Will pay for help solving issue ASAP

[kiladila]

Thanks kd1987 for advices i will look in to it, but i think this is sql injection some where in script...

[kd1987]

If it is sqli that u suspect then, add this line in your .htaccess

php_flag magic_quotes_gpc on

relying on this feature is discouraged however, if the claimed "hacker" is one of those scripties who knows only about sqli, x=x auth bypass, lfi, rfi, etc.. then, it will keep him at his bay

[kiladila]

We didn't managed how stealing was done, but after changing rapidleech script from rapidleech plus from zecel.com to original upgraded, problem are gone. So it's seams that rapidleech+ from zecel.com have serious backdoors ir something like this.

[kd1987]

Cheers!

[albertoberto]

It's prolly the script's fault, some vulnerability.

Which script are you using, btw?

Either way, premium links generators are always exposed to those kind of things. Most of the times, a simple http debugger and some base64 decoder is more than enough to leech the acc's data.

[albertoberto]

Nice site, by the way.

Sorry for the double post.

[kiladila]

albertoberto you right. Problem is solved yesterday and reason:
insert_location() function (download
system) which reveals premium cookies and base_64 encoded auth-strings to end
user(s). with simple http debuger.