PHPProBid UK Site Dynabid Hacked - Owner Vanishes leaving a few dozen hanging

[xwpopper]

Another great reason not to use rinky dink auction sites.
http://dynabid.2forum.biz/the-dynabid-gr...46.htm#167

"HOW CAN SOMEONE JUST DISAPPEAR AFTER ALL THE HARD WORK
THAT THEY HAVE PUT IN TO MAKE A GO OF THIS."

My dear, no hard work was put into this. It was purchased with some mods for about $300, and installation probably took all of 2 hours. Then when it was hacked, she probably just figured she could vanish a while and buy the software again, then start a new one in a few months.
That's what happens when you depend on rinky dink eBay alternatives.

Here's what the front page reads from Google when using Firefox:
"Reported Attack Site!
This web site at www.dynabid.org has been reported as an attack site and has been blocked based on your security preferences.
Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.
Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners."

Click on the more info:
"What is the current listing status for dynabid.org?
    Site is listed as suspicious - visiting this web site may harm your computer.
    Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

    Of the 170 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2008-12-11, and the last time suspicious content was found on this site was on 2008-12-11.
    Malicious software includes 3 trojan(s), 2 scripting exploit(s), 1 exploit(s). Successful infection resulted in an average of 1 new processes on the target machine.
    Malicious software is hosted on 2 domain(s), including hotwol.com/, 91.142.64.0/.
    1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including offshore-hsbc-unitedkingdom.com/.
    This site was hosted on 2 network(s) including AS42831 (UKSERVERS), AS8075 (MICROSOFT).
Has this site acted as an intermediary resulting in further distribution of malware?
    Over the past 90 days, dynabid.org did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
    No, this site has not hosted malicious software over the past 90 days.
How did this happen?
    In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message."

That's what happens when you depend on rinky dink eBay alternatives. Just ask AWW Chris about how many times his site gbauctions.co.uk has been hacked.

[mandy]

Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners."

The PHPProBid developers haven't patched the Multiple SQL Inection vulnerability that was discovered in September.  All it takes to compromise any PHP Pro site and gain database access is this bit of exploit code:

Code:

http://example.com/phpprobidlocation/categories.php?start=0&limit=20&parent_id=669&keywords_cat_search=&buyout_price=&reserve_price=&quantity=&enable_swap=&order_field=(select%201)x&order_type=%20

[regic]

The PHPProBid developers haven't patched the Multiple SQL Inection vulnerability that was discovered in September.

3 months is nothing compared to the 21 months the boinktards at Kaqoo have failed to patch a highly critical vulnerability that allows hackers to gain system access in their free software.

http://community.tuliptools.com/index.ph...l#msg73595

edit: A list of auction scripts besides PHPProBid and RScript which have had recent security problems.  The majority of the script developers have failed to issue security patches.

Active Auction House 3.x
Active Auction Pro 7.x
AJ Auction Pro
Auction Script
Auction Sentry 3.x
Auction Sentry Deluxe 2.x
Auction XL
Domain Name Auction
EveryAuction 1.x
Freelance Auction Script
GC Auction Platinum
GeoAuctions Enterprise 1.x
GeoAuctions Premier 2.x
Kaqoo Auction Software Free Edition
MakeBid Deluxe Auction
MakeBid Reverse Auction
MakeBid Standard Auction
MySQL Auction 3.x
NetAuctionHelp Auction Software 3.x
NetAuctionHelp Auction Software 4.x
NetAuctionHelp Classified Ads 1.x
PHP Labs Top Auction
phpAuction 3.x
PHPauction GPL 2.x
phpbb-Auction 1.x (module for phpBB)

http://secunia.com/advisories/search/?search=auction

[sneakymagenta]

Hello,
For those who are concerned about Dynabid, I have been told that they are haveing problems with there internet connection and can't get on to resolve any problems.

thanks everybody for the words the problem has been fixed regarding the google warning at the moment we have no internet access until the 30th december 2008 we have just travelled 30 miles to use a connection we do apologise to all members and hope you all understand the problem we have at the moment and everything will be back to normal with everything as soon as we have a connection thanks again to everybody

They forgot to pay their AOL bill. 

[Fastandfurious]

I understand that the telephone line was severed due to new buildings put up in the area which then has a knock on effect with the broadband connection of the telephone number (its cancelled automatically) the reconnection time is 10 days (as recommended by OFCOM in the AOL Contract) but due to a technical error by AOL it was not re connected until 30.12.08 so i hope that puts you right with your information sneakymagenta just contact me if you require technical information on how the system works.
Dynabid is now back up and running again and i am pleased to put this link from google to assure everybody that the problem has now been sorted out.
http://www.google.com/safebrowsing/diagn...ynabid.org

BTW Sneakymagenta If you do not know the owners of Dynabid how did you know which personal ISP they use? :turkey2:

[sneakymagenta]

BTW Sneakymagenta If you do not know the owners of Dynabid how did you know which personal ISP they use?

Duh. The computer/Internet illiterate always use AOL.

Dynabid is now back up and running again and i am pleased to put this link from google to assure everybody that the problem has now been sorted out.

I tested Dynabid with LinkScanner today and the problem has NOT been sorted out.

http://linkscanner.explabs.com/linkscann...NS=ChkOnly&SRC=apps.explabs.com&CS=http://www.dynabid.org

DANGEROUS: LinkScanner Online has found
[Link to known exploit site (type 502)]
Detail: Exploit: Link To Known Exploit Site


This page contains a link to a known exploit site. This link may or may not be active. It may or may not require you to click it to be infected. Some pages with such links automatically download the malicious code without any action on your part. Because of this we automatically block access to such pages.
Risk Category: Exploit
Description: XPL's Intelligence Network has detected an exploit. An exploit is a piece of malware code that takes advantage of a vulnerability in a software application, usually the operating system or a web browser to infect a computer. Exploits usually target a computer by means of a drive-by download – the user has no idea that a download has even taken place. XPL recommends not visiting this web site regardless if your computer has been patched for the vulnerability.
Scanned:
Tuesday, December 30, 2008

Our Advice:

This page contains at least one exploit. You should not click on this link without appropriate anti-exploit protection on your PC.

[xwpopper]

I tested Dynabid with LinkScanner today and the problem has NOT been sorted out.

http://linkscanner.explabs.com/linkscanner/checksite.aspx?NS=ChkOnly&SRC=apps.explabs.com&CS=http://www.dynabid.org

Still not fixed or it's happened again:
http://linkscanner.explabs.com/linkscann...NS=ChkOnly&SRC=apps.ExpLabs.com&CS=http://dynabid.org

[rho]

OT...I'd been wondering where a poseur picked up the explabs linkscanner idea/info...now I know. Thanks for the bump.

[xwpopper]

Site update:
http://www.dynabid.org redirects to:
http://server.trustahost.co.uk/suspended.page/

Maybe they got tired of getting hacked every month and decided to close up. 

[bargainbloodhound]

It's back.  The 155 members can get back to the business of selling parking their items and putting their personal info at risk because the owner is clueless about security.