Ok… What and How? .TTF hacked and dropping link spam!

No offense taken. It was complete a pain to find. Please excuse my frustration.

Anyways, I guess finding how they got that on my server is the question?

.. like I said, uploaded.

im sure those server logs are long gone. what the timestamp on the file? That will tell you how long its been there.

I don’t know, I’ll have to look at it. Here is a similar post regarding this attack. It looks the same anyhow.

https://www.ads-software.com/support/topic/157889?replies=17

whooami – I found it myself, like I said in the beginning. Just about the time I gave up, I found it. That was my whole point. I prefer to find these things myself anyhow because If this EVER happens to me again, at least I’ll know were to start looking. ??

Tue Feb 19 17:27:24 EST 2008

C99madShell v. 2.0 madnet edition

Tue Feb 19 17:27:24 EST 2008

10 months old. nice.

I know crazy! Hey, thanks for all the input Whooami. I like your style!

oh, since youre still peeking in here, what directory did you find that in?

It was in my theme. Believe it or not, if it were a falling brick, I’d be dead.

It was named i_sidebar.php. I’m not sure that’s all there is to it. I still don’t understand how they can edit files on my server but this C99madShell v. 2.0 madnet edition is a pretty malicious looking script. (I know it was uploaded somehow) There’s even a feature that allows you to delete itself from any directory, among many other cracking tools.

I’m wondering if the hack is still there and I just happened to find the tool (i_sidebar.php) they were using at the time?