Bangert 30 1619GJ Andijk
Bangert 30 1619GJ Andijk > Hackers 3-12-2018

Hackers 3-12-2018



whas searching for a php filemanager single file script
      because the yahoo service realy sucks nowadays 2018
      it whas better in 1995 with geocities wich become yahoo 23 years ago????
               www.geocities.com/siliconvalley/lab/3685/
               https://web.archive.org/web/19991010071017/www.geocities.com/siliconvalley/lab/3685/

so found a script tinyfilemanager 
https://github.com/prasathmani/tinyfilemanager
https://tinyfilemanager.github.io

little testing on local pc and yahoo
2 hours later
what the Fuck
Someone from india is calling the script tfm.php i see in server log
tfm.php i named it 
     original name whas tinyfilemanager.php


my simple homemade local log from other servers from img src call

somebody with ip 106 ...... comes from tfm.php and goes to luberth.com
nobody can should know of existance of hidden tfm.php and what it does on that location

[02 12 2018 17:42:31]:
{ 106.51.27.139 } (( http://www.luberth.com/index.htm --------- http://www.luberth.com/tfm.php?p= ))
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36
106.51.27.139 106.51.27.139 Atria Convergence Technologies Pvt. Ltd. Bengaluru IN India 12.9833 77.5833



prasathmani commented 4 hours ago
@ldijkman 
File manager using the Loggly Analysis tool for analytics, sometimes randomly checking logs. 
File manager is secured with PHP password hash using a strong one-way hashing algorithm, 
no one can access file manager without login credentials.

line of code in tinyfilemanager.php where he got my tfm.php location url info from 
img src gif wich is not realy a gif but pulls info from users browser wich try to load the gif
<img src="https://logs-01.loggly.com/inputs/d8bad570-def7-44d4-922c-a8680d936ae6.gif?s=1" />


local appache log

do you not like your own file manager
pfm.php?

106.51.27.139 - - [02/Dec/2018:16:32:25 +0100] "GET /pfm.php?frame=3&fm_current_dir=/var/ HTTP/1.1" 200 7370 "http://84.106.2.21:8888/pfm.php?frame=3&fm_current_dir=/var/www/html/ondroid/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"
106.51.27.139 - - [02/Dec/2018:16:32:26 +0100] "GET /pfm.php?action=99&filename=file_sprite.png HTTP/1.1" 304 155 "http://84.106.2.21:8888/pfm.php?frame=3&fm_current_dir=/var/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"


uploading and deleting of pfm.php by indian ip
       another filemanager script on github does he not like his own tinyfilemanager script 

106.51.27.139 - - [02/Dec/2018:16:29:45 +0100] "
                           POST /tfm.php?p= HTTP/1.1" 200 317 "http://84.106.2.21:8888/tfm.php?p=&upload" 
106.51.27.139 - - [02/Dec/2018:16:29:51 +0100] "
                            GET /tfm.php?p= HTTP/1.1" 200 18827 "http://84.106.2.21:8888/tfm.php?p=&upload" 

106.51.27.139 - - [02/Dec/2018:16:29:57 +0100] "
                             GET /pfm.php HTTP/1.1" 200 2752 "http://84.106.2.21:8888/tfm.php?p=" 
106.51.27.139 - - [02/Dec/2018:16:30:03 +0100] "
                             POST /pfm.php HTTP/1.1" 302 413 "http://84.106.2.21:8888/pfm.php" 
106.51.27.139 - - [02/Dec/2018:16:30:04 +0100] "
                             GET /pfm.php HTTP/1.1" 200 2458 "http://84.106.2.21:8888/pfm.php" 
************
a lot off sniffing on my server pc, 
              it is like breaking in my house searching for passwords, code ,secrets etcetera

and delete of pfm.php
106.51.27.139 - - [02/Dec/2018:16:33:03 +0100] "POST /tfm.php?p=&del=pfm.php HTTP/1.1" 302 341    "http://84.106.2.21:8888/tfm.php?p=&del=pfm.php" "Mozilla/5.0 (Windows NT





ldijkman commented 25 minutes ago
your doing much more then checking if a password is set on tinyfilemanager

me ColliFlowerFarmerProgrammer think first line in shell scripts maybe should be

      if ($_SERVER['REMOTE_ADDR'] != "enter.your.ip.adres.here"){echo"NoNo ip adres not correct";die;}

then it can never be started after download by anyone

github should NOT be a provider of hacker victims for hackers
 in Holland this would be a criminal act

https://github.com/prasathmani/tinyfilemanager/issues/94
prasathmani/tinyfilemanager
 Code  Issues 11  Pull requests 8  Insights
        This issue was deleted.

strange behavior github i did not delete the issue https://github.com/prasathmani/tinyfilemanager/issues/94
 who did?

sure the burglar didnt like to be confronted with hard facts evidence and deleted me
        thats why i made a copy here

https://github.com/prasathmani/
https://github.com/prasathpree

Prasath Mani prasathmani
prasathpree
CCP Programmers
Chennai, India 
prasath@techstuffs.in 
http://fb.com/ccpprogrammers
Web Developer
Bangalore

Comments or GuestBook?



De hele dag met zijn cut achter de computer , Dan zou je denken dat je er toch weleens achter komt dat je meer als 2 wijsvingers hebt en dat als je die gebruikt dat het dan veel sneller gaat
Got your ip


Big thanks to BingBot, GoogleBot, YandexBot for being the best visitors to my sites ;-)

GuestBook