Update: PHPUGPH’s SMF maliciously attacked. Now back online
I’ve done an audit on the files of phpugph.com’s SMF board and found that a certain user who’s only identity is krisbarteo@gmail.com using the IP 94.142.129.147 appended spam links to the Settings.php of SMF.
I’m no security expert, but I think what he did was he uploaded an avatar with a PHP code inside it, found a server/script exploit and ran it. I opened up the avatar (after looking for it for hours) and found this code (see below screenshot). Then he launched the attack from there appending malicious links on a file that is being included everytime SMF draws a page.
A quick Diff on SMF’s base files and our SMF files revealed that a new readme.php was created. And it contained the following:
Decoding that garbled texts reveals that readme.php was run on the browser and that was the main cause of appending links on the Settings.php.
I am still baffled by the fact that some people would do such things. Disrupt service for profit? Well, as forĀ krisbarteo, yes you’ve succeeded in doing that. Then what? Happy now? If you only have used that smarts and skills on the good stuff, you’d probably be rich by now.
To all PHPugers, we hope that this thing doesn’t happen again even if we all know that the Internet isn’t safe from these crackers. It’s all good. For now.
Mployd.ph Offers PHPUGPH Members 1-Year Free Subscription
If you are a member of PHPUGph.com, you are entitled to a 1 year free account subscription at Mployd.ph. The account subscription is worth Php 10,000 approx. ($250).
Login to PHPUGPH now and grab the exclusive promo code. Hurry! This offer expires October 31, 2008 is extended till the end of the year!
