Web site compromised?

Discussion in 'Computer Security' started by Kompu Kid, Apr 22, 2009.

  1. Kompu Kid

    ~BD~ Guest

    Thank you for your response, John

    With every post, I learn more. I had never heard of 'Slackware' before,
    but have now visited http://www.slackware.com/index.html and now know!

    I'm well outside my comfort zone but did look here, too:-
    http://www.petri.co.il/rename-windows-server-2008-domain-controllers.htm

    I also note that "Vulnerabilities in Microsoft ISA Server and Forefront
    Threat Management Gateway (Medium Business Edition) Could Cause Denial
    of Service (961759)" Ref:
    http://www.microsoft.com/technet/security/bulletin/ms09-016.mspx

    With equipment as described you are obviously not a simple hobbyist like
    me. I'm delighted to learn that *you* cannot be infected simply by
    visiting a specific URL like millions of folk in my position. It must
    give you a real sense of superiority! ;)
     
    ~BD~, Apr 25, 2009
    #21
    1. Advertisements

  2. Kompu Kid

    John Holmes Guest

    ~BD~ "contributed" in alt.hacker:
    Would you be surprised that I'm aware of that and my servers have been
    patched and therefore not vurnerable to those attacks?
    It doesn't. There must be thousands of guys (or even girls) around
    knowing more than I do.

    ;-)
     
    John Holmes, Apr 25, 2009
    #22
    1. Advertisements

  3. Kompu Kid

    Todd H. Guest

    As far as you know.

    Proving a negative is very difficult.
     
    Todd H., Apr 25, 2009
    #23
  4. Kompu Kid

    Doc Guest

    (Todd H.) wrote in

    Exactly.

    Hence why I pointed out using an unusual, but old, tool like telnet to
    download page content. It will never execute any content in the page, and
    you have to read the page content and explicitly request copies of
    ancilliary pages. No danger. Relying on any sort of 'malware firewall'
    leaves you open to something zero-day.

    Doc.
     
    Doc, Apr 25, 2009
    #24
  5. Kompu Kid

    ~BD~ Guest

    No, not at all! I'd have been surprised and concerned if you had *not*
    already applied that patch. I used same simply as an example to show you
    that I had investigated (just a little bit!) why you felt so very safe!

    You have, of course, considered that your equipment may have been
    compromised *before* you applied said patch? ;)

    That's good!

    There must be thousands of guys (or even girls) around knowing more than
    I do.

    Oh yes - I'm sure there are!
    (but unfortunately, many of them will be the 'bad guys'!)
     
    ~BD~, Apr 25, 2009
    #25
  6. (Todd H.), my dear, dear friend, there was this time,
    oh, 4/23/2009 6:17 PM or thereabouts, when you let the following
    craziness loose on Usenet:
    I have often heard comments such as this about PHP - yet, aside from the
    ..asp methods, isn't a LAMP or WAMP setup still pretty much ubiquitous,
    using PHP to run the back-ends? I guess what I'm asking - if you're
    scripting the back end to some website, and security is a main concern,
    which language would you recommend?

    Cheers.
     
    Kyle T. Jones, Apr 27, 2009
    #26
  7. Kompu Kid

    ©Ari® Guest

    To which one of you nym-shifters?
     
    ©Ari®, Apr 28, 2009
    #27
  8. Either use a language that is unlikely to be used by crackers,
    or be an expert at the most popular languages in use,
    or higher an expert at the most popular languages in use,
    or pay for all your code from someone you can sue.


    Gandalf Parker
     
    Gandalf Parker, Apr 28, 2009
    #28
  9. Kompu Kid

    ©Ari® Guest

    I'd recommend that a) you get a real education in what you are doing or
    b) hire someone who has one.

    Problem is, you won't know who to hire so get the education.
     
    ©Ari®, Apr 29, 2009
    #29
  10. ©Ari®, my dear, dear friend, there was this time, oh, 4/29/2009 11:19 AM
    or thereabouts, when you let the following craziness loose on Usenet:
    What would you consider a "real" education?

    Cheers.
     
    Kyle T. Jones, Apr 29, 2009
    #30
  11. Kompu Kid

    GEO Me Guest

    Hello,

    I just received today an e-mail with an image from a compromised
    system in Spain that links to a page in Florida, which in turns
    redirects to a chinese web page that contains a PDF and a SWF file.
    Have these two already received a name/warning/descritpion?? I am
    waiting for a reply from ScanTotal.

    I am trying to warn the domain owners in Spain and Florida of their
    problem.

    Thank you.

    Geo
     
    GEO Me, Apr 30, 2009
    #31
  12. Kompu Kid

    1PW Guest

    On 04/29/2009 08:51 PM, "GEO" sent:

    Snip, snip...
    Hello Geo:

    Although you should have originated your own separate thread, please
    reply with an obfuscated but decipherable URL, and it probably will be
    investigated as quickly.

