Assuming my MAMP server is hacked

Discussion in 'Web Design and Development' started by sawmaster, Jul 10, 2009.

  1. sawmaster macrumors regular

    #1
    Hey.

    I've been using MAMP for awhile now, but it has been doin' some strange things. I'll list the problems below (I feel like I'm missing some info).

    • In my wordpress directory (and a few others), I get a download named "DownloadedFile" or "DownloadedFile-#"
    • All wordpress blogs' CSS style sheets haven't been loading and all the formatting is lost (this problem started happening sometime today)
    • In the admin panel of wordpress, the dashboard is "jumbled up". When I use the Web Inspector in safari 4, I get two syntax errors in 2 diffrent javascript files. Both javascript scripts have a crapload of symbols that can't even be displayed.

    After re-installing MAMP, and restarting, it worked great for a little while, but then when I left my house and came back, I found it screwed up again. Right after I fixed my MAMP installation, I backed up my mac. So I decided to restore my MAMP folder in my Applications folder. No luck. Restarted my mac, and had no luck.

    I'll show you the php log. I found some pretty interesting stuff in there...

    Code:
    [08-Jul-2009 22:19:21] PHP Notice:  Undefined index:  myname in /Volumes/Ben's Files/Sites/2008/December/29/5-46 PM/chat/iphone/index.php on line 2
    [08-Jul-2009 22:19:21] PHP Notice:  Undefined index:  message in /Volumes/Ben's Files/Sites/2008/December/29/5-46 PM/chat/iphone/index.php on line 3
    [08-Jul-2009 22:19:21] PHP Notice:  Undefined index:  color in /Volumes/Ben's Files/Sites/2008/December/29/5-46 PM/chat/iphone/index.php on line 4
    [08-Jul-2009 22:19:38] PHP Notice:  Undefined index:  uploadedfile in /Volumes/Ben's Files/Sites/2008/December/29/5-46 PM/page_maker/make.php on line 67
    [08-Jul-2009 22:19:38] PHP Notice:  Undefined index:  uploadedfile in /Volumes/Ben's Files/Sites/2008/December/29/5-46 PM/page_maker/make.php on line 69
     
    
    The point is, who's been lurking in these long-forgotten PHP scripts I made a long time ago? Do those lines indicate that someone has been in there, and something in the PHP script caused it to be logged?

    Thanks in advance.

    Ben
     
  2. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #2
    "Jumbled up" can mean a few things. Can you elaborate, maybe provide a screen shot if necessary?

    On the PHP logs, they are only notices so it's not a biggie, but do you believe the indexes that were attempted are suppose to work, or something else? I don't know the intent of those pages. It's pretty common for bots to try and submit things to forms and not always in an intelligent manner. For instance, there's spambots that try to use my contact form to send spam, but I block them.

    In the events you didn't know, when trying the link in your sig, the page prompts me to download a file that's given a random name.dms.part. It's a zero byte file.
     
  3. DaReal_Dionysus macrumors regular

    DaReal_Dionysus

    Joined:
    Jan 9, 2009
  4. sawmaster thread starter macrumors regular

    #4
    I did that already.

    Sorry, my brain was going nuts because I've been so frustrated. Here.. I'll give you a snapshot if I can.

    Update: Can't. I took the snapshot. Now where do I put it? I just realized my server isn't working, and photobucket is a piece of crap.

    Update: Flickr won't work either

    Update #3: After bypassing my MM3 proxy, I no longer see my homepage, and I am now getting the file download again too. http://sawmaster2.no-ip.org:8888/images/Photo 7.png is the image, but my server isn't working (duh).

    Update #4: If I use my local url (bb.local), it seems to work ok (I can view that image of the jumbled up wordpress admin). If I use sawmaster2.no-ip.org, then the fun begins.
     
  5. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #5
    You can add the image as an attachment to your post. Look for the Manage Attachment button below in the Additional Options area.
     
  6. sawmaster thread starter macrumors regular

    #6
    Thanks.
     

    Attached Files:

  7. DaReal_Dionysus macrumors regular

    DaReal_Dionysus

    Joined:
    Jan 9, 2009
    #7
    Okay I'm a bit confused!!! Are you putting the website your using with MAMP in the htdocs?
     
  8. sawmaster thread starter macrumors regular

    #8
    No. I have a custom location.

    Here's a snapshot of the web inspector.

    [​IMG]

    Sorry it took so long, Mac Forums wasn't uploading my image anymore, and I needed to use photobucket.
     
  9. sawmaster thread starter macrumors regular

    #9
    Update

    If I goto bb.local:8888 (my computer's bonjour name), I see safari's server not found error. But, if I use localhost:8888, I will see my website.

    Is there any solution anybody here knows?

    I really need my site back up ASAP.
     
  10. sawmaster thread starter macrumors regular

    #10
    Nevermind.

    I found the problem: My Mac's bonjour name wasn't working.
     
  11. DaReal_Dionysus macrumors regular

    DaReal_Dionysus

    Joined:
    Jan 9, 2009
  12. sawmaster thread starter macrumors regular

    #12
    Hmm... I wonder why MM3 keeps generating a random port?

    I feel that it changed the port of itself to 8888, the port with MAMP.

    I'm pretty pissed off. Wasted days. I'm going to piss in the toilet now.
     

Share This Page