mIRC Homepage
Posted By: Sypher Terrific Bug? Some1 can help ? - 06/05/03 07:55 PM
1st of all, sorry in advance for my english, it's not my first language.

Then, i had to report a thing.... a user on a net had remotely modified my server.ini and my perform.ini ......
i dunno how he done that!!!
But, i can assure u i was using 6.03 PLAIN version, no scripts inside, and the user didnt know my IP....
i can assure u i havent any backdoor or something else in my system.
i have sygate personal firewall, win2000 no SP....

someone can tell me how he done that and how to avoid that again?
cause, if thats a bug of 6.03 itself u can easily imagine how terrific the situation would be if that bug will be spread....

thx 4 your attention.
Sypher signin off
Posted By: Sypher Re: Terrific Bug? Some1 can help ? - 06/05/03 08:28 PM
Update.
i reconstructed what that user done.
first of all created a new file (server.ini NOT serverS.ini)
then he added a new line in mirc.ini section [rfiles] n5=server.ini finally he modified the file "perform.ini" cleaning it up. (maybe even reading it... if so i need to change all my passwords LOL)

hope that helps.
waiting ansiously for answers...
sypher signin off
Posted By: ParaBrat Re: Terrific Bug? Some1 can help ? - 06/05/03 10:15 PM
The only way that could be done is with a trojan/backdoor/virus. In other words, you got it from something you downloaded/opened/from going to an infected website. Thats why we strongly recommend using caution in downloading, opening emails, typing whatever someone tells you to, clicking on every url thats spammed. Using a good virus scanner and keeping it updated helps, but isnt a complete solution. (and yes, server.ini as opposed to serverS.ini is a common nasty).

I suggest a good virus scan or two. Try this free online one here as it catches some IRC things others miss. Make a note of what it finds, and use the research that site provides to be sure you dont have to manually do some further editing
Posted By: Sypher Re: Terrific Bug? Some1 can help ? - 07/05/03 04:43 AM
understood what happened.
i was thinking that was an user who did me this, cause that user .... well, he gave me reasons to think that he was the hack'r :P
after a unsleepy night i discovered that the thing who did that was a JS from a website (damn... if i've read ur post before :P) made to automatically do that sort of things....
intresting how a js can easily corrupt user files.... i think i had to improve my firewall :P
however, thx 4 the infoes, goodbye!
sypher signin' off
Posted By: Nobodi Re: Terrific Bug? Some1 can help ? - 07/05/03 06:21 AM
Maybe updating windows might help too.
Posted By: greeny Re: Terrific Bug? Some1 can help ? - 07/05/03 09:01 AM
or not using internet explorer.
smile
Posted By: Sypher Re: Terrific Bug? Some1 can help ? - 07/05/03 02:02 PM
here i am again :P
ok, that was not a JS but a ActiveX laugh
using the bug who can create delete modify file in a user hard disk, that site managed to modify my irc setting...
thx all :P
goin to update LOL :P
Posted By: Nobodi Re: Terrific Bug? Some1 can help ? - 07/05/03 02:03 PM
My point being the security updates available in the later service packs might have stopped the jscript from being able to run in the first place.
© mIRC Discussion Forums