Site hacked via Coranto news folder with c99shell.php

Is Coranto not working properly for you? Here's where to ask for support help; for best results, follow these steps:
  • - Check your core/addon documentation for possible solutions
  • - Search these forums for similar problems that have already been solved
  • - If you're still stumped, check out THIS TOPIC, and post your question in this forum!!

Moderators: Spunkmeyer, Dale Ray, SrNupsen, Bluetooth, Jackanape

Site hacked via Coranto news folder with c99shell.php

Postby Rocky » Mon Jan 08, 2007 8:21 pm

I found a file in my coranto news folder today that should not be there. It is a hacker tool called c99shell.php

Has anyone come across this before, and does anyone know how the hacker managed to get a file into the news folder?
Rocky
Rocky
 
Posts: 41
Joined: Sat Feb 03, 2007 9:20 pm

Postby Dale Ray » Mon Jan 08, 2007 10:19 pm

Do an internet search for c99shell.php. What I found was that the hackers used the upload capabilities of a script on the host to upload the file.

Do you use any other scripts besides Coranto? Are you using an upload addon for Coranto?
Dale Ray
User avatar
Dale Ray
 
Posts: 1001
Joined: Sun Jan 19, 2003 6:02 pm
Location: NW Indiana

Postby Rocky » Mon Jan 08, 2007 11:01 pm

Yeh, I did some more reading and found some good leads. Then I checked my pafile scripts and found them quite obviously compromised, so I have had to delete the entire pafile system.

Bloody hackers get me mad.

Thanks for the reply.
Rocky
Rocky
 
Posts: 41
Joined: Sat Feb 03, 2007 9:20 pm


Return to Troubleshooting

Who is online

Users browsing this forum: No registered users and 4 guests

cron