GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Ugh, my TM3 and Comus died too. Replacement tips pls. (https://gfy.com/showthread.php?t=929925)

Naughty 09-25-2009 02:46 AM
Ugh, my TM3 and Comus died too. Replacement tips pls.
 
So, if you're trading with jpteens.com, you know what is happening. I highly doubt any of our trades is not having the same issues too;-)

We need to get setup asap with other software though, what is an easy setup to let things run with zero work on our end once it runs? What is commonly used these days?

Care to share? Interested in buying the classic old jpteens.com? That is possible too.

Naughty 09-25-2009 03:01 AM
Some fast hosted stuff is fine too for now. Just need to get my visitors something fast.

boneless 09-25-2009 03:11 AM
if you htpasswd protect comus then its still fine to use, the only exploited file was menu.php sitting in the admin dir.

have the host clean up the box as well, prolly a shitload of backdoor files on it and switching scripts wont help in that case as the new ones will easily get compromised as well.

Naughty 09-25-2009 03:13 AM
Thanks, but i already started killing every single file on the server.

I see this file in my server root, wtf is that?
profile.lock.537

Klen 09-25-2009 04:02 AM
Shorty summary posted by hjnet which works:
Just as a short summary how I got rid of this infection sofar

-At first block 122.70.145.151 from accessing your Server, it's an IP in China that triggers the backdoor files on YOUR Server every ~ 10 Minutes to infect writable files

iptables -A INPUT -s 122.70.145.151 -j DROP

And Spudstr from YellowFiber also suggestes to block 122.64.0.0/11

iptables -A INPUT -s 122.64.0.0/11 -j DROP


- Then get rid of your Comus installations, I've simply deleted the entire /ct/ folder as I didn't use my installations anyway. That was the only solution for me as long as there's no security patch available


- Next I've scanned my Server for for any INFECTED Files

grep -R "function Sym1" * > list_of_infected_files
grep -R "function STy6" * > another_list_of_infected_files

These are the only two different types of insertions I've found sofar on my Server, might be possibble that there are more out there, please let us know if you come across new ones so everybody could search their Server for the matching string snippets.


- And finally get rid of the backdoor files:

grep -R "6966202873" * > list_of_backdoor_files

The backdoor files on my Server where called something like backup.php, sync.php, thumbs.php

Nenad 09-25-2009 04:03 AM
If you need new traffic trade script, you should check Script Pulse
Easy installation, no mysql, no cron job, skim schemes, detailed stats, great trade algo and bunch of other amazing features.
Script Pulse is the best traffic trade script on market today. PERIOD! :thumbsup :thumbsup :thumbsup

brassmonkey 09-25-2009 06:28 AM
This web site at jpteens.com has been reported as an attack site and has been blocked based on your security preferences.

cykoe6 09-25-2009 06:32 AM
Smart Thumbs is the best replacement for Comus.

area51 - BANNED FOR LIFE 09-25-2009 06:35 AM
Trade Pulse or ATX 2

Klen 09-25-2009 06:37 AM
Quote:
Originally Posted by brassmonkey (Post 16360859)
This web site at jpteens.com has been reported as an attack site and has been blocked based on your security preferences.
He need to clean site and then request review in webmaster tools and it will be removed in 12 hours.


All times are GMT -7. The time now is 12:01 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc