Jump to content
V3ct0r

Probable miner in the "PKOdev.NET website for Tales of Pirates Server" files

Recommended Posts

Probable miner in the "PKOdev.NET website for Tales of Pirates Server" files

 

Hello friends,

 

Recently the member of our forum @dragontechi reported in the topic "PKOdev.NET website for Tales of Pirates Server" that he have problems with a miner at his VPS and probably this miner comes with the website.

 

On 10/12/2022 at 6:06 PM, dragontechi said:

@V3ct0r 

hello good how is everything I want to comment something about this web page I sent you the information privately the matter is take the web install it in a clean vps only the web the xampp if nothing else in the vps after 1 or 3 days in the vps It appears to me that it is mining, some type of script is executed when I carry out said installation, I cannot ensure 100% of the information, but since it happened to me several times, I saw the first one, I installed all web servers, after a time due to a high amount of lag, I start to verify the tasks of vps and I see that some kind of mining is installed along with some applications like any desk could you check the website

304823898_654726766080230_4362505658026884831_n.jpg.91369cd25a90390371f449daa62d0f33.jpg

 

I would like to ask the users of "PKODev.NET Website for Tales of Pirates" to check their PCs and VPS for similar symptoms. I also want to emphasize once again that at the moment there is no evidence that the website is actually infected with malicious files.

 

Thank you for the attention and have a nice day!

  • Thanks 1

Share this post


Link to post
Share on other sites
7 minutes ago, squaller said:

i think its bacause he uses xampp. and didnt secure them. 

On older versions of XAMPP, for example 1.6.8, an FTP server was launched along with Apache, to which you could connect using the default administrator account, upload any PHP scripts to the htdocs folder, and, accordingly, execute them. @dragontechi

 

Always change the login and password of the default administrator account after installing a particular program!

  • Thanks 1

Share this post


Link to post
Share on other sites
2 hours ago, V3ct0r said:

On older versions of XAMPP, for example 1.6.8, an FTP server was launched along with Apache, to which you could connect using the default administrator account, upload any PHP scripts to the htdocs folder, and, accordingly, execute them. @dragontechi

 

Always change the login and password of the default administrator account after installing a particular program!

really deactivate and change the ftp password install xampp but the strange thing is that I automatically mount the website they start the installation of said applications and test the site 3 times and I have the same problem the vps was clean I am using another website and I don't I have presented the same problem but I can't be sure that it is the website with because I verified a large part of the code and I didn't find anything suspicious with my experience but I decided to comment on it since it really hasn't happened to me with other websites

Share this post


Link to post
Share on other sites
14 hours ago, dragontechi said:

really deactivate and change the ftp password install xampp but the strange thing is that I automatically mount the website they start the installation of said applications and test the site 3 times and I have the same problem the vps was clean I am using another website and I don't I have presented the same problem but I can't be sure that it is the website with because I verified a large part of the code and I didn't find anything suspicious with my experience but I decided to comment on it since it really hasn't happened to me with other websites

Let us know if you find anything please.

  • Like 1

Share this post


Link to post
Share on other sites

I think everyone should install anti virus in their host like Avira or Malwarebytes it happened to me before sadly I am not certain where it came from although I am using my own website so I think some people out there put it hidden in their programs like Hex editor (Faking it so people wont notice it) and if their rocket suspect that you are going discover its miner the program is going to start encryptating your files and stealing all passwords and such on then will ask for money those programs are serious pain because you wont notice them until very late and if they manage to crypt you can't skip :/ so always do backup and make sure to use anti virus even in your host

Share this post


Link to post
Share on other sites

I’ve had a glance through your code before @V3ct0r and originally published website code is safe to use (although it could do with an upgrade of the php version).

Share this post


Link to post
Share on other sites

Yes, but because of a comment from a person who put it in this publication, I decided to change xampp to wampp and I have not had any more. The strange thing is that I have used the same xampp with other sites and a similar problem has never happened to me, as I explained before. mind I'm not sure it's the website but since I only set up the site apart from the same as always and the problem arose after the installation in clean vps only sql xampp and website the site currently with wampp has 2 months without problem currently @V3ct0r @champ @Fisal Moha @squaller

Share this post


Link to post
Share on other sites
2 hours ago, dragontechi said:

Yes, but because of a comment from a person who put it in this publication, I decided to change xampp to wampp and I have not had any more. The strange thing is that I have used the same xampp with other sites and a similar problem has never happened to me, as I explained before. mind I'm not sure it's the website but since I only set up the site apart from the same as always and the problem arose after the installation in clean vps only sql xampp and website the site currently with wampp has 2 months without problem currently @V3ct0r @champ @Fisal Moha @squaller

not sure if the cause was the site but, I stopped thinking about the causes and just installed anti virus its such nerf wreching thinking about it xD welp I am happy you got it solved all evil ransom hackers should be punished I hate such lame thing and their money is taken from others people efforts ofc I dont pay them but others do which keep them going sadly

 

welp be careful when downloading new stuff and always scan them good luck mate and have joyful day.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...