[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <015f01c68663$737d17a0$0301a8c0@intuwares.com>
Date: Fri Jun 2 17:36:14 2006
From: colin.75 at btinternet.com (Colin Copley)
Subject: Files keep appearing
Files keep appearingHi
Have you taken a look from the outside as it were, at the website that is hosted above the /Resources directory where they keep appearing?
Are they being uploaded through some insecure feature the webdevelopers have bolted onto the page, upload your CV / Docs kind of thing?
That would look like legit site traffic in your connection logs.
Any .pl / ,php / .asp scripts in or around that directory & do they log the filenames?
It could be that the site itself is insecure presenting the phisher a way in despite running a fully patched server.
The original site could even be a smokescreen in which to hide the phishing pages...
> - no connections were made on my server
Remember if your webserver has been compromised through a known vuln or 0day the logs could be lying.
Regards
Colin
----- Original Message -----
From: Stephen Johnson
To: Untitled
Sent: Friday, June 02, 2006 5:08 AM
Subject: [Full-disclosure] Files keep appearing
I keep having a phishing website appear on my web server.
They keep showing up in a Resources folder of one of the sites that I host. I have gone through the logs and I am not seeing any connections. I deleted the files this morning and this evening they re-appeared - no connections were made on my server during that period of time.
Also, there are no cron jobs that I noticed that looked out of the ordinary.
I am running MySQL, PHP, Apache2 on a debian linux server.
Any thoughts?
--
Stephen Johnson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060602/fff68775/attachment.html
Powered by blists - more mailing lists