[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <41011d980801150924k51e051a7pd5c6d15abe076944@mail.gmail.com>
Date: Tue, 15 Jan 2008 22:54:45 +0530
From: "crazy frog crazy frog" <i.m.crazy.frog@...il.com>
To: "Gadi Evron" <ge@...uxbox.org>
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: Re: what is this?
nope i dont thnk it has to do with user agent.i have tried with
IE,Firefox but nothing.though when u change ip it shows the stuff.so i
think its ip based?
On Jan 15, 2008 10:52 PM, Gadi Evron <ge@...uxbox.org> wrote:
> On Tue, 15 Jan 2008, crazy frog crazy frog wrote:
> > nick,
> > ur not getting my point,the url is techicorner.com/{random string
> > here},i have already mentioned it in previous posts.
> > i have read the link sent by denis,and i would have to conclude that:
> > 1)The problem does not occurs always,instead it occurs randomly based
> > on IP or something like tht.
>
> In recent kits, it is more likely it is user-agent based.
>
>
> > 2)if u look at the pages on techicorner.com u will not find any
> > malicious code,so its possible that the server is compromised and its
> > an LKM
> > please refer to these links:
> > http://www.webhostingtalk.com/showthread.php?t=651748 [thanks denis]
> >
> > Thanks again everyone for your valuable suggestion,i posted here to
> > share this stuff with everyone and may be u can learn from it.
> >
> > regards,
> > _CF
> >
> > On Jan 15, 2008 12:15 PM, Nick FitzGerald <nick@...us-l.demon.co.uk> wrote:
> >> crazy frog crazy frog wrote:
> >>
> >>> well,
> >>> i received many response but no one is perfact.i checked the files and
> >>> didn't find anything embeded in my scripts or pages.still i have to
> >>> figure out why my antivirus randomly popsup?i mean most of the times
> >>> it doesnt detect any infection but then suddenly this thing happnes
> >>> and then everything seems ok.
> >>> i dont think its a problem with my script otherwise i could have find
> >>> the code or it should be repeating consistly.has any one still facing
> >>> this issue in the techicorner.com or on tubeley.com or on
> >>> secgeeks.com?
> >>>
> >>> let me know i m trying hard to digg this issue.
> >>
> >> If you would tell us the _actual_ URL where this behaviour is being
> >> seen we would have a reasonable chance of actually diagnosing it. As
> >> it is, we're having to guess based on matching your half-arsed
> >> descriptions of what you think is happening with our knowledge of what
> >> has been seen going on out there.
> >>
> >> This may surprise you, but many thousands and thousands of sites are
> >> compromised each day to display "similar" activity to what you've asked
> >> to us to diagnose (aka "guess").
> >>
> >> If we could look at the actual site and see what is really happening
> >> should have a better (if not perfect) chance of success.
> >>
> >>
> >> Regards,
> >>
> >> Nick FitzGerald
> >>
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >
> >
> >
> > --
> > advertise on secgeeks?
> > http://secgeeks.com/Advertising_on_Secgeeks.com
> > http://newskicks.com
> >
>
--
advertise on secgeeks?
http://secgeeks.com/Advertising_on_Secgeeks.com
http://newskicks.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists