V3ct0r 2,117 Report post Posted October 27, 2022 Probable miner in the "PKOdev.NET website for Tales of Pirates Server" files Hello friends, Recently the member of our forum @dragontechi reported in the topic "PKOdev.NET website for Tales of Pirates Server" that he have problems with a miner at his VPS and probably this miner comes with the website. On 10/12/2022 at 6:06 PM, dragontechi said: @V3ct0r hello good how is everything I want to comment something about this web page I sent you the information privately the matter is take the web install it in a clean vps only the web the xampp if nothing else in the vps after 1 or 3 days in the vps It appears to me that it is mining, some type of script is executed when I carry out said installation, I cannot ensure 100% of the information, but since it happened to me several times, I saw the first one, I installed all web servers, after a time due to a high amount of lag, I start to verify the tasks of vps and I see that some kind of mining is installed along with some applications like any desk could you check the website I would like to ask the users of "PKODev.NET Website for Tales of Pirates" to check their PCs and VPS for similar symptoms. I also want to emphasize once again that at the moment there is no evidence that the website is actually infected with malicious files. Thank you for the attention and have a nice day! 1 Quote Some useful links / Полезные ссылки Tips for making a topic in 'Questions & Help' / Рекомендации по созданию тем в разделе "Помощь" Server Advertising Section Rules / Правила раздела "Реклама серверов" Available e-mail domains for registration / Допустимые e-mail домены для регистрации User groups / Группы пользователей User ranks / Звания пользователей "Broken" pictures on the forum / "Битые" изображения на форуме Beware of scammers! / Осторожно, мошенники! My developments / Мои разработки Mods for client and server / Моды для клиента и сервера PKOdev.NET website for Tales of Pirates Server / PKOdev.NET веб-обвязка для сервера Пиратии I do not provide any help in private messages and outside the forum. Use 'Questions & Help' section please. Thank you for understanding! Я не оказываю какую-либо помощь в личных сообщениях и вне форума. Пожалуйста, используйте раздел "Пиратия: Помощь". Благодарю за понимание! Share this post Link to post Share on other sites
squaller 21 Report post Posted October 27, 2022 i think its bacause he uses xampp. and didnt secure them. 1 Quote Share this post Link to post Share on other sites
V3ct0r 2,117 Report post Posted October 27, 2022 7 minutes ago, squaller said: i think its bacause he uses xampp. and didnt secure them. On older versions of XAMPP, for example 1.6.8, an FTP server was launched along with Apache, to which you could connect using the default administrator account, upload any PHP scripts to the htdocs folder, and, accordingly, execute them. @dragontechi Always change the login and password of the default administrator account after installing a particular program! 1 Quote Some useful links / Полезные ссылки Tips for making a topic in 'Questions & Help' / Рекомендации по созданию тем в разделе "Помощь" Server Advertising Section Rules / Правила раздела "Реклама серверов" Available e-mail domains for registration / Допустимые e-mail домены для регистрации User groups / Группы пользователей User ranks / Звания пользователей "Broken" pictures on the forum / "Битые" изображения на форуме Beware of scammers! / Осторожно, мошенники! My developments / Мои разработки Mods for client and server / Моды для клиента и сервера PKOdev.NET website for Tales of Pirates Server / PKOdev.NET веб-обвязка для сервера Пиратии I do not provide any help in private messages and outside the forum. Use 'Questions & Help' section please. Thank you for understanding! Я не оказываю какую-либо помощь в личных сообщениях и вне форума. Пожалуйста, используйте раздел "Пиратия: Помощь". Благодарю за понимание! Share this post Link to post Share on other sites
dragontechi 68 Report post Posted October 28, 2022 2 hours ago, V3ct0r said: On older versions of XAMPP, for example 1.6.8, an FTP server was launched along with Apache, to which you could connect using the default administrator account, upload any PHP scripts to the htdocs folder, and, accordingly, execute them. @dragontechi Always change the login and password of the default administrator account after installing a particular program! really deactivate and change the ftp password install xampp but the strange thing is that I automatically mount the website they start the installation of said applications and test the site 3 times and I have the same problem the vps was clean I am using another website and I don't I have presented the same problem but I can't be sure that it is the website with because I verified a large part of the code and I didn't find anything suspicious with my experience but I decided to comment on it since it really hasn't happened to me with other websites Quote Share this post Link to post Share on other sites
