Someone sent me some files and I uploaded them to my server. Now every few minutes a .txt is made on my server which has all of my users id:passwords written on them in plain text...
Any ideas?
What are you trying to say?
I just said what I was trying to say?
No you didn't. You said you uploaded files to your server and now the passwords and uids are being exported.
What do you want to know/do?
1. Someone said he was going to create a nice template for my website.
2. He sent me an .html and some javascripts
3. I uploaded them
4. 2 days later I find a .txt on my server with all the MyBB Forum Usernames and passes in plain text
Is it possible that these files can do this
No, it would need PHP to extract the data.
Plus, you can't just 'decrypt' the hashes.
If you cant just 'decrypt' then how is a .txt being generated on my web server with all the correct passwords every 10-15 minutes?
You can't just decrypt them. It's one way.
They are either being bruteforced or attacked with a dictionary.
Check your server logs and change your server password.
The hacker said something about a cookie stealer. It's not brute/dictionary attack, its coming up too fast.
(2010-09-01, 05:58 AM)N.Malcolm Wrote: [ -> ]You can't just decrypt them. It's one way.
They are either being bruteforced or attacked with a dictionary.
Check your server logs and change your server password.
...or they could be getting exported before they are hashed and validated with the MySQL database.
I suggest you look through your login scripts for any modifications, or upload a copy of them here so we can check them out for you.