Spudman

hey,

Is http://comusthumbs.com/ down for you guys? I can't access it.

__________________
Take it Easy !!!

hjnet

Yes, looks like their Server is down

fpforum

Yup, the site is down here in central USA as well!

__________________

Spudman

Guessing this is the end of comus then. After this last hack i'm never using comus again anyway. I dont think the owner has giving a shit about comus for years now.

__________________
Take it Easy !!!

Darkhorse

Have to agree, I used it when it first came out oh so many years ago. Now fuck that shit smart thumbs is way to go....

Bhunter

even after deleting CT folder in your root and switichig to ST, the exploit code returns.

I'm done with CT

hjnet

Maybe some script runs on your server that constantly inserts that code. Check your Server for files that have been changed on or around the date when the exploit first appeared

Bhunter

yup I'm affraid that's the case. working on it ;)

Davy

Weird. I only checked the site of comusthumbs a couple of days ago...

Anybody want to buy two spare comus licenses?

__________________
---
ICQ 14-76-98 <-- I don't use this at all

Bhunter

yesterday the site was up, but nobody in the forum mentioned about the hack

Spudman

you have to change the permissions of ST after the install, the standard permissions are still vulnerable to the hack. I finally have a safe working version of ST on my server now and a script that will update all my new installs of ST to correct, safe permissions.

I installed ST to replace CT and it was hacked within about 2 mins until i did the above. Its a bitch of a hack

__________________
Take it Easy !!!

Bhunter

did you set it to 755?

katharos

the power of hackers ... there is always someone better, and if hackers want to put something down, they will find a way, and looks like its working ...

HEAT

Comus users, if you looking to buy ST license for migraton I found a great deal here.
http://www.gfy.com/sell-and-buy-forum/917058-wts-smart-thumbs-licenses.html

__________________
254-282-542

area51 - BANNED FOR LIFE

oh well, shit hasn't been updated forever, what do you expect to happen

Davy

Assuming there is a hack and that it is based on permissions, the comus staff is to blame.
They always advised people to "just chmod the whole comus folder to 777".
That's never a good idea. People should not have followed that advise in the first place.

__________________
---
ICQ 14-76-98 <-- I don't use this at all

HEAT

You need to scan your PC first. the hacker might own your ftp login already.
I'm sure hacker running remote script that stored your login info. so it frequently injects JS/iframs code into your site files.

Clean your PC with anti-spyware then change all server passwords.
after that, remove the code in all files with text editor. Don't open infected webpages with browser until all removal is done.

it did work for me.

__________________
254-282-542

pornguy

man it sucks to see such a great program go.

__________________
PornGuy skype me pornguy_epic

AmateurDough The Hottes Shemales online!
TChicks.com | Angeles Cid | Mariana Cordoba | MAILERS WELCOME!

Spudman

yeah done that, cleaned machine, changed all passwords, removed infected code from all pages but it still managed to spread to clean pages in a couple of minutes. thanks to my host we've got it locked down now and its not spreading.
Now i have to repair the sites and install ST over 40 times to replace CT

__________________
Take it Easy !!!

Spudstr

Also need to check for malisious bots/programs running hidden as httpd. Easy to find if you do a ps auxwwwww and see something like [httpd] or related then followed by a blank line under it and some random word like start or log etc.

Also please check your /tmp folder so its set to noexec so pearl scripts cannot be ran out of this location after being uploaded.

I can go on and on but thats the jist of it.

__________________
Managed Hosting - Colocation - Network Services
Yellow Fiber Networks
icq: 19876563

Lace

Just checked one of my comus sites and sure enough - i've got the code being injected as well. Boo

__________________
Your Paysite Partner
Strength In Numbers!
StickyDollars | RadicalCash | KennysPennies | HomegrownCash

Spudman

Anyone using Comus needs to get rid of it quickly if they haven't already been infected. Specially as it looks like its now a dead script.

sorry to here you got the hack, good luck getting rid of it.

__________________
Take it Easy !!!

brassmonkey

i said months ago ct was gone

__________________
TRUMP 2025 KEKAW!!! - The Laken Riley Act Is Law!
DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com

smoothballs

grrrr dont even know where to start right now! need to get ST installed but also get all the links to trades,sponsors ect copied and pasted to hard drive! and reading about the exploit returning after a ST install! fuck its gonna be a long weekend for me! as well as for you guys!

smoothballs

fuck sake, cant even get pass install.php for smart thumbs here!

