lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri Jun 2 17:36:14 2006 From: colin.75 at btinternet.com (Colin Copley) Subject: Files keep appearing Files keep appearingHi Have you taken a look from the outside as it were, at the website that is hosted above the /Resources directory where they keep appearing? Are they being uploaded through some insecure feature the webdevelopers have bolted onto the page, upload your CV / Docs kind of thing? That would look like legit site traffic in your connection logs. Any .pl / ,php / .asp scripts in or around that directory & do they log the filenames? It could be that the site itself is insecure presenting the phisher a way in despite running a fully patched server. The original site could even be a smokescreen in which to hide the phishing pages... > - no connections were made on my server Remember if your webserver has been compromised through a known vuln or 0day the logs could be lying. Regards Colin ----- Original Message ----- From: Stephen Johnson To: Untitled Sent: Friday, June 02, 2006 5:08 AM Subject: [Full-disclosure] Files keep appearing I keep having a phishing website appear on my web server. They keep showing up in a Resources folder of one of the sites that I host. I have gone through the logs and I am not seeing any connections. I deleted the files this morning and this evening they re-appeared - no connections were made on my server during that period of time. Also, there are no cron jobs that I noticed that looked out of the ordinary. I am running MySQL, PHP, Apache2 on a debian linux server. Any thoughts? -- Stephen Johnson -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060602/fff68775/attachment.html
Powered by blists - more mailing lists