Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Forum Exploited Through Signature?
#1
On my forum, whenever I load this page:
http://mybbaddict.com/thread-why-mybb

It get a dialog box saying this:
[Image: e8806b.png]

I have never heard of http://moviehotel.net.
I think I know the user who committed this, he his a .php file as his signature image. He will be banned, but what is this? How can I prevent this? It was a .php file linked as an image.
#2
(2012-02-23, 03:55 PM)BitzDefender Wrote: It was a .php file linked as an image.
Even a normal image within the protected directory will generate this message, it's not an exploit. You can't prevent this, everybody can set up a htaccess at any time.
[Image: banner.png]
#3
Okay so no harm can be done? I just want to make sure it wasn't some kind of phishing attempt, or even any kind of malicious intent.
#4
It should be harmless. But definitely remove the sig because every page with his sig will show that.
#5
This user has been denied support. This user has been denied support.
Moviehotel.net is owned by fb29 his forum was hacked a few days ago dont trust those authentication boxes. it is a phising attempt thats what I've research you can do the same.
#6
(2012-02-23, 10:36 PM)John J. Wrote: Moviehotel.net is owned by fb29 his forum was hacked a few days ago dont trust those authentication boxes. it is a phising attempt thats what I've research you can do the same.

Do you allways spread BS like this? Password protected directory doesn't
allow user to access protected specified folder and content inside it (subfolders,files).You will be promoted with authentication window and if you enter correct pass/username you can enter that directory.


#7
Ok so basically it is harmless, but was unintentional because the forum was hacked.

I've removed the signature.
#8
This user has been denied support. This user has been denied support.
Yes, It is harmless but never trust authencation boxes, never put info in them.
#9
(2012-02-23, 11:08 PM)John J. Wrote: Yes, It is harmless but never trust authencation boxes, never put info in them.

So, my clients shouldn't login to their client area on my website and the secure area for my job I should never trust? Okay, thanks for telling me then! I won't touch them again. Dodgy
#10
This user has been denied support. This user has been denied support.
(2012-02-23, 11:27 PM)WebOutfit Wrote:
(2012-02-23, 11:08 PM)John J. Wrote: Yes, It is harmless but never trust authencation boxes, never put info in them.

So, my clients shouldn't login to their client area on my website and the secure area for my job I should never trust? Okay, thanks for telling me then! I won't touch them again. Dodgy

No I'm not saying it that way. I'm saying if you see an unsuspected box then don't do it but if you know what the box is for then you can enter it and do your stuff.


Forum Jump:


Users browsing this thread: 1 Guest(s)