whatshakin

Just trying to figure out what happened. Appears to be a bogus membership. Managed to get past all the join form blocks. No join dates, no other info except for a hotmail address and this username... Inserted somehow in the middle of my membership. Also got two of these so was trying to rejoin with the same name.

 

================================================

Database error in TowTalk.net
Query:

INSERT INTO `Profiles` (`ID`, `NickName`, `Email`, `Password`, `Salt`, `Status`, `Role`) VALUES
(NULL, 'whatshakin', 'in-jazz@hotmail.com', '3282116d7a58fb9a4c6b0d7fd91ebe414691316a', 'ZmFlNDEz', 'Active', 3)

Mysql error: Duplicate entry 'whatshakin' for key 'NickName'

Found error in the file '/var/www/vhosts/towtalk.net/httpdocs/user.php' at line 6.
Called 'db_res' function with erroneous argument #0.


Debug backtrace:

Array
(
    [1] => Array
        (
            [file] => /var/www/vhosts/towtalk.net/httpdocs/inc/classes/BxDolDb.php
            [line] => 237
            [function] => error
            [class] => BxDolDb
            [object] => BxDolDb Object
                (
                    [error_checking] => 1
                    [error_message] => Duplicate entry 'whatshakin' for key 'NickName'
                    [host] => localhost
                    [port] => 
                    [socket] => 
                    [dbname] => admin_towtalk
                    [user] => *****
                    [password] => *****
                    [link] => Resource id #25
                    [current_res] => 
                    [current_arr_type] => 1
                    [oParams] => BxDolParams Object
                        (
                            [_oDb] => BxDolDb Object
 *RECURSION*
                            [_oCache] => BxDolCacheFile Object
                                (
                                    [sPath] => /var/www/vhosts/towtalk.net/httpdocs/cache/
                                )

                            [_sCacheFile] => sys_options_fae68eee881c1964a70343d95cb81c27.php
                            [_aParams] => [truncated]
                        )

                    [oDbCacheObject] => BxDolCacheFile Object
                        (
                            [sPath] => /var/www/vhosts/towtalk.net/httpdocs/cache/
                        )

                )

            [type] => ->
            [args] => Array
                (
                    [0] => Database query error
                    [1] => 
                    [2] => INSERT INTO `Profiles` (`ID`, `NickName`, `Email`, `Password`, `Salt`, `Status`, `Role`) VALUES
(NULL, 'whatshakin', 'in-jazz@hotmail.com', '3282116d7a58fb9a4c6b0d7fd91ebe414691316a', 'ZmFlNDEz', 'Active', 3)
                )

        )

    [2] => Array
        (
            [file] => /var/www/vhosts/towtalk.net/httpdocs/inc/db.inc.php
            [line] => 33
            [function] => res
            [class] => BxDolDb
            [object] => BxDolDb Object
                (
                    [error_checking] => 1
                    [error_message] => Duplicate entry 'whatshakin' for key 'NickName'
                    [host] => localhost
                    [port] => 
                    [socket] => 
                    [dbname] => admin_XXXXXXXXX
                    [user] => *****
                    [password] => *****
                    [link] => Resource id #25
                    [current_res] => 
                    [current_arr_type] => 1
                    [oParams] => BxDolParams Object
                        (
                            [_oDb] => BxDolDb Object
 *RECURSION*
                            [_oCache] => BxDolCacheFile Object
                                (
                                    [sPath] => /var/www/vhosts/towtalk.net/httpdocs/cache/
                                )

                            [_sCacheFile] => sys_options_fae68eee881c1964a70343d95cb81c27.php
                            [_aParams] => [truncated]
                        )

                    [oDbCacheObject] => BxDolCacheFile Object
                        (
                            [sPath] => /var/www/vhosts/towtalk.net/httpdocs/cache/
                        )

                )

            [type] => ->
            [args] => Array
                (
                    [0] => INSERT INTO `Profiles` (`ID`, `NickName`, `Email`, `Password`, `Salt`, `Status`, `Role`) VALUES
(NULL, 'whatshakin', 'in-jazz@hotmail.com', '3282116d7a58fb9a4c6b0d7fd91ebe414691316a', 'ZmFlNDEz', 'Active', 3)
                )

        )

