Clan Themes, We Make Clans Look Good!

CT on Facebook

Latest Product

Mech Warrior Online Xtreme Theme

User Box

Anonymous

38.107.179.219

PND Downloads Feed

How to Delete or Reset yo...

Lost your admin password ?Â Cant login to your admin account ? This s...

Back Online & Stuff

Look at us with our nifty website back up and running… Seriously...

How to edit the admins in...

Here is a way to make someone admin in your forums on your Evo site. I...

Demo Splash Screen

Ped @ Clan Themes has released a simple splash screen entrance hack.Â ...

Free Phpnuke Business The...

This is the 6th Business theme for Phpnuke that Clan Themes has releas...

Tricked Out Slider

We have seen some great new things come out of Tricked Out News and th...

Phpnuke Downloads

Custom Work

www.clanthemes.com :: View topic - phishing attack

phishing attack

8 Replies / 2284 Views


www.clanthemes.com Forum Index » General PhpNuke	View previous topic :: View next topic

best
Reputation: 25.4
Local time: 6:03 AM

Rocket Noob

0.02 posts per day
Medals: 0

Joined: May 24, 2008
Last Visit: 07 May 2010
Posts: 27
Points: 7689

phishing attack Posted: Sat Jul 12, 2008 2:18 pm
Shop Purchases:Multi-T3 Platinum 7.6.b.4 · Clan Roster 2.0

iam under phishing attack

every persmission 777 of uploads like avatar is being hacked
it happens all the time anyone a idea?

DreAdeDcoRpSE
Reputation: 2572.3
votes: 28
Local time: 6:03 AM
Location: Back of your Mind

Site Admin

1.36 posts per day
Medals: 3 (View more...)

Forums Moderator

Joined: Sep 22, 2007
Last Visit: 24 May 2012
Posts: 2331
Points: 136106

phishing attack Posted: Sat Jul 12, 2008 2:38 pm
Shop Purchases:Enemy Territory Theme (Aviator) for PHP Nuke · Clan Roster 2.0 · · Modern Warfare 3 Xtreme Theme

Change the permissions to 754.

A few things to look out for.

Go through your files, if you don't recognize that file, download it, it and check it out, if its nothing you uploaded, then get rid of it.

Look for files named th0ur0s.php, errors01.php, marlboro.php, ect...

These are known files that people upload to your site and have full access to your site. Go through the files in your root and check and make sure you know all of the files and they are all legit. I found they upload these files to your root and gives them full access to your site. The names of the files can be anything, those are just the ones I have seen on my site and others sites.

What version of nuke you running?
Are you updated to the latest patch?
Are you running the most updated version of Nuke Sentinel? (current version is 2.6.00)

floppy
Reputation: 2088.8
votes: 22
Local time: 6:03 AM
Location: Jackson Mississippi

Site Admin

1.17 posts per day
Medals: 2 (View more...)

Scripts/Coder

Joined: Nov 14, 2006
Last Visit: 03 May 2012
Posts: 2353
Points: 132516

Re: phishing attack Posted: Sat Jul 12, 2008 2:51 pm
Shop Purchases:Clan Roster 2.0 · Multi Gaming (Warrior) Evo Theme · COD6 ModernWarfare 2 Teaser Splash Screen · Left for Dead Evo Extreme Version

Also if your forced to use a 777 directory, make sure it has an .htaccess or index.html.

.htaccess is more secure.

Phpnuke Downloads | VMaxxRx Male Enhancement

best
Reputation: 25.4
Local time: 6:03 AM

Rocket Noob

0.02 posts per day
Medals: 0

Joined: May 24, 2008
Last Visit: 07 May 2010
Posts: 27
Points: 7689

phishing attack Posted: Sat Jul 12, 2008 3:47 pm
Shop Purchases:Multi-T3 Platinum 7.6.b.4 · Clan Roster 2.0

i use phpnuke platenium 7.6.b.4v2

Van: afcc@rsasecurity.com [mailto:afcc@rsasecurity.com]
Verzonden: woensdag 9 juli 2008 17:15
Aan: info@euroaccess.nl
Onderwerp: Fraudulent site, please shut down! [RBC 5888] DOMAIN: mydomain.com IP: **.**.**.**

Dear Sirs:
RSA , an anti-fraud and security company, is under contract to assist Royal Bank of Canada and its related entities (“RBC”) - A leading Canadian bank - in preventing or terminating online activity that targets RBC’s clients as potential fraud victims.

