• Register
    • Help

    striker  0 Items
    Currently Supporting
    • Home
    • News
    • Forum
    • Wiki
    • Support
      • Manage Subscriptions
      • FAQ
      • Support For
        • VaultWiki 4.x Series
        • VaultWiki.org Site
    • What's New?
    • Buy Now
    • Manual
    • 
    • Support
    • VaultWiki 3.x Lite
    • Bug
    • a script was installed in the vault/images/icon directory

    1. Welcome to VaultWiki.org, home of the wiki add-on for vBulletin and XenForo!

      VaultWiki allows your existing forum users to collaborate on creating and managing a site's content pages. VaultWiki is a fully-featured and fully-supported wiki solution for vBulletin and XenForo.

      The VaultWiki Team encourages you to join our community of forum administrators and check out VaultWiki for yourself.

    Issue: a script was installed in the vault/images/icon directory

    • Issue Tools
      • View Changes
    1. issueid=1982 September 17, 2010 11:12 AM
      alltp alltp is offline
      New Member
      a script was installed in the vault/images/icon directory

      I received this today from our hosting company, URLJet:

      John,

      We received this for IP 64.57.210.240 (Hawk) and mentions user "tabletpc"
      As part of your service, I logged in, located the bad scripts and removed them.

      You should should consider removing any unnecessary plugins as I am sure that is the source of the insecurity.
      [ SpamCop V4.6.1.006 ]
      This message is brief for your comfort. Please use links below for details.

      Email from 64.57.210.240 / Thu, 16 Sep 2010 06:55:14 -0500
      http://www.spamcop.net/w3m?i=z520833...29433a50ed72fz

      [ Offending message ]
      X-Apparently-To: x via 69.147.92.113; Thu, 16 Sep 2010 04:55:14 -0700
      Return-Path: <tabletpc@hawk.urljet.com>
      X-YahooFilteredBulk: 64.57.210.240
      Received-SPF: none (mta1039.sbc.mail.mud.yahoo.com: domain of tabletpc@hawk.urljet.com does not designate permitted sender hosts)
      X-YMailISG: jmKpiXEcZApfspM0eY9WuOqSiWD6IZFLEtbtwHGs2Wo1AZg.
      5Oqn5m22FFhkp7R1apgE6pgXRAIyGS3GYcE.OtalV8XMnXn4xrS.74Grd iDj
      U9THagngVkrUW3TLuPbnE1q8iOBYmjgwasnBL56Tg9z7xLbwQ_iBjBtxd cFR
      1iKNrwqLMiO3Mid.emxlBWtAf_0uWFvHAqHRxW9UcJSjJ0MpNLH1ntx0S 10f
      YDSfPkCuEGSGM4KjDU9swEpo3wgAS7L0Fhnfk5NT.EjXJ6w4G83A8ODs9 7ZA
      1zpZZBML2nJ4uRIDWS0Ft0J7ukjwespUly77BTL_iLZcl3Uyh67hBLopd TUO
      scL3Utk1Yn2j3pKN3sDn9gt1shmqaXzl4jQrBMJYr2zCM2ui0JwQ.kkdF 5s3
      .41Dze4m0svY3nMZbqKu9qsUGNBhPWfNUHYAN.M4p09USCkLMdURuxwcM itp
      1F5j81rqz30ebfhM8Il6GzpngsXn3C8WHDLU6nCkh9t00q4_yPQ-
      X-Originating-IP: [64.57.210.240]
      Authentication-Results: mta1039.sbc.mail.mud.yahoo.com from=bbvacompass.com; domainkeys=neutral (no sig); from=bbvacompass.com; dkim=neutral (no sig)
      Received: from 207.115.36.125 (EHLO nlpi111.prodigy.net) (207.115.36.125)
      by mta1039.sbc.mail.mud.yahoo.com with SMTP; Thu, 16 Sep 2010 04:55:14 -0700
      X-Originating-IP: [64.57.210.240]
      Received: from hawk.urljet.com (hawk.urljet.com [64.57.210.240])
      by nlpi111.prodigy.net (8.14.4 IN/8.14.4) with ESMTP id o8GBtE6h007093
      for <x>; Thu, 16 Sep 2010 06:55:14 -0500
      Received: from tabletpc by hawk.urljet.com with local (Exim 4.69)
      (envelope-from <tabletpc@hawk.urljet.com>)
      id 1OwD3Y-0002mo-1o
      for x; Thu, 16 Sep 2010 06:55:12 -0500
      To: x
      Subject: BBVA Compass Bank Warning Notification
      X-PHP-Script: www.tabletpcbuzz.com/vault/images/icon/kam.php for 99.33.34.65
      From: BBVA Compass Bank <email.alert@bbvacompass.com>
      Reply-To:
      MIME-Version: 1.0
      X-Content-Type: text/html
      X-Content-Transfer-Encoding: 8bit
      Message-Id: <E1Ow_________o-1o@hawk.urljet.com>
      Date: Thu, 16 Sep 2010 06:55:12 -0500
      X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
      X-AntiAbuse: Primary Hostname - hawk.urljet.com
      X-AntiAbuse: Original Domain - sbcglobal.net
      X-AntiAbuse: Originator/Caller UID/GID - [539 32007] / [47 12]
      X-AntiAbuse: Sender Address Domain - hawk.urljet.com
      X-Source: /usr/local/lsws/fcgi-bin/lsphp-5.2.14
      X-Source-Args: lsphp5:abletpc/public_html/vault/images/icon/kam.php
      X-Source-Dir: tabletpcbuzz.com:/public_html/vault/images/icon
      Content-Length: 1460
      Content-Type: text/plain
      X-SpamCop-note: Converted to text/plain by SpamCop (outlook/eudora hack)
      Obviously, this is a bad thing. Please let me know what you think. Our website is www.tabletpcbuzz.com. Am I correct on the version of VaultWiki Lite? I don't see how to check it but I installed it within the month so figuring I have the latest version.

      John
      john at alltp dot com
    Issue Details
    Issue Number 1982
    Issue Type Bug
    Project VaultWiki 3.x Lite
    Category Unknown
    Status Not a Bug
    Priority 1 - Security / Login / Data Loss
    Affected Version 3.0.6 Lite
    Fixed Version (none)
    Software DependencyAny
    Users able to reproduce bug 0
    Users unable to reproduce bug 0
    Attachments 0
    Assigned Users (none)
    Tags (none)




    1. September 17, 2010 11:25 AM
      pegasus pegasus is offline
      VaultWiki Team
      VaultWiki Lite does not add this script or allow access to your file system in any way. If you had a malicious script on your server, your file system was compromised, and it's a coincidence that they hid the file away in VaultWiki's image folder.
      Reply Reply  
    + Reply

    Assigned Users
    Loading Please Wait
    Tags
    Loading Please Wait
    • Contact Us
    • License Agreement
    • Privacy
    • Terms
    • Top
    All times are GMT -4. The time now is 6:34 AM.
    This site uses cookies to help personalize content, to tailor your experience, and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Learn more… Accept Remind me later
  • striker
    Powered by vBulletin® Version 4.2.5 Beta 2
    Copyright © 2023 vBulletin Solutions Inc. All rights reserved.
    Search Engine Optimisation provided by DragonByte SEO (Pro) - vBulletin Mods & Addons Copyright © 2023 DragonByte Technologies Ltd.
    Copyright © 2008 - 2013 VaultWiki Team, Cracked Egg Studios, LLC.