Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Web site compromised?

Reply
Thread Tools

Web site compromised?

 
 
Kompu Kid
Guest
Posts: n/a
 
      04-23-2009


UPDATE:

* I found also a My hosting services told me that an infection on my
personal computer is probably where the injection of suspect codes
have started. He says the virus on my computer used the ftp link I
have to the web hosting site.

* In addition to the script I gave earlier, I found on some pages
another piece of code that had an "iframe" html command. The iframe
was referring to a chinese site "betwager". I am not able to write the
full code and the site. Google won't let me post it.

 
Reply With Quote
 
 
 
 
Kompu Kid
Guest
Posts: n/a
 
      04-23-2009
On Apr 23, 4:03*pm, "David H. Lipman" <DLipman~(E-Mail Removed)>
wrote:
> From: "Kompu Kid" <(E-Mail Removed)>
>
> | UPDATE:
>
> | * I found also a My hosting services told me that an infection on my
> | personal computer is probably where the injection of suspect codes
> | have started. He says the virus on my computer used the ftp link I
> | have to the web hosting site.
>
> | * In addition to the script I gave earlier, I found on some pages
> | another piece of code that had an "iframe" html command. The iframe
> | was referring to a chinese site "betwager". I am not able to write the
> | full code and the site. Google won't let me post it.
>
> Don't use Google !
>
> news://nntp.aioe.org/alt.computer.security
> Crosss-Posted to the other groups.
>
> As for your hosting company, they could be wrong are just passing the blame to you.
> Chances are MORE likely that you use an application on the server with vulnerabilities and
> malicious actors have exploited them to add malicious code to your site.
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.html
> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp


It seems like I need to install a newsreader on my computer to use the
"news://nntp.aioe.org/alt.computer.security ".

Outlooked volunteered when I put that in my Chrome's address area, but
I do not want to use it.

Any recommendations for a news reader for the XP environment? If it
matters, I use Firefox in addition to chrome.

Deguza
 
Reply With Quote
 
 
 
 
Todd H.
Guest
Posts: n/a
 
      04-23-2009
"David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:

> From: "Kompu Kid" <(E-Mail Removed)>
>
>
>
> | UPDATE:
>
> | * I found also a My hosting services told me that an infection on my
> | personal computer is probably where the injection of suspect codes
> | have started. He says the virus on my computer used the ftp link I
> | have to the web hosting site.
>
> | * In addition to the script I gave earlier, I found on some pages
> | another piece of code that had an "iframe" html command. The iframe
> | was referring to a chinese site "betwager". I am not able to write the
> | full code and the site. Google won't let me post it.
> Crosss-Posted to the other groups.
>
> As for your hosting company, they could be wrong are just passing the blame to you.
> Chances are MORE likely that you use an application on the server with vulnerabilities and
> malicious actors have exploited them to add malicious code to your site.


Much agreed. PHP is so pourous that it's much more likely to be a
direct attack on your site rather than some convoluted "trojan on your
computer that modifies local html and then magically knows what FTP
client you're using, reuses its cached password for the site and loads
the modified html onto the remote site."

The target audience for such a client side sploit is so small it
wouldn't be worthwhile.

visit http://www.securityfocus.com/vulnerabilities

and for each of the following, chase down what vulns there are for it
for the version of each your site is running

Web server version (apache whatever likely)
php version on the server
what php forum script you're using / version


And see what vulns are in each for the versions you have, and that'll
wittle down the "how" in what happened perhaps.


--
Todd H.
http://www.toddh.net/
 
Reply With Quote
 
ŠAriŽ
Guest
Posts: n/a
 
      04-24-2009
On Thu, 23 Apr 2009 15:11:49 -0700 (PDT), Kompu Kid wrote:

> * I found also a My hosting services told me that an infection on my
> personal computer is probably where the injection of suspect codes
> have started. He says the virus on my computer used the ftp link I
> have to the web hosting site.


LOL
--
A fireside chat not with Ari!
http://tr.im/holj
Motto: Live To Spooge It!
 
Reply With Quote
 
DGB
Guest
Posts: n/a
 
      04-24-2009
ŠAriŽ wrote:
> On Thu, 23 Apr 2009 15:11:49 -0700 (PDT), Kompu Kid wrote:
>
>> * I found also a My hosting services told me that an infection on my
>> personal computer is probably where the injection of suspect codes
>> have started. He says the virus on my computer used the ftp link I
>> have to the web hosting site.

