whatshakin

Just trying to figure out what happened. Appears to be a bogus membership. Managed to get past all the join form blocks. No join dates, no other info except for a hotmail address and this username... Inserted somehow in the middle of my membership. Also got two of these so was trying to rejoin with the same name.

================================================

Database error in TowTalk.net
Query:

INSERT INTO `Profiles` (`ID`, `NickName`, `Email`, `Password`, `Salt`, `Status`, `Role`) VALUES
(NULL, 'whatshakin', 'in-jazz@hotmail.com', '3282116d7a58fb9a4c6b0d7fd91ebe414691316a', 'ZmFlNDEz', 'Active', 3)

Mysql error: Duplicate entry 'whatshakin' for key 'NickName'

Found error in the file '/var/www/vhosts/towtalk.net/httpdocs/user.php' at line 6.
Called 'db_res' function with erroneous argument #0.


Debug backtrace:

Array
(
    [1] => Array
        (
            [file] => /var/www/vhosts/towtalk.net/httpdocs/inc/classes/BxDolDb.php
            [line] => 237
            [function] => error
            [class] => BxDolDb
            [object] => BxDolDb Object
                (
                    [error_checking] => 1
                    [error_message] => Duplicate entry 'whatshakin' for key 'NickName'
                    [host] => localhost
                    [port] => 
                    [socket] => 
                    [dbname] => admin_towtalk
                    [user] => *****
                    [password] => *****
                    [link] => Resource id #25
                    [current_res] => 
                    [current_arr_type] => 1
                    [oParams] => BxDolParams Object
                        (
                            [_oDb] => BxDolDb Object
 *RECURSION*
                            [_oCache] => BxDolCacheFile Object
                                (
                                    [sPath] => /var/www/vhosts/towtalk.net/httpdocs/cache/
                                )

                            [_sCacheFile] => sys_options_fae68eee881c1964a70343d95cb81c27.php
                            [_aParams] => [truncated]
                        )

                    [oDbCacheObject] => BxDolCacheFile Object
                        (
                            [sPath] => /var/www/vhosts/towtalk.net/httpdocs/cache/
                        )

                )

            [type] => ->
            [args] => Array
                (
                    [0] => Database query error
                    [1] => 
                    [2] => INSERT INTO `Profiles` (`ID`, `NickName`, `Email`, `Password`, `Salt`, `Status`, `Role`) VALUES
(NULL, 'whatshakin', 'in-jazz@hotmail.com', '3282116d7a58fb9a4c6b0d7fd91ebe414691316a', 'ZmFlNDEz', 'Active', 3)
                )

        )

    [2] => Array
        (
            [file] => /var/www/vhosts/towtalk.net/httpdocs/inc/db.inc.php
            [line] => 33
            [function] => res
            [class] => BxDolDb
            [object] => BxDolDb Object
                (
                    [error_checking] => 1
                    [error_message] => Duplicate entry 'whatshakin' for key 'NickName'
                    [host] => localhost
                    [port] => 
                    [socket] => 
                    [dbname] => admin_XXXXXXXXX
                    [user] => *****
                    [password] => *****
                    [link] => Resource id #25
                    [current_res] => 
                    [current_arr_type] => 1
                    [oParams] => BxDolParams Object
                        (
                            [_oDb] => BxDolDb Object
 *RECURSION*
                            [_oCache] => BxDolCacheFile Object
                                (
                                    [sPath] => /var/www/vhosts/towtalk.net/httpdocs/cache/
                                )

                            [_sCacheFile] => sys_options_fae68eee881c1964a70343d95cb81c27.php
                            [_aParams] => [truncated]
                        )

                    [oDbCacheObject] => BxDolCacheFile Object
                        (
                            [sPath] => /var/www/vhosts/towtalk.net/httpdocs/cache/
                        )

                )

            [type] => ->
            [args] => Array
                (
                    [0] => INSERT INTO `Profiles` (`ID`, `NickName`, `Email`, `Password`, `Salt`, `Status`, `Role`) VALUES
(NULL, 'whatshakin', 'in-jazz@hotmail.com', '3282116d7a58fb9a4c6b0d7fd91ebe414691316a', 'ZmFlNDEz', 'Active', 3)
                )

        )

    [3] => Array
        (
            [file] => /var/www/vhosts/towtalk.net/httpdocs/user.php
            [line] => 6
            [function] => db_res
            [args] => Array
                (
                    [0] => INSERT INTO `Profiles` (`ID`, `NickName`, `Email`, `Password`, `Salt`, `Status`, `Role`) VALUES
(NULL, 'whatshakin', 'in-jazz@hotmail.com', '3282116d7a58fb9a4c6b0d7fd91ebe414691316a', 'ZmFlNDEz', 'Active', 3)
                )

        )

)

Found error in the file '/var/www/vhosts/towtalk.net/httpdocs/user.php' at line 6.

That file isn't in stock Dolphin. What are the contents of it? If you open a ticket with us, I can also take a closer look for you.

Not sure what your version of Dolphin is, but I do not have a user.php file

Check to see if any third party module has a user.php file.

I'll be gawd danged.... Looky what I found.

<?phpinclude('inc/header.inc.php');

db_res("INSERT INTO `Profiles` (`ID`, `NickName`, `Email`, `Password`, `Salt`, `Status`, `Role`) VALUES(NULL, 'whatshakin', 'in-jazz@hotmail.com', '3282116d7a58fb9a4c6b0d7fd91ebe414691316a', 'ZmFlNDEz', 'Active', 3)");

Someone would have had to upload this to my server. It's in the root.

Probably ticked them off since I don't give a standard user any discernible access, lol.

Immediately change all passwords to everything.  Also, run a scan on your local drive in case a trojan has been installed that captured any passwords.

Damn, I did not catch that ROLE 3 on the profile earlier.  Delete that account immediately if you have not already done so.

Don't forget to check the creation time of this user.php file. It might give you a clue, how this could have happened

i really liked you menu in http://towtalk.net/

is it from boonex market?

Ok final notes on this. Turns out I've been carrying the file in my system since 2011. My site used to be called townation.com. Somehow I managed to pass the file over probably when I had to backup after a major failure a couple years ago. 

Then the same hack came back and tried using the uploaded file not realizing he used it before and it threw an error because the username already existed.

Role 3 cannot be deleted. (standard). Also I have the standard membership set where the user has no real access to update, add or delete so no harm can really come from it. He probably found this a little irritating and then gave up. 

He did not have password access but he did find the file already in my root. Just the same, I changed all my passwords, deleted and/or changed all my ftp accounts, removed the extraneous admin access I had given to several individuals using deanos tools and made sure there were no other file changes. I think we're in pretty good shape.

As far as the menu, it comes from the biz template I use on my site. It is a nice template.... I think it's something Houstonlively worked up....

Here you go: http://www.boonex.com/forums/topic/FREE-Dolphin-7-1-template.htm

Wonder if this is what they used? I'm just going on the fact that it surfaced in 2011..

http://www.boonex.com/forums/topic/URGENT-D7-Exploit-has-your-website-been-hacked-.htm

Dear, Role 3 is an admin, which is why I said damn.  Maybe that was the cause of the issue you had back then.  You should be able to remove the account; I know you can through direct edit of the database (back up first)  If nothing else, go into the database and change the value of role field.

Could have just been a new web crawler hitting the file and it fired off...