hacked

Hammer · Post by **Hammer** » 03 Jun 2010, 14:50

my server was hacked this morning. it initially looks like a combination of the file upload service in this portal and a vulnerability in php. i have disabled the file upload section of this portal for now, and will probablyn look for an alternative in the near future. the hacker did delete all files in the files.rlgaming.com site - so if you have something you need there let me know and we will see about recreating.

PanzerMeyer · Post by **PanzerMeyer** » 03 Jun 2010, 16:21

Yeah, I noticed the hack earlier today when I tried to access the site.

Tach Deneva · Post by **Tach Deneva** » 03 Jun 2010, 16:30

Can you tell who did it, or where they did it from?

BTW - can't log into TS3 at the moment. I noticed there was an update for it, but I didn't download it. Should I?

Edit: TS3 connected! Thankee, Mr Hammer.

Softball · Post by **Softball** » 03 Jun 2010, 18:47

I am unable to connect to TS3, I ran the update by mistake (I hit enter or something when the window popped up) and now it says the TS3 sever needs to be updated.

Tach Deneva · Post by **Tach Deneva** » 04 Jun 2010, 07:03

Evidently v3.0.0-beta20 is no longer available for download.

Softball · Post by **Softball** » 04 Jun 2010, 08:27

I had the original installation file on my hard drive, I un-installed and re-installed TS3 and all is well once again.

Hammer · Post by **Hammer** » 04 Jun 2010, 09:25

the hack was a vulnerability in the pafilesdb applet that comes with the portal we are using. it allowed remote execution of files on another server as if they were on this one. very sophisticated, and if not so malicious is a very cool script. it is the C99shell script. i am sure you can google it, but once a friend helped me figure it out i ran it myself and it shows EVERYTHING on the server.

Softball · Post by **Softball** » 04 Jun 2010, 11:01

Dayam!! Does that vulnerability give them root access? I'm guessing no or everything would be gone. Are you able to get any info in the server logs from the remote connection?

Ghost · Post by **Ghost** » 04 Jun 2010, 17:48

I see that there are some bugs that need to be fixed. Any idea on when the
rlg forms will be back to 100%? Oh I lost my little icon, would it be possible to get it back?

Hammer · Post by **Hammer** » 04 Jun 2010, 19:14

no, not likely. no more uploading of avatars, etc. i will also be turning off html in posts - will have to use bbcode. uploading capability is what allowed the hacker in, so no more.

these forums will be upgraded at the earliest convenience to phpBB3 as well.

these will not be back to 100% as they were. it will end up being just plain forums. files will have to be uploaded with either ftp or scp (i prefer the latter, and there are free client tools). they will all be located on files.rlgaming.com.

not sure if the C99shell allows root access, but several web sites on the server were hacked. may as well have had root access.

RLGaming.com

RLGaming's Forums

hacked

hacked