    [3] => Array
        (
            [file] => /var/www/vhosts/towtalk.net/httpdocs/user.php
            [line] => 6
            [function] => db_res
            [args] => Array
                (
                    [0] => INSERT INTO `Profiles` (`ID`, `NickName`, `Email`, `Password`, `Salt`, `Status`, `Role`) VALUES
(NULL, 'whatshakin', 'in-jazz@hotmail.com', '3282116d7a58fb9a4c6b0d7fd91ebe414691316a', 'ZmFlNDEz', 'Active', 3)
                )

        )

)

 

http://towtalk.net ... Hosted by Zarconia.net!
Quote · 4 Sep 2015
Found error in the file '/var/www/vhosts/towtalk.net/httpdocs/user.php' at line 6.

 

That file isn't in stock Dolphin. What are the contents of it? If you open a ticket with us, I can also take a closer look for you.

BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin
Quote · 4 Sep 2015

Not sure what your version of Dolphin is, but I do not have a user.php file

Dedicated servers for as little as $32 (28 euro) - See http://denre.com for more information
Quote · 4 Sep 2015

Check to see if any third party module has a user.php file.

Geeks, making the world a better place
Quote · 4 Sep 2015

I'll be gawd danged.... Looky what I found.

 

<?phpinclude('inc/header.inc.php');

db_res("INSERT INTO `Profiles` (`ID`, `NickName`, `Email`, `Password`, `Salt`, `Status`, `Role`) VALUES(NULL, 'whatshakin', 'in-jazz@hotmail.com', '3282116d7a58fb9a4c6b0d7fd91ebe414691316a', 'ZmFlNDEz', 'Active', 3)");

Someone would have had to upload this to my server. It's in the root.

 

Probably ticked them off since I don't give a standard user any discernible access, lol.

http://towtalk.net ... Hosted by Zarconia.net!
Quote · 4 Sep 2015

Immediately change all passwords to everything.  Also, run a scan on your local drive in case a trojan has been installed that captured any passwords.

Geeks, making the world a better place
Quote · 5 Sep 2015

Damn, I did not catch that ROLE 3 on the profile earlier.  Delete that account immediately if you have not already done so.

Geeks, making the world a better place
Quote · 5 Sep 2015

Don't forget to check the creation time of this user.php file. It might give you a clue, how this could have happened

Dedicated servers for as little as $32 (28 euro) - See http://denre.com for more information
Quote · 5 Sep 2015

i really liked you menu in http://towtalk.net/

is it from boonex market?

Always remember that the future comes one day at a time.
Quote · 5 Sep 2015

Ok final notes on this. Turns out I've been carrying the file in my system since 2011. My site used to be called townation.com. Somehow I managed to pass the file over probably when I had to backup after a major failure a couple years ago. 

Then the same hack came back and tried using the uploaded file not realizing he used it before and it threw an error because the username already existed.

 

Role 3 cannot be deleted. (standard). Also I have the standard membership set where the user has no real access to update, add or delete so no harm can really come from it. He probably found this a little irritating and then gave up. 

 

He did not have password access but he did find the file already in my root. Just the same, I changed all my passwords, deleted and/or changed all my ftp accounts, removed the extraneous admin access I had given to several individuals using deanos tools and made sure there were no other file changes. I think we're in pretty good shape.

 

As far as the menu, it comes from the biz template I use on my site. It is a nice template.... I think it's something Houstonlively worked up....

 

Here you go: http://www.boonex.com/forums/topic/FREE-Dolphin-7-1-template.htm

http://towtalk.net ... Hosted by Zarconia.net!
Quote · 5 Sep 2015

Wonder if this is what they used? I'm just going on the fact that it surfaced in 2011..

 

http://www.boonex.com/forums/topic/URGENT-D7-Exploit-has-your-website-been-hacked-.htm

BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin
Quote · 6 Sep 2015

Dear, Role 3 is an admin, which is why I said damn.  Maybe that was the cause of the issue you had back then.  You should be able to remove the account; I know you can through direct edit of the database (back up first)  If nothing else, go into the database and change the value of role field.

Geeks, making the world a better place
Quote · 6 Sep 2015

Could have just been a new web crawler hitting the file and it fired off... 

https://dolphin-techs.com - Skype: Dolphin Techs
Quote · 6 Sep 2015
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.