| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: vizzy at freemail.hu (Vizzy) Subject: Another false Citibank e-mail...a new phishing? hiho Steve! It is not disguisted, but indeed hacked server: sk03.cultureclub.co.kr ---> 218.36.71.193 No wonder someone found it very easy to exploit (as it runs buggy mod_ssl, openssl, php, ..) and use compromised server to collect CC data without traces. It has two Apache versions running on 80 and 443 as was said here already, and looks like has some backdoor ports open (but I'll investigate more..) SM> Nope. SM> Just More misdiredction by the miscreants SM> try the url SM> http://218.36.71.193:443/test.php SM> The requested URL /test.php was not found on this server. SM> ------------------------------------------------------------------------ SM> Apache/1.3.6 Server at proxyegana.goldpfeil.de Port 80 SM> [stm@rp2]$ nslookup www.sk.com SM> Note: nslookup is deprecated and may be removed from future releases. SM> Consider using the `dig' or `host' programs instead. Run nslookup with SM> the `-sil[ent]' option to prevent this message from appearing. SM> Server: 192.168.8.1 SM> Address: 192.168.8.1#53 SM> Non-authoritative answer: SM> Name: www.sk.com SM> Address: 64.227.233.29 -- have phun, Vizzy
Powered by blists - more mailing lists