V3ct0r 2,117 Report post Posted October 28, 2022 14 hours ago, dragontechi said: really deactivate and change the ftp password install xampp but the strange thing is that I automatically mount the website they start the installation of said applications and test the site 3 times and I have the same problem the vps was clean I am using another website and I don't I have presented the same problem but I can't be sure that it is the website with because I verified a large part of the code and I didn't find anything suspicious with my experience but I decided to comment on it since it really hasn't happened to me with other websites Let us know if you find anything please. 1 Quote Some useful links / Полезные ссылки Tips for making a topic in 'Questions & Help' / Рекомендации по созданию тем в разделе "Помощь" Server Advertising Section Rules / Правила раздела "Реклама серверов" Available e-mail domains for registration / Допустимые e-mail домены для регистрации User groups / Группы пользователей User ranks / Звания пользователей "Broken" pictures on the forum / "Битые" изображения на форуме Beware of scammers! / Осторожно, мошенники! My developments / Мои разработки Mods for client and server / Моды для клиента и сервера PKOdev.NET website for Tales of Pirates Server / PKOdev.NET веб-обвязка для сервера Пиратии I do not provide any help in private messages and outside the forum. Use 'Questions & Help' section please. Thank you for understanding! Я не оказываю какую-либо помощь в личных сообщениях и вне форума. Пожалуйста, используйте раздел "Пиратия: Помощь". Благодарю за понимание! Share this post Link to post Share on other sites
Fisal Moha 21 Report post Posted November 27, 2022 I think everyone should install anti virus in their host like Avira or Malwarebytes it happened to me before sadly I am not certain where it came from although I am using my own website so I think some people out there put it hidden in their programs like Hex editor (Faking it so people wont notice it) and if their rocket suspect that you are going discover its miner the program is going to start encryptating your files and stealing all passwords and such on then will ask for money those programs are serious pain because you wont notice them until very late and if they manage to crypt you can't skip so always do backup and make sure to use anti virus even in your host Quote Share this post Link to post Share on other sites
champ 147 Report post Posted November 27, 2022 I’ve had a glance through your code before @V3ct0r and originally published website code is safe to use (although it could do with an upgrade of the php version). Quote Share this post Link to post Share on other sites
dragontechi 68 Report post Posted November 27, 2022 Yes, but because of a comment from a person who put it in this publication, I decided to change xampp to wampp and I have not had any more. The strange thing is that I have used the same xampp with other sites and a similar problem has never happened to me, as I explained before. mind I'm not sure it's the website but since I only set up the site apart from the same as always and the problem arose after the installation in clean vps only sql xampp and website the site currently with wampp has 2 months without problem currently @V3ct0r @champ @Fisal Moha @squaller Quote Share this post Link to post Share on other sites
Fisal Moha 21 Report post Posted November 27, 2022 2 hours ago, dragontechi said: Yes, but because of a comment from a person who put it in this publication, I decided to change xampp to wampp and I have not had any more. The strange thing is that I have used the same xampp with other sites and a similar problem has never happened to me, as I explained before. mind I'm not sure it's the website but since I only set up the site apart from the same as always and the problem arose after the installation in clean vps only sql xampp and website the site currently with wampp has 2 months without problem currently @V3ct0r @champ @Fisal Moha @squaller not sure if the cause was the site but, I stopped thinking about the causes and just installed anti virus its such nerf wreching thinking about it welp I am happy you got it solved all evil ransom hackers should be punished I hate such lame thing and their money is taken from others people efforts ofc I dont pay them but others do which keep them going sadly welp be careful when downloading new stuff and always scan them good luck mate and have joyful day. Quote Share this post Link to post Share on other sites