Results 1 to 16 of 16

Thread: SXOC Has been Hacked (or atleast attempted)

  1. #1
    Guest
    Join Date
    Jan 2015
    Location
    Lincolnshire
    Posts
    2
    Rides
    0

    Exclamation SXOC Has been Hacked (or atleast attempted)

    Goto sxoc.com

    If you have antivirus program it will bring up a Backdoor:PHP/BackConnect.A

    As I work with PHP everyday, being an IT technician I got curious and decided to investigate.
    I found a file in Google Chrome's cache which contains just over 4500 lines of PHP (Weird, as PHP is server side it should never get to your PC, which is why I'm not sure their attempt has fully worked)

    You have a PHP Shell on the server (Not sure if it is live, but it is an attempt at one, I'm not sure if it has worked).

    It has references to "Antisecurityteam".

    Also on the homepage is some links to porn sites. (Can be seen in the source but not on the page as they are moved left of the screen. (about -99999px))

    The PHP script also has an email address in there - "fullyukle.com@gmail.com" - Where it "reports home" a big chunk of information.

    Again, I know it's coming from your homepage, (The forum looks clean), I'm not sure if the shell is running, but it is definitely there and needs looking at

  2. #2
    Guest Asht_200's Avatar
    Join Date
    Oct 2001
    Location
    ashflix.com
    Posts
    22,542
    Rides
    0
    The pron sites are for Docwra's use

  3. #3
    Guest Tanuki's Avatar
    Join Date
    Feb 2010
    Location
    Lincolon
    Posts
    1,357
    Rides
    0
    Can confirm, SXOC is now Adult Friend Finder.

  4. #4
    Head Mod Scottie's Avatar
    Join Date
    Oct 2001
    Location
    St. Helens / Snowdonia
    Posts
    16,845
    Rides
    0
    Just to confirm this has been reported several times thanks, and one of the technical bods is looking into it.

    Cheers
    2004 - on : 1999 S14a 398bhp 378lb/ft
    2010 - on : 2007 RX8 PZ
    1998 - 2004 : 1991 S13

  5. #5
    Guest
    Join Date
    Jun 2005
    Location
    Wherever I run out of petrol!
    Posts
    14,548
    Rides
    0
    Quote Originally Posted by Scottie View Post
    Just to confirm this has been reported several times thanks, and one of the technical bods is looking into it.

    Cheers
    When he's not smashing his face in with a camera

  6. #6
    Guest jackm's Avatar
    Join Date
    Apr 2010
    Location
    Kenley/Croydon
    Posts
    1,241
    Rides
    0
    Yeh I thought something dodgy was going on when I searched for a thread on Google and got advised that the naked girl on adult friend finder knew the link for the pdf manual.

  7. #7
    Now just a man!
    Join Date
    May 2002
    Location
    North West Kent
    Posts
    17,378
    Rides
    1
    The other technical bod has looked at it, it was fun and is mostly fixed, the problem that is, not Ste's face, how can you break that!!!
    Now just a man!

  8. #8
    Guest Stevecarter200's Avatar
    Join Date
    May 2001
    Location
    Colchester, Essex, UK
    Posts
    25,474
    Rides
    0
    Quote Originally Posted by Jim View Post
    mostly fixed
    How mostly is mostly?? My antivirus found the Backdoor doodah a couple of hours ago when I went to the home page.
    I'm NOT the Chairman anymore, Ken was. He still likes poo though. Its not Jim either now. Ooh ooh, its now Doc!
    Blue '89 S13, 362 bhp, slowly getting more battered. Spec

    Opie Oils : MOT-a-Car : DriftWorks

  9. #9
    Now just a man!
    Join Date
    May 2002
    Location
    North West Kent
    Posts
    17,378
    Rides
    1
    Well I had to work during the day. You know me Steve, when I say mostly fixed, it just doesn't look pretty but it's functionally correct
    Now just a man!

  10. #10
    Banned sideways14a's Avatar
    Join Date
    Apr 2003
    Location
    Drunk as usual
    Posts
    34,697
    Rides
    0
    Quote Originally Posted by Jim View Post
    Well I had to work during the day.
    Hmm this concept is a bit alien to me, gonna go look it up.

  11. #11
    Guest Asht_200's Avatar
    Join Date
    Oct 2001
    Location
    ashflix.com
    Posts
    22,542
    Rides
    0
    Quote Originally Posted by jackm View Post
    Yeh I thought something dodgy was going on when I searched for a thread on Google and got advised that the naked girl on adult friend finder knew the link for the pdf manual.
    Hell if Halfords want to boost sales. Naked girls behind the counter selling car bit

  12. #12
    Guest
    Join Date
    Jan 2015
    Location
    Lincolnshire
    Posts
    2
    Rides
    0
    Good to see it's fixed - I didn't know how much you already knew / didn't know

  13. #13
    Guest
    Join Date
    Mar 2015
    Location
    West Midlands
    Posts
    9
    Rides
    0
    just a quick question, do you have any anti "Tamper Data" code around the upload of profile pictures/files? this is generally the easiest way to get a shell onto a remote host.

  14. #14
    Guest
    Join Date
    Mar 2013
    Location
    Bucks
    Posts
    278
    Rides
    0
    This is not fixed. Just got a redirect to h5vxit67as7t9ppps2b4fnj.eko-kayit.com

    (from google, clicking on a forum thread)

  15. #15
    Now just a man!
    Join Date
    May 2002
    Location
    North West Kent
    Posts
    17,378
    Rides
    1
    Nope you had another thing which was annoyingly unrelated
    Now just a man!

  16. #16
    Guest jackm's Avatar
    Join Date
    Apr 2010
    Location
    Kenley/Croydon
    Posts
    1,241
    Rides
    0
    Ive been getting random sites still open both my mobile and on 2 seperate laptops when searching generic sxoc stuff on google.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •