mIRC Home    About    Download    Register    News    Help

Print Thread
Joined: May 2003
Posts: 4
S
Sypher Offline OP
Self-satisified door
OP Offline
Self-satisified door
S
Joined: May 2003
Posts: 4
1st of all, sorry in advance for my english, it's not my first language.

Then, i had to report a thing.... a user on a net had remotely modified my server.ini and my perform.ini ......
i dunno how he done that!!!
But, i can assure u i was using 6.03 PLAIN version, no scripts inside, and the user didnt know my IP....
i can assure u i havent any backdoor or something else in my system.
i have sygate personal firewall, win2000 no SP....

someone can tell me how he done that and how to avoid that again?
cause, if thats a bug of 6.03 itself u can easily imagine how terrific the situation would be if that bug will be spread....

thx 4 your attention.
Sypher signin off

Joined: May 2003
Posts: 4
S
Sypher Offline OP
Self-satisified door
OP Offline
Self-satisified door
S
Joined: May 2003
Posts: 4
Update.
i reconstructed what that user done.
first of all created a new file (server.ini NOT serverS.ini)
then he added a new line in mirc.ini section [rfiles] n5=server.ini finally he modified the file "perform.ini" cleaning it up. (maybe even reading it... if so i need to change all my passwords LOL)

hope that helps.
waiting ansiously for answers...
sypher signin off

Joined: Dec 2002
Posts: 3,127
P
Hoopy frood
Offline
Hoopy frood
P
Joined: Dec 2002
Posts: 3,127
The only way that could be done is with a trojan/backdoor/virus. In other words, you got it from something you downloaded/opened/from going to an infected website. Thats why we strongly recommend using caution in downloading, opening emails, typing whatever someone tells you to, clicking on every url thats spammed. Using a good virus scanner and keeping it updated helps, but isnt a complete solution. (and yes, server.ini as opposed to serverS.ini is a common nasty).

I suggest a good virus scan or two. Try this free online one here as it catches some IRC things others miss. Make a note of what it finds, and use the research that site provides to be sure you dont have to manually do some further editing


ParaBrat @#mIRCAide DALnet
Joined: May 2003
Posts: 4
S
Sypher Offline OP
Self-satisified door
OP Offline
Self-satisified door
S
Joined: May 2003
Posts: 4
understood what happened.
i was thinking that was an user who did me this, cause that user .... well, he gave me reasons to think that he was the hack'r :P
after a unsleepy night i discovered that the thing who did that was a JS from a website (damn... if i've read ur post before :P) made to automatically do that sort of things....
intresting how a js can easily corrupt user files.... i think i had to improve my firewall :P
however, thx 4 the infoes, goodbye!
sypher signin' off

Joined: Dec 2002
Posts: 191
N
Vogon poet
Offline
Vogon poet
N
Joined: Dec 2002
Posts: 191
Maybe updating windows might help too.

Joined: Dec 2002
Posts: 230
G
Fjord artisan
Offline
Fjord artisan
G
Joined: Dec 2002
Posts: 230
or not using internet explorer.
smile

Joined: May 2003
Posts: 4
S
Sypher Offline OP
Self-satisified door
OP Offline
Self-satisified door
S
Joined: May 2003
Posts: 4
here i am again :P
ok, that was not a JS but a ActiveX laugh
using the bug who can create delete modify file in a user hard disk, that site managed to modify my irc setting...
thx all :P
goin to update LOL :P

Joined: Dec 2002
Posts: 191
N
Vogon poet
Offline
Vogon poet
N
Joined: Dec 2002
Posts: 191
My point being the security updates available in the later service packs might have stopped the jscript from being able to run in the first place.


Link Copied to Clipboard