LFS Forum - Servers for 15 USD a year! Insims half price

#26 - bunder9999

Wed, 3 Mar 2010 00:27

Quote from Azzano62 :This thread can now be closed as we have offically shut down the website, any current servers hosted by us will remain being hosted if you still would like to buy a server contact me via pm.

you did?

i still see a malicious iframe embedded in the forum's index page.

googling the URL seems to say something about "Liberty Exploit Kit".

#27 - bunder9999

Wed, 3 Mar 2010 01:37

okay, so all the files are gone from the index, but if you view "new site" (edit: which is now gone, i'm assuming someone is playing around), the same injected URL is on the main index page. on top of that, the iframe is on pretty much every page i can pull up.

for the love of god, turn off the server, start over, and use a prebuilt site.

edit2: can i see the contents of the php files in /uploads ? (nevermind, the hack comes with its own file manager.)

#28 - Azzano62

Wed, 3 Mar 2010 02:00

why do you need to see the uploads php?

#29 - bunder9999

Wed, 3 Mar 2010 02:04

i was just curious about what they did and how, but you ruined my fun by deleting the directory from underneath me. pretty neat stuff while it lasted.

Attached images

-

(Azzano62) DELETED by Azzano62 : not wanted

Wed, 3 Mar 2010 02:06

#30 - Bmxtwins

Wed, 3 Mar 2010 11:41

Wow...

#31 - Test Driver

Wed, 3 Mar 2010 17:24

Interesting, when I tried to open the forums my browser interfered and gave me a big warning, and said that just visiting the site could infect a pc.

How does such an infection happen, is it the usual Javascript/ActiveX/Flashplayer exploit or something more nasty? I thought about playing around using a VM, but then again.. didn't want to push my luck

#32 - bunder9999

Wed, 3 Mar 2010 17:57

Quote from Test Driver :Interesting, when I tried to open the forums my browser interfered and gave me a big warning, and said that just visiting the site could infect a pc.

How does such an infection happen, is it the usual Javascript/ActiveX/Flashplayer exploit or something more nasty? I thought about playing around using a VM, but then again.. didn't want to push my luck

a combination of JS and PDF, probably others. i only see one file there right now, .ftpquota, and it 403's when you try to access it.

#33 - PoVo

Wed, 3 Mar 2010 19:34

Epic

I missed out on the fun with bunder.

Hope you guys get a new site

#34 - Bmxtwins

Thu, 4 Mar 2010 00:02

Quote from Test Driver :Interesting, when I tried to open the forums my browser interfered and gave me a big warning, and said that just visiting the site could infect a pc.

How does such an infection happen, is it the usual Javascript/ActiveX/Flashplayer exploit or something more nasty? I thought about playing around using a VM, but then again.. didn't want to push my luck

Idk I only said warning trojan 5-6 times. I'm working on a temporary site atm..