Did he also hacked thefreesite.com? When you look at his site (http://maffat.com/), the content is identical to http://thefreesite.com/. What's with this guy?
Ok Now Amit Listen, First of all Chill ... Let's get to it the right way bro ... First thing first ... ur using Yahoo Messenger, if am not wrong ... which works on the 5010 protocol ... Now as everyone know, you don't exploit the port, instead you exploit the service running on a port ... Let's clear somethings now ... Yahoo messenger has typical vulnerabilities which come out from time to time, many of these vulnerabilities are released in kiddy forums, and people,script kiddies,scammers or in Indian terms "Jhollers" like this ... often get it ... Now as far as I know the latest Yahoo messenger vulnerability, before their servers was updated was one using which anyone who could get your IP and if Yahoo Messenger was running, could easily exploit your port 5010 ... that is 00.00.00.00:5010 and download a WebDownloader created by Soca (a prominent Yahoo Spammer Programmer) once this gets on your PC .. you could actually download and run any "executable" file on the victim's PC .... Another way is .. by using XSS (Cross site scripting) wherein, some trojan must have installed on your PC .... So first of all, I would like to ask you to ...STOP USING INTERNET EXPLORER use Firefox bro ... trust me you will thank me Now regarding getting people banned on google ...unfortunately this is true ... See the mechanism with google is that it will track fraud clicks ... Now these clicks are done by you or someone else, there is no way to determine this, so in the end you stand banned Also by any chance? did you use the same password for every of your usernames ?? Regarding your forums, it's so damn easy to mess with your phpbb, and get access to your ftp ... Not ftp actually, but there are exploits which will give me access rights similar to it ... So I suggest upgrade your forums and install security mods (I can do it if ya need any help) Please use different sql databases for your forums and directory ... Now first of all I suggest a format, then get a really nice firewall, and install it then go for timely Housecall scans .... And now it's time for the current to go .. so can't write more ... But I will tell ya more when i am back Abhishek
Thanks for the gr8 info Abhisekh! Reported his site maffat.com long back. But they didnt take any action.
Abhishek, I am a security researcher and honestly half of what you said was bullshit. XSS to download trojan? How in the fucking world lol XSS is the insertion of javascript not exe. Please don't give advice on subjects you are not familiar with.
oopsie Doopsie, *Abhishek feels like an A$$* Well actually the situation was very dramatic, if you are in India, you must be aware of the power problems we are facing, i had to answer this in like 3 minutes ....so i messed things up .. well here's my actual answer ... Another thing is XSS aka Cross Site Scripting ...The thing is some programs accept data from one user (ur destination host/the website you visit) and pass that data on to a different user's application i.e you browser. Now this policy can be compromised and by generating a random URL (the maliciously constructed webpage), the data is sent as such that it appears to be coming from your destination server, tyour web browser may then process that data in a way harmful to you. This is what XSS is all about. Now as far as I know, you are a victim of reflected XSS, in this particular type of attack, wherein the script can retrieve data from your browser's cache such as your billing info and other credentials. Now regarding the trojanning thing what I was talking about was, that there are exploits in which people, compress the applications/executables into .cab files which are then uploaded on the sites and these cab files can install on your PC directly using your browser, Now in Normal cases your browser asks you if you want to install such a software, but with heavy Javascripting this can be hidden. These cab files can be anything from Trojans to Password stealers, adwarez or whatever !! Have you heard some people ?? that they went to a porn site ?? and without even downloading anything were infected with loads of spywares and adwares ?? Well those people use the same technique ... Well it was a human error, btw I am a CEH, and have been into Cyber Crime research since the past 18 months. I am sure you are more experienced and talented than I am, but just to let you know that I am not completely unknown about this issue. Sorry for the mistake by the way, thanks for correcting me. Abhishek
haha no prob, sorry if i was a bit harsh.. anyawy I've been into this field for about um 8 years now and specialize in web application security however do genearlize in security also. What kind of cyber crime research are you into, in the future if you're looking for a security related job with the gov or private let me know, I regularly talk to the Head of the cyber cell mumbai who also owns a private company for bank and it security. I can't bother scrolling back 3 pages to see the owner but whoever it is lets consider some things, The user changed the adsense id, aka he had server file modification access. Most of the phpBB vulnerabilities in recent times have been sql injections and Xss so i doubt that was the point of entry, unless ofcourse you used the same password for your server ftp or ssh. Secondly, your dir script looks simple enough so I doubt that too personally but I havn't really looked much at it. Did you ask your host to check logs? If you could post up apache access logs from that date it would be very easy to track the attackers every move including how he got in. Pm me if you want help with this.
In regards to that, what you are talking about is a browser vulnerability. No amount of javascripting can hide a file download unless its a browser vulnerability. It goes against every security fundamental for that to be possible, thats like saying your house is secure except for a open window. It's not possible for such holes to be left open for a long period of time on browsers. Now if the browser it self contained a vulnerability it is possible that a trojan was downloaded but in most such cases I find it unlikely. If the attacker had trojan access he could have simply stolen money from the victims banks, paypals, credit cards etc.. then why bother with adsense. The break in from my point of view was definately one on the server side. I recommend asking your host to look into the matter and patching up.
That's what I meant .... and wht i ws saying ws tht ....some JAVASCRIPT could hide tht .. it ws but of course a browser vulnerability .... Abhishek
I would report him to google adsense. Maybe they will suspend or remove his adsense account if this is how he is going about with his adsense account.