Ugh, my TM3 and Comus died too. Replacement tips pls. - GoFuckYourself.com

Naughty · 09-25-2009, 02:46 AM

So, if you're trading with jpteens.com, you know what is happening. I highly doubt any of our trades is not having the same issues too;-)

We need to get setup asap with other software though, what is an easy setup to let things run with zero work on our end once it runs? What is commonly used these days?

Care to share? Interested in buying the classic old jpteens.com? That is possible too.

Naughty · 09-25-2009, 03:01 AM

Some fast hosted stuff is fine too for now. Just need to get my visitors something fast.

boneless · 09-25-2009, 03:11 AM

if you htpasswd protect comus then its still fine to use, the only exploited file was menu.php sitting in the admin dir.

have the host clean up the box as well, prolly a shitload of backdoor files on it and switching scripts wont help in that case as the new ones will easily get compromised as well.

Naughty · 09-25-2009, 03:13 AM

Thanks, but i already started killing every single file on the server.

I see this file in my server root, wtf is that?
profile.lock.537

Klen · 09-25-2009, 04:02 AM

Shorty summary posted by hjnet which works:
Just as a short summary how I got rid of this infection sofar

-At first block 122.70.145.151 from accessing your Server, it's an IP in China that triggers the backdoor files on YOUR Server every ~ 10 Minutes to infect writable files

iptables -A INPUT -s 122.70.145.151 -j DROP

And Spudstr from YellowFiber also suggestes to block 122.64.0.0/11

iptables -A INPUT -s 122.64.0.0/11 -j DROP

- Then get rid of your Comus installations, I've simply deleted the entire /ct/ folder as I didn't use my installations anyway. That was the only solution for me as long as there's no security patch available

- Next I've scanned my Server for for any INFECTED Files

grep -R "function Sym1" * > list_of_infected_files
grep -R "function STy6" * > another_list_of_infected_files

These are the only two different types of insertions I've found sofar on my Server, might be possibble that there are more out there, please let us know if you come across new ones so everybody could search their Server for the matching string snippets.

- And finally get rid of the backdoor files:

grep -R "6966202873" * > list_of_backdoor_files

The backdoor files on my Server where called something like backup.php, sync.php, thumbs.php

Nenad · 09-25-2009, 04:03 AM

If you need new traffic trade script, you should check Script Pulse
Easy installation, no mysql, no cron job, skim schemes, detailed stats, great trade algo and bunch of other amazing features.
Script Pulse is the best traffic trade script on market today. PERIOD!

brassmonkey · 09-25-2009, 06:28 AM

This web site at jpteens.com has been reported as an attack site and has been blocked based on your security preferences.

cykoe6 · 09-25-2009, 06:32 AM

Smart Thumbs is the best replacement for Comus.

area51 - BANNED FOR LIFE · 09-25-2009, 06:35 AM

Trade Pulse or ATX 2

Klen · 09-25-2009, 06:37 AM

Quote:

Originally Posted by brassmonkey

This web site at jpteens.com has been reported as an attack site and has been blocked based on your security preferences.

He need to clean site and then request review in webmaster tools and it will be removed in 12 hours.

09-25-2009, 02:46 AM	#1
Naughty Confirmed User Industry Role: Join Date: Jul 2001 Location: Utopia Posts: 6,478	Ugh, my TM3 and Comus died too. Replacement tips pls. So, if you're trading with jpteens.com, you know what is happening. I highly doubt any of our trades is not having the same issues too;-) We need to get setup asap with other software though, what is an easy setup to let things run with zero work on our end once it runs? What is commonly used these days? Care to share? Interested in buying the classic old jpteens.com? That is possible too. __________________ seks.ai for sale - ping me

09-25-2009, 03:01 AM	#2
Naughty Confirmed User Industry Role: Join Date: Jul 2001 Location: Utopia Posts: 6,478	Some fast hosted stuff is fine too for now. Just need to get my visitors something fast. __________________ seks.ai for sale - ping me

09-25-2009, 03:11 AM	#3
boneless Confirmed User Industry Role: Join Date: Dec 2002 Location: in your head Posts: 3,625	if you htpasswd protect comus then its still fine to use, the only exploited file was menu.php sitting in the admin dir. have the host clean up the box as well, prolly a shitload of backdoor files on it and switching scripts wont help in that case as the new ones will easily get compromised as well. __________________ icq:148573096 skype:dabone2 email:boneless(a)mgpteam(.)com

09-25-2009, 03:13 AM	#4
Naughty Confirmed User Industry Role: Join Date: Jul 2001 Location: Utopia Posts: 6,478	Thanks, but i already started killing every single file on the server. I see this file in my server root, wtf is that? profile.lock.537 __________________ seks.ai for sale - ping me

09-25-2009, 04:03 AM	#6
Nenad Confirmed User Join Date: Sep 2005 Posts: 98	If you need new traffic trade script, you should check Script Pulse Easy installation, no mysql, no cron job, skim schemes, detailed stats, great trade algo and bunch of other amazing features. Script Pulse is the best traffic trade script on market today. PERIOD! __________________ Best And Most Advanced Traffictrade Script On Market! PERIOD!

09-25-2009, 04:02 AM	#5
Klen Industry Role: Join Date: Aug 2006 Location: Little Vienna Posts: 32,235	Shorty summary posted by hjnet which works: Just as a short summary how I got rid of this infection sofar -At first block 122.70.145.151 from accessing your Server, it's an IP in China that triggers the backdoor files on YOUR Server every ~ 10 Minutes to infect writable files iptables -A INPUT -s 122.70.145.151 -j DROP And Spudstr from YellowFiber also suggestes to block 122.64.0.0/11 iptables -A INPUT -s 122.64.0.0/11 -j DROP - Then get rid of your Comus installations, I've simply deleted the entire /ct/ folder as I didn't use my installations anyway. That was the only solution for me as long as there's no security patch available - Next I've scanned my Server for for any INFECTED Files grep -R "function Sym1" * > list_of_infected_files grep -R "function STy6" * > another_list_of_infected_files These are the only two different types of insertions I've found sofar on my Server, might be possibble that there are more out there, please let us know if you come across new ones so everybody could search their Server for the matching string snippets. - And finally get rid of the backdoor files: grep -R "6966202873" * > list_of_backdoor_files The backdoor files on my Server where called something like backup.php, sync.php, thumbs.php

09-25-2009, 06:28 AM	#7
brassmonkey Pay It Forward Industry Role: Join Date: Sep 2005 Location: Yo Mama House Posts: 76,971	This web site at jpteens.com has been reported as an attack site and has been blocked based on your security preferences. __________________ TRUMP 2025 KEKAW!!! - The Laken Riley Act Is Law! DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com

09-25-2009, 06:32 AM	#8
cykoe6 Confirmed User Industry Role: Join Date: Apr 2005 Location: Vegas Posts: 4,499	Smart Thumbs is the best replacement for Comus. __________________ бабки, шлюхи, сила

09-25-2009, 06:35 AM	#9
area51 - BANNED FOR LIFE So Fucking Banned Join Date: Aug 2009 Posts: 3,164	Trade Pulse or ATX 2