Warning: Declaration of PageLinesHighlight::section_template($clone_id) should be compatible with PageLinesSection::section_template() in /var/www/marcusnyberg.com/wp-content/themes/pagelines/sections/highlight/section.php on line 0

Warning: Declaration of PLheroUnit::section_template($clone_id) should be compatible with PageLinesSection::section_template() in /var/www/marcusnyberg.com/wp-content/themes/pagelines/sections/hero/section.php on line 0

Warning: Declaration of PageLinesBanners::section_template($clone_id) should be compatible with PageLinesSection::section_template() in /var/www/marcusnyberg.com/wp-content/themes/pagelines/sections/banners/section.php on line 0

Warning: Declaration of PageLinesCarousel::section_template($clone_id) should be compatible with PageLinesSection::section_template() in /var/www/marcusnyberg.com/wp-content/themes/pagelines/sections/carousel/section.php on line 0

Warning: Declaration of PLMasthead::section_template($clone_id) should be compatible with PageLinesSection::section_template() in /var/www/marcusnyberg.com/wp-content/themes/pagelines/sections/masthead/section.php on line 0

Warning: Declaration of PLNavBar::section_template($clone_id, $location = '') should be compatible with PageLinesSection::section_template() in /var/www/marcusnyberg.com/wp-content/themes/pagelines/sections/navbar/section.php on line 0

Warning: Declaration of PageLinesQuickSlider::section_template($clone_id) should be compatible with PageLinesSection::section_template() in /var/www/marcusnyberg.com/wp-content/themes/pagelines/sections/quickslider/section.php on line 0

Warning: Declaration of PageLinesQuickSlider::section_head($clone_id) should be compatible with PageLinesSection::section_head() in /var/www/marcusnyberg.com/wp-content/themes/pagelines/sections/quickslider/section.php on line 0

Warning: Declaration of PageLinesFeatures::section_template($clone_id) should be compatible with PageLinesSection::section_template() in /var/www/marcusnyberg.com/wp-content/themes/pagelines/sections/features/section.php on line 0

Warning: Declaration of PageLinesFeatures::section_head($clone_id) should be compatible with PageLinesSection::section_head() in /var/www/marcusnyberg.com/wp-content/themes/pagelines/sections/features/section.php on line 0
Marcus Nyberg | Hacker attack detected

My site hockeysnack.com has been under hacker attack lately. Well, it is constantly under attack by bots but this time the site was targeted by a real hacker. The hacker first signed up as a regular user with the clever username ”putinn” and then he started to upload various scripts wherever he could.

Uploading php-scripts is forbidden (in code) so he tried to upload the script as other file formats. This is what he tried to upload:
shell.php.jpg
shell.php_1.jpg
shell.php.jpg
shell.php.html
shell.php.mp3

Fortunately I had already written protection against such attacks so the hacker had no luck and went somewhere else. When I found out about the attack I started to investigate it further. The attack uses the eval(base64_decode( attack vector, the same as I discovered earlier. For fun and curiosity I ran the attack code in a sandbox environment. What shoved up was a shell called n3tshell.

n3tshell

It contains so many features, like brute force ftp and sql querying etc. The image above shows the menu and a complete file browser which could edit/delete/create files.

n3tshell

This picture above shows more features. The attacker can execute all commands that are available for the user running the web server process. He could also upload files and do much more. It is a very powerful tool if the hacker manages to get the script running on the server.

The conclusion is to take ”submit/upload” threat very seriously. Everything that a user could submit to your site has to be checked for EVERY POSSIBLE attack vector.

Share →

Kommentera

E-postadressen publiceras inte. Obligatoriska fält är märkta *