[Coco] Uploads section
operator at coco3.com
Fri Nov 23 17:55:53 EST 2007
CoCo Tower wrote:
> WAIT. Ok, now the user "testing" appears to have
> uploaded the PHP/C99shell.B backdoor script as
> reported by Microsoft OneCare. How in the heck do the
> powers that be let this stuff happen. The authors of
> PHP and MySQL have got to get their stuff together.
> I do hope that whoever this juvenile is gets caught. It's just
> ridiculous. And I agree that the timing indicates a directed attack
> with clear malicious intent.
Just for the record, I wasn't blaming whoever "Randy" is of
personally doing anything wrong.
In fact, I didn't know who "Randy" was. There's a "Greg" I have no
idea about, either. Well, "Greg" is now deleted, so it doesn't
matter. I haven't been following the DL Logo thread.
At the time, "Greg", "Randy", and "testing" were simply account names
who floated right to the top of the last-accessed sorting that showed
the same date/hour/minute/2-seconds apart for accessing 1) an evil
script, 2) a CoCo logo file. vs all other user's folders showing much
later and spread apart access times.
Does this prove anything? No. But it had to be brought to
attention. Also, everyone should check their systems for spyware,
things that just don't seem right anymore, and so forth. I installed
a 90-day free trial of MS OneCare, and it caught those bad scripts
just by me VIEWING them as a text file!
It's possible that someone's system *could* be infected so that it
uses open gateways of sorts to post into the forums that the user
might be posting into at the time. I have seen many times using the
last coco3.com forum system how a regular user would post a message,
then at the same time a SPAM would be posted right below it by an
This screams of session ID hijacking by evil software running in the
background of the infected computer.
I'm at fault for trusting an Uploads feature that may even have been
developed by a hacker himself. It's a drop-in module that has
security features for disallowing certain filetypes, but we see now
that it was bypassed or didn't ever work.
For those who get good use out of swapping files through the Uploads
section, I apologize for having to shut it down for now.
More information about the Coco