lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 15 Jan 2008 13:56:48 +0530
From: "crazy frog crazy frog" <i.m.crazy.frog@...il.com>
To: nick@...us-l.demon.co.uk
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: [Full-disclosure] what is this?

nick,
ur not getting my point,the url is techicorner.com/{random string
here},i have already mentioned it in previous posts.
i have read the link sent by denis,and i would have to conclude that:
1)The problem does not occurs always,instead it occurs randomly based
on IP or something like tht.
2)if u look at the pages on techicorner.com u will not find any
malicious code,so its possible that the server is compromised and its
an LKM
please refer to these links:
http://www.webhostingtalk.com/showthread.php?t=651748 [thanks denis]

Thanks again everyone for your valuable suggestion,i posted here to
share this stuff with everyone and may be u can learn from it.

regards,
_CF

On Jan 15, 2008 12:15 PM, Nick FitzGerald <nick@...us-l.demon.co.uk> wrote:
> crazy frog crazy frog wrote:
>
> > well,
> > i received many response but no one is perfact.i checked the files and
> > didn't find anything embeded in my scripts or pages.still i have to
> > figure out why my antivirus randomly popsup?i mean most of the times
> > it doesnt detect any infection but then suddenly this thing happnes
> > and then everything seems ok.
> > i dont think its a problem with my script otherwise i could have find
> > the code or it should be repeating consistly.has any one still facing
> > this issue in the techicorner.com or on tubeley.com or on
> > secgeeks.com?
> >
> > let me know i m trying hard to digg this issue.
>
> If you would tell us the _actual_ URL where this behaviour is being
> seen we would have a reasonable chance of actually diagnosing it.  As
> it is, we're having to guess based on matching your half-arsed
> descriptions of what you think is happening with our knowledge of what
> has been seen going on out there.
>
> This may surprise you, but many thousands and thousands of sites are
> compromised each day to display "similar" activity to what you've asked
> to us to diagnose (aka "guess").
>
> If we could look at the actual site and see what is really happening
> should have a better (if not perfect) chance of success.
>
>
> Regards,
>
> Nick FitzGerald
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
advertise on secgeeks?
http://secgeeks.com/Advertising_on_Secgeeks.com
http://newskicks.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