mIRC Home    About    Download    Register    News    Help

Print Thread
Terrific Bug? Some1 can help ? #22764 06/05/03 07:55 PM
Joined: May 2003
Posts: 4
S
Sypher Offline OP
Self-satisified door
OP Offline
Self-satisified door
S
Joined: May 2003
Posts: 4
1st of all, sorry in advance for my english, it's not my first language.

Then, i had to report a thing.... a user on a net had remotely modified my server.ini and my perform.ini ......
i dunno how he done that!!!
But, i can assure u i was using 6.03 PLAIN version, no scripts inside, and the user didnt know my IP....
i can assure u i havent any backdoor or something else in my system.
i have sygate personal firewall, win2000 no SP....

someone can tell me how he done that and how to avoid that again?
cause, if thats a bug of 6.03 itself u can easily imagine how terrific the situation would be if that bug will be spread....

thx 4 your attention.
Sypher signin off

Re: Terrific Bug? Some1 can help ? #22765 06/05/03 08:28 PM
Joined: May 2003
Posts: 4
S
Sypher Offline OP
Self-satisified door
OP Offline
Self-satisified door
S
Joined: May 2003
Posts: 4
Update.
i reconstructed what that user done.
first of all created a new file (server.ini NOT serverS.ini)
then he added a new line in mirc.ini section [rfiles] n5=server.ini finally he modified the file "perform.ini" cleaning it up. (maybe even reading it... if so i need to change all my passwords LOL)

hope that helps.
waiting ansiously for answers...
sypher signin off

Re: Terrific Bug? Some1 can help ? #22766 06/05/03 10:15 PM
Joined: Dec 2002
Posts: 3,127
P
ParaBrat Offline
Hoopy frood
Offline
Hoopy frood
P
Joined: Dec 2002
Posts: 3,127
The only way that could be done is with a trojan/backdoor/virus. In other words, you got it from something you downloaded/opened/from going to an infected website. Thats why we strongly recommend using caution in downloading, opening emails, typing whatever someone tells you to, clicking on every url thats spammed. Using a good virus scanner and keeping it updated helps, but isnt a complete solution. (and yes, server.ini as opposed to serverS.ini is a common nasty).

I suggest a good virus scan or two. Try this free online one here as it catches some IRC things others miss. Make a note of what it finds, and use the research that site provides to be sure you dont have to manually do some further editing


ParaBrat @#mIRCAide DALnet
Re: Terrific Bug? Some1 can help ? #22767 07/05/03 04:43 AM
Joined: May 2003
Posts: 4
S
Sypher Offline OP
Self-satisified door
OP Offline
Self-satisified door
S
Joined: May 2003
Posts: 4
understood what happened.
i was thinking that was an user who did me this, cause that user .... well, he gave me reasons to think that he was the hack'r :P
after a unsleepy night i discovered that the thing who did that was a JS from a website (damn... if i've read ur post before :P) made to automatically do that sort of things....
intresting how a js can easily corrupt user files.... i think i had to improve my firewall :P
however, thx 4 the infoes, goodbye!
sypher signin' off

Re: Terrific Bug? Some1 can help ? #22768 07/05/03 06:21 AM
Joined: Dec 2002
Posts: 191
N
Nobodi Offline
Vogon poet
Offline
Vogon poet
N
Joined: Dec 2002
Posts: 191
Maybe updating windows might help too.

Re: Terrific Bug? Some1 can help ? #22769 07/05/03 09:01 AM
Joined: Dec 2002
Posts: 230
G
greeny Offline
Fjord artisan
Offline
Fjord artisan
G
Joined: Dec 2002
Posts: 230
or not using internet explorer.
smile

Re: Terrific Bug? Some1 can help ? #22770 07/05/03 02:02 PM
Joined: May 2003
Posts: 4
S
Sypher Offline OP
Self-satisified door
OP Offline
Self-satisified door
S
Joined: May 2003
Posts: 4
here i am again :P
ok, that was not a JS but a ActiveX laugh
using the bug who can create delete modify file in a user hard disk, that site managed to modify my irc setting...
thx all :P
goin to update LOL :P

Re: Terrific Bug? Some1 can help ? #22771 07/05/03 02:03 PM
Joined: Dec 2002
Posts: 191
N
Nobodi Offline
Vogon poet
Offline
Vogon poet
N
Joined: Dec 2002
Posts: 191
My point being the security updates available in the later service packs might have stopped the jscript from being able to run in the first place.