server battle with a 1 and 1 "admin"

[bad_brain]

now that was hilarious. a customer has her sites hosted on 1 and 1, and after the sites were pwnd 1 and 1 "locked" them.
"locking" a site can be done in 2 ways: the proper one, and the retarded one. if I have to lock a site (which is usually only when a customer does not pay) the files are all moved into a directory above the web root, but still within the ftp root...so the customer can still get his files and go to hell (aka another host) if he likes.
the retarded way, and pretty much everyone of the "big hosters" is doing it that way, is to chmod the files, usually to 000, so they can not be accessed. luckily this can be easily evaded by logging in to ftp and chmod the files back to 755 (or whatever), and this is needed because files with a 000 permission can't even be downloaded anymore (no read permission).
but not this time. I logged in, found the files with 200 permissions (huh? why the write permissions? that only keeps shells functional..duh!), set the permissions to 755, and started downloading.

after a bit the "failed transfer" queue piled up:


I checked why that is...and the files were back to 200 permissions again. so obviously the retarded 1 and 1 "admin" was monitoring the files and reverted my changes.
the big question: how is someone supposed to clean a pwnd site without being able to download the files because dumbo sets the permissions to 200? again: and why to hell 200?

ok, so it went back and forth a couple of times, he even kicked me out of ftp then...

luckily the hosting package the customer got includes SSH access...so I logged in, changed permissions, packed the files...but before the packing was done moron has reverted to 200 again, and even kicked me out of SSH.
oook...changed to a new IP, chmod 777 this time (just to piss him off), and then the sneaky part: I packed the files again, but this time with a name like .file.tar.gz, the . in front makes it a hidden file, and obviously retardo-admin was using the simple ls command without the -a switch, so he couldn't see the hidden file.

10 minutes later:

got the files...finally...

I considered to leave a note in a text file...but nah...

[ayu]

haha what an idiot xD.
Sneaky ninja b_b strikes again!

[bad_brain]

and now to the actual reason why I had to get the files: cleaning the sites from pwnage before transferring it to my server.

I noticed this string here in front of a random .php file I opened:
http://code.suck-o.com/42574" onclick="window.open(this.href);return false;

and it wasn't just a "lucky" hit when I opened that one file:


4886 files infected...and this is just that one string, so there might be more...

[ayu]

lol yeah I saw on FB xD.
Not a very sneaky infection really xF

[computathug]

Ya got to do a news item on this buddy, i couldn't stop laughing when reading it. !-0 to bb xD

[lilrofl]

I find myself stuck on the 200 file permission... it's like I can hear the facepalm from here

[bad_brain]

yeah lilrofl, it's the most stupid file permission possible....because it makes no sense.
I mean, why on earth does files need write permissions by the owner if reading by the owner is not allowed at the same time? you can't write without reading first...

[ayu]

yeah lilrofl, it's the most stupid file permission possible....because it makes no sense.
I mean, why on earth does files need write permissions by the owner if reading by the owner is not allowed at the same time? you can't write without reading first...

I can't think of any situation where you would need it in this case.
But I do know a similar case in databases that I've come across a few times.
A user can only INSERT, but nothing else (can't SELECT or such), because the function is to only insert log entries and nothing else.
It stopped me from getting further into the system at least ^^.

Maybe there is some special case with the file permissions where it's useful, or maybe something that was used a long time ago?