lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 14 Jan 2008 19:26:24 +0530
From: "crazy frog crazy frog" <i.m.crazy.frog@...il.com>
To: nick@...us-l.demon.co.uk
Cc: Untitled <full-disclosure@...ts.grok.org.uk>,
	PenTest <pen-test@...urityfocus.com>, bugtraq@...urityfocus.com
Subject: Re: what is this?

hmm.thanks everyone for the suggestions.

On Jan 14, 2008 5:22 PM, Nick FitzGerald <nick@...us-l.demon.co.uk> wrote:
> 3APA3A wrote:
>
> > Dear crazy frog crazy frog,
> >
> >   Clear  your  computer  from  trojan,  change FTP password for you site
> >   hosting  access,  because it's stolen, access your hosting account via
> >   FTP  and remove additional text (usually at the end of the file, after
> >   </html>) from all HTML/PHP pages.
>
> Ummmm -- the only part of that likely to be relevant here is the last.
>
> These kinds of web page "compromises" are typically achieved through
> bad/ill-configured/non-updated server-side web applications (or their
> underlying script engines) and are typically achieved without requiring
> any more special or privileged access to the victim sites than the
> ability to run a clever Google search or your own brute-force spidering
> via a bot-net, etc.
>
> Of course, simply removing the undesired iframe/script/etc tags from
> your compromised pages is not enough.  Although doing so does not mean
> that this attacker will come back, it equally does nothing to close the
> hole they used in the first place, and the next attacker searching for
> that hole will hit you just as easily and indiscriminately...
>
>
> Regards,
>
> Nick FitzGerald
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
advertise on secgeeks?
http://secgeeks.com/Advertising_on_Secgeeks.com
http://newskicks.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