Altheon

Anyone know how to tighten Comus if we haven't been hacked yet? All I could think to do is change the permissions of the CT folder to 755.

smoothballs

My hosts require 755 and still didnt stop my sites getting hacked....although I must add my sites seems to try and redirect rather then actual malicious code embedded in my html....

smoothballs

finally got thru to ST and having a go with with it to see what does what...kinda similar to comus but different interface....will be a few days till I can get my head round it and be up and running...hopefully!

boneless

so you failed to read my topic called important info ;)

__________________
icq:148573096 skype:dabone2 email:boneless(a)mgpteam(.)com

boneless

wanna trade places and do my 100+ :D

__________________
icq:148573096 skype:dabone2 email:boneless(a)mgpteam(.)com

Spudman

I feel your pain bro I really do, give sixzeros a slap if you ever speak to him again ! Thanks for your help through out my conus days dude, you were a star! Good luck with the sites

__________________
Take it Easy !!!

Bhunter

... hmmm. now i remember there was such thread but i must have in hurry overlook it's content

beta-tester

too bad for comus... It was pretty good script.

I guess I'll have to make a switch over st too...

__________________

My contact:
ICQ: 944-320-46
e-mail: manca {AT} HotFreeSex4All.com

HEAT

Check your tmpl files in ct/templates directory. those are infected as well and also there are more .tmpl and .php(no Zend) files in some other dirs.
Just delete unnecessary files under the ct directory.(backups, welcome.html, example.html, old data, etc.)

But again, YOU MUST SCAN YOUR PC in advance of code removal.
The hacker has your ftp password. so he will inject the code again automatically. Moreover this hacker(his remote software) will scan other directories in /home. then it will attack other php sites too. My other TGPX and TEVS sites on the same box also got hit.
Once the hacker has your ftp login, changing file/dir permission won't be a solution.

I had found these malwares in my pc.
Exploit,PDF.JS-Gen
Trojan.Script.7685
These came from the injected code.

Remove them and reboot. Scan again with another antispyware, reboot, then change server passwords.
Now edit all infected files. Use server-side text editor or file manager.
If there is a blank line under the <body> tag. Scroll to right and you will find the hidden code.
DON'T load infected or suspicious php/html files with browser. Your PC will get malwares again and it will sniff new password when you using ftp.
So it's the most important that your pc is not infected by malwares during code removal.

Good luck.

__________________
254-282-542

smoothballs

Spudman....see you are from the UK too send me a PM see if we can help each other out

czarina

can't get it here

Spudman

Yes dude, I'll hit you up in the morning

__________________
Take it Easy !!!

crockett

I wonder why the owner stopped giving a shit? It seemed like he bought out epower trader but shortly after that stopping doing much.

Did he have health problems or something or just give up?

__________________
In November, you can vote for America's next president or its first dictator.

Vendzilla

I remember Tony having health problems and it when down hill from there, havn't heard from him in a long time

__________________
Carbon is not the problem, it makes up 0.041% of our atmosphere , 95% of that is from Volcanos and decomposing plants and stuff. So people in the US are responsible for 13% of the carbon in the atmosphere which 95% is not from Humans, like cars and trucks and stuff and they want to spend trillions to fix it while Solar Panel plants are powered by coal plants
think about that

qxm

yeap I remember seeing u there.... Comus was a great tool while it lasted.... luckily I moved away from TGPs a while back.... glad I did it too!

__________________

V_RocKs

I uninstalled it long ago when it kept getting hacked.

willwank

I sale 100 licenses of glorious script APTGP3

__________________
icq 437 654 594

crockett

Yea that's what I was thinking. I wonder if he's ok or if it's because of the health problems. He used to always be pretty active with his scripts. He didn't seem like one that would just disappear.

__________________
In November, you can vote for America's next president or its first dictator.

stoner529

this is my first time having to do this. i only have one site though. trying just to get that to work right. at least i have a dedicated managed server so they can take care of that crap for me. i have no clue about it. i think my site is okay though, but not to sure.

MoreMagic

http://comusthumbs.com/ is online again.

smoothballs

yeah but all the links at top of the page for support forum ect isnt there ...

Davy

Good advice. Just go ahead and randomly delete files. That will stuff the security hole, for sure!

__________________
---
ICQ 14-76-98 <-- I don't use this at all

SuzzyQ

Besides Spybot S&D what is another good spyware removal progy?

smoothballs

jeez...this is gonna take forever! I'm tempted to just have static pages up...

escorpio

I've been thinking the same thing.

__________________
Unvaxxed, still alive.