Urgent Help Needed

[ashutariyal]

Hi Friends I am Ashu, and i am in big trouble some hacker changed my ajax.php file and now he can execute any sql query through this file for security i have desabled all ajax features of my forum and also password protected this file so that he can't change anything coz through this file he can see my all root files & folders even he can edit them or he also view the codes thats why he know my database details from includes/config.php

I have upgrade my forum to 3.8.3 and replaced all file including ajax.php but problem still in there.

here is the screenshot what actually ajax.php showing (currently it is password protected)
http://i36.tinypic.com/2wd84tf.jpg
I have also found a site with same problem check here
http://www.technologyworksonline.com/democubecart/

So my friends i hope you will help me to get rid of form this problem.

Please please help me.

Regards,

ashutariyal Reviewed by ashutariyal on 1st Oct 2009. Urgent Help Needed Hi Friends I am Ashu, and i am in big trouble some hacker changed my ajax.php file and now he can execute any sql query through this file for security i have desabled all ajax features of my forum and also password protected this file so that he can't change anything coz through this file he can see my all root files & folders even he can edit them or he also view the codes thats why he know my database details from includes/config.php I have upgrade my forum to 3.8.3 and replaced all file Rating: 5

[CyberHacK]

Bro thats a shell. Replace it with your proper ajax.php file.

[ashutariyal]

Thanks bro for reply but I have already replaced it but the problem not gone.. and one more thing that what is "shell"

[CyberHacK]

A shell is a file that is uploaded to a web server. And just by browsing to that file you can delete, rename, chmodd edit file contents. Download any file. Browse all files/folders on the webserver. And upload files. Also run malicious tools like fill hdd space etc. And run MySQL Queries.

[__dark__]

thing is he manged somehow to upload it to your webserver , if you allow uploading .php files then dont or this will happen over and over lol , maybe it is a bug in your current system check for exploits for it , you didnt give us information about what you were using ... , try to pin point the weak spot

[William Palmer]

What you need to do is contact your hyosting provider and secure there system from shells more he possibly uploaded it cause of a exploit on one of your scripts go and check them for any security issue.

[SuicidalMedia]

What you need to do is contact your hyosting provider and secure there system from shells more he possibly uploaded it cause of a exploit on one of your scripts go and check them for any security issue.

Maybe that guy had his password of cPanel and uploaded shells on many places ? , And named them with smart names not some random name like "r57" or "shell" ... Today on internet every kid has stealer , and It's so spreaded that almost everyone got infected. So I would suggest you to download your SQL database. And replace all vBulletin core files with new ones. And check file content of every folder of your skins directory.

Many sys admins aren't really smart enough to secure their server. So It would be just a fail , they would say Our server is secured , etc...

[William Palmer]

Yes your right if that is the case then i reccomend the site owner to analayze each file and see if its a shell

[CyberHacK]

Hosting provider should definently use a webserver anti-virus and do a scan of his site's folder's.

[William Palmer]

If the shell that has been uploaded encrypted clamAV wont even detect it and personally i dont even like clamAV its a big waist of memory