RSA has been made aware that you appear to be providing Internet Services to a fraudulent Web site, which is part of a “phishing scam”*. This activity violates RBC’s copyright, trademark and other intellectual property rights and may violate the criminal laws of Canada, the United States and other nations.

E-mail messages have been broadly distributed to individuals by a person or entity pretending to be RBC. These e-mails use RBC’s name and identity (including trademarks) without authorization. The e-mails request recipients to verify and submit sensitive details related to their RBC accounts.

Within the fraudulent e-mail message, there is a link that leads the recipients to a fraudulent website displaying RBC’s copyrighted materials and trademarks. The fraudulent website is located at the following URL address http://www.mysite.com/files/thumbs/rbunxcgi.php ) to which you provide services and which is under your control.

The fraudulent website not only represents a misuse of RBC’s intellectual property; its purpose is to improperly obtain personal information of RBC customers in order to fraudulently access their bank accounts. The people behind those websites typically perpetrate identity-theft related activities, such as using customer’s credit cards or bank accounts without authorization. In addition, since the vast majority of all of the e-mails are not being sent to actual RBC customers, the actions serve to damage the reputation and image of RBC.

Please take all necessary steps to immediately shut down the fraudulent website, terminate its availability to the Internet and discontinue the transmission of any e-mails associated with this website.

We understand that you may not be aware of this improper use of your services and we appreciate your cooperation. We specifically would ask that you also take the following actions:

• Please provide us with a tar/zip file of the source code for this site, so that we may analyze it to help prevent further attacks.

• If any customer data has been captured that is stored on your systems or equipment, please send us that data so that the customers to whom that data relates can be notified and take steps to protect their credit.

• Please provide a copy of any records you maintain that indicate the name, contact information, method of payment or similar information that may be useful in helping learn the identity and location of the customer for whom the website has been operated.

Thank you for your cooperation to prevent and terminate this fraudulent activity.

Sincerely,
RSA Anti Fraud Command Center
Tel: +44(0)800-032-7751 (UK)
Tel: +1-866-408-7525 (US)
Tel: + 1-800-406-8651 (CA)
Fax: +972-9-9728101 (EU)
Fax: +1-212-208-4644 (US)
E-mail:afcc@rsasecurity.com

http://www.rsa.com

For more information about RSA's AFCC http://www.rsa.com/node.aspx?id=3348

cc: Royal Bank of Canada
Computer Security Incident Response Team, RBC Information Security Services
Address: 315 Front St. W. - 13th Flr, Toronto, Ontario M5V 3A4
Tel: +1 - 416-348-4498

Fax: +1 - 416-348-2751

Email: CSIRT@rbc.com

*”Phishing" is an e-mail scam that attempts to trick consumers into revealing personal information, such as their credit or debit account numbers, checking account information, Social Security Numbers, or banking account passwords, through an imposter’s Web site or in a reply e-mail. 67-

-----------------

My name is Bluma Powell and I work for BrandProtect, an online brand protection company. I am contacting you on behalf of our client, TD Bank Financial Group, who is experiencing a phishing attack that is being perpetrated by a website that lists you as the registered owner of the domain.

Due to the fraudulent nature of this webpage, TD Bank Financial Group requires that the site or the page be shut down immediately.

Domain: mysite.com
Suspect URL: http://www.mysite/modules/Forums/images/avatars/banking.html & http://www.mysite.com/files/thumbs/rbunxcgi.php

Please have one of your staff contact me at bpowell@brandprotect.com or +1.905.271.3725 to confirm that you have received this e-mail and update me on the status of shutting down the fraudulent site.

Please also let us know if any log files containing account information pertaining to TD Bank Financial Group customers have been located. If so, we will put you in direct contact with TD Bank Financial Group for further investigation.

Thank you

Bluma Powell | Incident Response Analyst | BD-BrandProtect | Tel: +1.905.271.3725 | bpowell@bdbrandprotect.com
[1999466]

DreAdeDcoRpSE
Reputation: 2572.3
votes: 28
Local time: 6:03 AM
Location: Back of your Mind

Site Admin

1.36 posts per day
Medals: 3 (View more...)

