my ot

what i do to protect this?

 

[magmaguz]

i need help!

 

[magmaguz]

i was hacked AGAIN

check: http://tibiaclassic.com/sub.php?page=news

 

[dominique120]

Give us more info. What version of Znote's aac are you using? maybe try another template check you access logs, maybe someone has access to the server or the database and they where able to get your password or set their account as admin.

 

[magmaguz]

i guess Znote TFS 1.0.
how i check this acess logs?

 

[Cornex]

I have a server online using ZnoteAAC

Znote got any error to invade the site? because hack change "admin_painel_acess" and deleted all news website, later change acc for acess 6 and logged in server and fucked my ot

what i do to protect this?

Znote AAC do not even use table "admin_panel_access" as far I know.
Are you sure you use ZnoteAAC? If yes, where have you download it? Did anyone send it for you?

 

[dominique120]

What OS are you using?

 

[Amoaz]

PM me with your website and Ill sort it for you.

I dont believe you use a genuine version of ZnoteAAC, what version are you using?

 

[Znote]

They changed $config['page_admin_access']?
Which custom scripts are you using on Znote AAC?

There are several sites who have used Znote AAC for a long time now, for instance http://dalerium.net/
They havent reported any security threats to me. And all default Znote AAC code is sanitized.

Who have you been working with on this OT? Have trusted anyone enough to give them access to your computer?

All official versions of Znote AAC, even the first released one (Znote AAC 1.0) is still considered secure.

Your domain is tibiaclassic.com? Am I right to assume you are using a custom Znote AAC version for client 7.4-7.72?
These versions are not released by me, and I am not responsible for any security holes those versions contain.

 

[magmaguz]

What OS are you using?

in my PC Windows 7, host is Windows server 2003

 

[magmaguz]

They changed $config['page_admin_access']?
Which custom scripts are you using on Znote AAC?

There are several sites who have used Znote AAC for a long time now, for instance http://dalerium.net/
They havent reported any security threats to me. And all default Znote AAC code is sanitized.

Who have you been working with on this OT? Have trusted anyone enough to give them access to your computer?

All official versions of Znote AAC, even the first released one (Znote AAC 1.0) is still considered secure.

Your domain is tibiaclassic.com? Am I right to assume you are using a custom Znote AAC version for client 7.4-7.72?
These versions are not released by me, and I am not responsible for any security holes those versions contain.

Znote got skype?

 

[Milice]

Windows server. Are you using XAMPP? in that case the vulnerability might not be in the AAC itself but maybe a WebDav accesspage or PhpMyAdmin.

 

[Mokerhamer]

He's using default encryption "Plain" goto config.lua and change encryption from plain to "sha1". dont forget to completly reinstall your website just to be sure it will work correctly.

 

[Amoaz]

He's using default encryption "Plain" goto config.lua and change encryption from plain to "sha1". dont forget to completly reinstall your website just to be sure it will work correctly.

Welp. Its great that you are trying to help but this wont help at all.

As Ive already told you in PM, just send me the info and Ill show you the vulnerabilities. If it's related to ZnoteAAC (which I highly doubt) I will also fix it for you and make sure Znote knows about it.