>
> LOL


Can you/will you expand on your comment, ŠAriŽ ?

Thanks
 
Reply With Quote
 
Doc
Guest
Posts: n/a
 
      04-24-2009
Kompu Kid <(E-Mail Removed)> wrote in news:da2c3ba5-46fc-4b8d-a28f-
http://www.velocityreviews.com/forums/(E-Mail Removed):

> On Apr 22, 9:22*am, John Holmes <(E-Mail Removed)> wrote:
>> Kompu Kid "contributed" in alt.hacker:
>>
>> > (I am not giving the actual URL)

>>
>> Don't expect any help then.
>>
>> --
>> <snip>

>
> I did not want anybody getting infected, that's why I did not give it
> out.


If you're posting a message in a hacker forum with a warning that you
think the site might be compromised, then the people who look at it are
forewarned.

Not posting the URL is stupid. People who can do low-tech stuff like
telnet to the server and download the page for analysis can't do that if
they don't know where it is.

It's like telling someone you think you have an STD, but not going to the
doctor to really find out.



Doc.

--
The bigger the humbug, the better people will like it.
- Phineas Taylor Barnum.
 
Reply With Quote
 
Doc
Guest
Posts: n/a
 
      04-24-2009
Kompu Kid <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

<snip>

> Any recommendations for a news reader for the XP environment? If it
> matters, I use Firefox in addition to chrome.


I still like X-News.

http://download.cnet.com/Xnews/3000-...-10026377.html

Really should download and try the latest version, but the one I have just
works - no attempts to execute code or render pages, so very safe.


Doc.

--
The bigger the humbug, the better people will like it.
- Phineas Taylor Barnum.
 
Reply With Quote
 
John Holmes
Guest
Posts: n/a
 
      04-25-2009
Kompu Kid "contributed" in alt.hacker:

> On Apr 22, 9:22*am, John Holmes <(E-Mail Removed)> wrote:
>> Kompu Kid "contributed" in alt.hacker:
>>
>> > (I am not giving the actual URL)

>>
>> Don't expect any help then.
>>
>> --
>> <snip>

>
> I did not want anybody getting infected, that's why I did not give it
> out.
>
> Deguza


I'll second Doc.

Most of the regulars here know what they're doing. FYI, my system will
not get infected by just browsing to a compromised website.

--
<snip>


 
Reply With Quote
 
~BD~
Guest
Posts: n/a
 
      04-25-2009
John Holmes wrote:

> I'll second Doc.
>
> Most of the regulars here know what they're doing. FYI, my system will
> not get infected by just browsing to a compromised website.
>


Hello John

Please will you explain how/why *your* system will not be so infected
yet other folk may be?

Might it simply be because you aren't using Microsoft Windows?

--
Dave
 
Reply With Quote
 
John Holmes
Guest
Posts: n/a
 
      04-25-2009
~BD~ "contributed" in alt.hacker:

> John Holmes wrote:
>
>> I'll second Doc.
>>
>> Most of the regulars here know what they're doing. FYI, my system will
>> not get infected by just browsing to a compromised website.
>>

>
> Hello John
>
> Please will you explain how/why *your* system will not be so infected
> yet other folk may be?
>
> Might it simply be because you aren't using Microsoft Windows?
>
> --
> Dave
>


As a matter of fact, I'm using WinXP for my daily use. My 5 workstations
and 4 wireless laptops (some XP, some Slackware) are all behind 2 Windows
2008 DC's running ISA server and Forefront. That setup keeps my local
network free of mal/spy-ware, viruses and other nasties. The servers are
really in use as servers, i.e. nobody touches them but me and no websites
are ever visited on them.

I hope my answer satisfied you.

--
<snip>


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
List of free web site design, web site backgrounds, web site layoutsresources cyber XML 1 12-25-2007 11:48 PM
Free web site design, web site backgrounds, web site layoutsresources cyber HTML 0 12-24-2007 04:26 PM
List of free web site design, web site backgrounds, web site layoutsresources cyber HTML 0 12-21-2007 03:47 PM
List of free web site design, web site backgrounds, web site layoutsweb sites cyber HTML 1 12-19-2007 09:07 AM
Create a web site, not default web site mike kim ASP .Net 2 08-19-2003 11:26 PM



Advertisments