Forums Moderator

Joined: Sep 22, 2007
Last Visit: 24 May 2012
Posts: 2331
Points: 136106

phishing attack Posted: Sat Jul 12, 2008 4:11 pm
Shop Purchases:Enemy Territory Theme (Aviator) for PHP Nuke · Clan Roster 2.0 · · Modern Warfare 3 Xtreme Theme

Yeup, that is the back that was being phishing on my site. As I said, your best bet is to go through and remove all files you didnt upload. If your site is not to far in development, then I suggest switching CMS. I am not sure, but I think Nuke Evolution has a way to convert to Evolution but also keep the users, and database information. But unfortunately you will not save any of the blocks/modules. Blocks may be as easy as a simple edit. Not 100% sure. your best bet is talk to Bayler if you decide to go that root. As Floppy said, the .htacess is another safe bet. But I don't think that person is just getting through the upload.

best
Reputation: 25.4
Local time: 6:03 AM

Rocket Noob

0.02 posts per day
Medals: 0

Joined: May 24, 2008
Last Visit: 07 May 2010
Posts: 27
Points: 7689

phishing attack Posted: Sat Jul 12, 2008 7:05 pm
Shop Purchases:Multi-T3 Platinum 7.6.b.4 · Clan Roster 2.0

htaccess how does it work how do i make one where do i put it in
if i change 777 permission to 754 am i still able to upload in uploads folder?

and why get my website hacked with permision 777 and other not with same nuke version and permission ?

DreAdeDcoRpSE
Reputation: 2572.3
votes: 28
Local time: 6:03 AM
Location: Back of your Mind

Site Admin

1.36 posts per day
Medals: 3 (View more...)

Forums Moderator

Joined: Sep 22, 2007
Last Visit: 24 May 2012
Posts: 2331
Points: 136106

phishing attack Posted: Sat Jul 12, 2008 7:33 pm
Shop Purchases:Enemy Territory Theme (Aviator) for PHP Nuke · Clan Roster 2.0 · · Modern Warfare 3 Xtreme Theme

I have no folder with the permission of 777, The highest I run is 754.

nikserver
Reputation: 5.7
Local time: 6:03 AM
Location: proxy

Noob

0.01 posts per day
Medals: 0

Joined: Mar 14, 2008
Last Visit: 12 Sep 2008
Posts: 14
Points: 100

phishing attack Posted: Sat Jul 12, 2008 7:47 pm

hmmmmm

best
Reputation: 25.4
Local time: 6:03 AM

Rocket Noob

0.02 posts per day
Medals: 0

Joined: May 24, 2008
Last Visit: 07 May 2010
Posts: 27
Points: 7689

phishing attack Posted: Sun Jul 13, 2008 10:22 am
Shop Purchases:Multi-T3 Platinum 7.6.b.4 · Clan Roster 2.0

this is what i must do after installation
i will try 754 than

------------------------

Setting PHP-Nuke Platinum Permissions
/
Setting Persmissions - Please Wait ...

Attempting to set permissions on folder /files to 777...Failed. Please perform this step manually.
Attempting to set permissions on folder /includes/ps_upload to 777...Failed. Please perform this step manually.
Attempting to set permissions on file /includes/smtp.php to 666...Failed. Please perform this step manually.
Attempting to set permissions on file /config.php to 644...Failed. Please perform this step manually.
Attempting to set permissions on folder /modules/Classifieds/imageads to 777...Failed. Please perform this step manually.
Attempting to set permissions on folder /modules/Classifieds/imagecatg to 777...Failed. Please perform this step manually.
Attempting to set permissions on folder /modules/Forums/cache to 777...Failed. Please perform this step manually.
Attempting to set permissions on folder /modules/Forums/images/avatars to 777...Failed. Please perform this step manually.
Attempting to set permissions on file /modules/Forums/language/lang_english/lang_faq.php to 666...Failed. Please perform this step manually.
Attempting to set permissions on file /modules/Forums/language/lang_english/lang_rules.php to 666...Failed. Please perform this step manually.
Attempting to set permissions on folder /modules/Supporters/images/supporters to 777...Failed. Please perform this step manually.
Attempting to set permissions on folder /modules/Universal/images/uploaded to 777...Failed. Please perform this step manually.

Double check that all permissions were successfully set.

*** IMPORTANT IMPORTANT IMPORTANT ***
Once you have completed the remaining steps, Delete the "SETPERMISSIONS.PHP" file and the INSTALL directory.
Close this Window to return to the Installer.

www.clanthemes.com Forum Index » General PhpNuke

8 Replies / 2284 Views
Page 1 of 1
All times are GMT

Display posts from previous:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum

Company Information
Home · About Us · Affiliates · Advertising
Link To Us · Newsletter · Contact Us · Site Map
All content © Clan Themes 2006 - 2012
Based on RavenNuke

Clan Themes, We Make Clans Look Good!

Sponsors

CT on Facebook

Latest Product

User Box

PND Downloads Feed

Custom Work