TeamPhotoshop
Reviews, updates and in depth guides to your favourite mobile games - AppGamer.com
Forum Home Latest Posts Search Help Subscribe

is this a virus?

Page: 1 2 Reply
Apr 9th 2004#147552 Report
Member since: Oct 16th 2003
Posts: 717
my host is creationstorm.com . i've just noticed that their site is down with some error on the main page.
now, when i go to my site, i get:

Warning: open_basedir restriction in effect. File is in wrong directory in Unknown on line 0

Warning: Failed opening '/etc/.app' for inclusion (include_path='.:/php/includes:/usr/share/php') in Unknown on line 0

at the bottom of my splash and then my antivirus and firewall programs go off saying that some porn thing has been downloaded and is trying to connect to their server. does anyone know anything about this?
Reply with Quote Reply
Apr 9th 2004#147555 Report
Member since: Nov 26th 2001
Posts: 2586
The error is caused by php_safe_mode=on, from what I can tell. The porno stuff, I don't know man... Better watch who uses your computer d00d =)

But the error is on the server. It seems with later versions of php there are some issues with using safe_mode and calling certain functions like copy() when they enter "system" directories. It's a safety feature with an ugly error return. I checked the docs on php and you cannot alter the safe mode settings in .htaccess. So, have any idea which page was causing the error? You might want to set "error_reporting(E_ALL);" at the top of the page and see if anything gets reported.

And I take it you are on windows? Windows viruses don't propagate on Linux servers.
Reply with Quote Reply
Apr 9th 2004#147557 Report
Member since: Oct 16th 2003
Posts: 717
well, you just confused me a bit there.
i'm not running anything php so i'm guessing that it has to be something going on with creationstorm. that splash has been up for a while, i haven't touched it and this just started happening today. i'm guessing creationstorm got hacked and it's affecting all the sites hosted on it. is that possible? and the porn thing/patch gets downloaded when i go to the splash page of my site with all the new error crap at the bottom now.
i've tried replacing my splash page on the server with just a blank html page and still get the same mess.
Reply with Quote Reply
Apr 9th 2004#147559 Report
Member since: Nov 26th 2001
Posts: 2586
I tried your site and didn't have a problem. Maybe try (if using IE) Tools->Delete Files and clear your cache. IE gets all wanky when the cache gets full (which doesn't take long)
Reply with Quote Reply
Apr 9th 2004#147564 Report
Member since: Aug 9th 2001
Posts: 2333
lol you said wanky. Wank means something over here in europe ;)
Reply with Quote Reply
Apr 9th 2004#147567 Report
Member since: Oct 16th 2003
Posts: 717
yep, one of their servers got hacked just as i thought. look at this link if your curious about what it was: http://www.creationstorm.com/virus.php
Reply with Quote Reply
Apr 9th 2004#147595 Report
Member since: Mar 18th 2001
Posts: 1501
He meant "wonky"

And for what it's worth, if you have a good fast connection to the net, you can try setting your browser cache setting to "0". I don't cache anything, but with my 3Mb/sec connection, everything is still pretty zippy.
Reply with Quote Reply
Apr 10th 2004#147643 Report
Member since: Nov 26th 2001
Posts: 2586
[QUOTE=kranekick]yep, one of their servers got hacked just as i thought. look at this link if your curious about what it was: http://www.creationstorm.com/virus.php[/QUOTE]

Ouch. Time to change hosts. It's a shame to see a company go thru this, but any company with competent admins shouldn't have to deal with this. Cracker kids look for the easiest targets (most of the time), so my opinion is these guys aren't 100% on the ball, and if someone can get in and edit any webpage on a particular server I would be scared to host anything that has any value on it. Imagine having a site with a secure area and a database full of personal information of your clientele? Just my $.02...
Reply with Quote Reply
Apr 10th 2004#147647 Report
Member since: Aug 10th 2001
Posts: 793
We are very sorry for any trouble that this attack may have caused. Again we would like to point out to all customers to make regular backups of their files and to prevent installing scripts that contain exploits such as these.
Right now phpnuke and Mambo seem to be the main problems and therefor all clients running this software will be asked to de-install the software.


Im not sure I would like to see my host tell me this... for two good reasons....

First: Any good host will make back_up of evry site... true you should have yours... but still...
Second: phpnuke and Mambo are tools for webmasters... they should not prevent you from using them...
Reply with Quote Reply
Apr 10th 2004#147651 Report
Member since: Sep 7th 2002
Posts: 928
if i was a admin i wouldnt want people to use phpnuke to many exploits.
Reply with Quote Reply
Page: 1 2 Back to top
Please login or register above to post in this forum