[Full-disclosure] what is this?
crazy frog crazy frog
i.m.crazy.frog at gmail.com
Mon Jan 14 13:56:24 GMT 2008
hmm.thanks everyone for the suggestions.
On Jan 14, 2008 5:22 PM, Nick FitzGerald <nick at virus-l.demon.co.uk> wrote:
> 3APA3A wrote:
> > Dear crazy frog crazy frog,
> > Clear your computer from trojan, change FTP password for you site
> > hosting access, because it's stolen, access your hosting account via
> > FTP and remove additional text (usually at the end of the file, after
> > </html>) from all HTML/PHP pages.
> Ummmm -- the only part of that likely to be relevant here is the last.
> These kinds of web page "compromises" are typically achieved through
> bad/ill-configured/non-updated server-side web applications (or their
> underlying script engines) and are typically achieved without requiring
> any more special or privileged access to the victim sites than the
> ability to run a clever Google search or your own brute-force spidering
> via a bot-net, etc.
> Of course, simply removing the undesired iframe/script/etc tags from
> your compromised pages is not enough. Although doing so does not mean
> that this attacker will come back, it equally does nothing to close the
> hole they used in the first place, and the next attacker searching for
> that hole will hit you just as easily and indiscriminately...
> Nick FitzGerald
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
advertise on secgeeks?
Full-Disclosure is hosted and sponsored by Secunia.