    HTH

    Pete
     
    1PW, Apr 30, 2009
    #32
  13. Kompu Kid

    GEO Me Guest

    Yes, sorry. I guess I was kind of sleepy.
    It looks as if Telus -my actual ISP- is blocking my messages to
    VirusTotal, I'll have to find a way around to submit them, because I
    receive no messages from Telus.

    Geo
     
    GEO Me, Apr 30, 2009
    #33
  14. Kompu Kid

    GEO Me Guest

    Hi Pete,

    I made a long distance call to leave them a message yesterday, as
    they had already closed. The page remains there this morning at ww
    millerconstruction dot com ( hidden I-frame?)


    Thank you.
    George
     
    GEO Me, Apr 30, 2009
    #34
  15. Kompu Kid

    GEO Me Guest

    After I got around Telus:


    Complete scanning result of "flash.swf", processed in VirusTotal at
    04/30/2009

    [ scan result ]
    a-squared 4.0.0.101/20090430 found nothing
    AhnLab-V3 5.0.0.2/20090430 found nothing
    AntiVir 7.9.0.156/20090430 found [SWF/Drop.Small.QH]
    Antiy-AVL 2.0.3.1/20090430 found nothing
    Authentium 5.1.2.4/20090430 found nothing
    Avast 4.8.1335.0/20090429 found nothing
    AVG 8.5.0.327/20090430 found nothing
    BitDefender 7.2/20090430 found nothing
    CAT-QuickHeal 10.00/20090430 found nothing
    ClamAV 0.94.1/20090430 found nothing
    Comodo 1141/20090429 found nothing
    DrWeb 4.44.0.09170/20090430 found nothing
    eSafe 7.0.17.0/20090427 found nothing
    eTrust-Vet 31.6.6484/20090430 found nothing
    F-Prot 4.4.4.56/20090429 found nothing
    F-Secure 8.0.14470.0/20090430 found [Trojan-Downloader:SWF/Swif.C]
    Fortinet 3.117.0.0/20090430 found nothing
    GData 19/20090430 found nothing
    Ikarus T3.1.1.49.0/20090430 found nothing
    K7AntiVirus 7.10.719/20090429 found nothing
    Kaspersky 7.0.0.125/20090430 found nothing
    McAfee 5600/20090429 found nothing
    McAfee+Artemis 5600/20090429 found nothing
    McAfee-GW-Edition 6.7.6/20090430 found [SWF.Drop.Small.QH]
    Microsoft 1.4602/20090430 found [TrojanDownloader:Win32/Swif.gen!A]
    NOD32 4046/20090430 found nothing
    Norman 6.01.05/20090430 found nothing
    nProtect 2009.1.8.0/20090429 found nothing
    Panda 10.0.0.14/20090430 found nothing
    PCTools 4.4.2.0/20090430 found nothing
    Prevx1 3.0/20090430 found nothing
    Rising 21.27.31.00/20090430 found nothing
    Sophos 4.41.0/20090430 found [Troj/SWFExp-J]
    Sunbelt 3.2.1858.2/20090429 found nothing
    Symantec 1.4.4.12/20090430 found [Downloader.Swif.C]
    TheHacker 6.3.4.1.317/20090429 found nothing
    TrendMicro 8.950.0.1092/20090430 found nothing
    VBA32 3.12.10.4/20090430 found nothing
    ViRobot 2009.4.30.1716/20090430 found nothing
    VirusBuster 4.6.5.0/20090429 found nothing


    Complete scanning result of "readme.pdf", processed in VirusTotal at
    04/30/2009



    [ scan result ]
    a-squared 4.0.0.101/20090430 found nothing
    AhnLab-V3 5.0.0.2/20090430 found nothing
    AntiVir 7.9.0.156/20090430 found nothing
    Antiy-AVL 2.0.3.1/20090430 found nothing
    Authentium 5.1.2.4/20090430 found nothing
    Avast 4.8.1335.0/20090429 found [JS:pdfka-FF]
    AVG 8.5.0.327/20090430 found nothing
    BitDefender 7.2/20090430 found nothing
    CAT-QuickHeal 10.00/20090430 found nothing
    ClamAV 0.94.1/20090430 found nothing
    Comodo 1141/20090429 found nothing
    DrWeb 4.44.0.09170/20090430 found nothing
    eSafe 7.0.17.0/20090427 found nothing
    eTrust-Vet 31.6.6484/20090430 found nothing
    F-Prot 4.4.4.56/20090429 found nothing
    F-Secure 8.0.14470.0/20090430 found nothing
    Fortinet 3.117.0.0/20090430 found nothing
    GData 19/20090430 found [JS:pdfka-FF ]
    Ikarus T3.1.1.49.0/20090430 found nothing
    K7AntiVirus 7.10.719/20090429 found nothing
    Kaspersky 7.0.0.125/20090430 found nothing
    McAfee 5600/20090429 found nothing
    McAfee+Artemis 5600/20090429 found nothing
    McAfee-GW-Edition 6.7.6/20090430 found nothing
    Microsoft 1.4602/20090430 found
    [Exploit:Win32/Pdfjsc.gen!A]
    NOD32 4046/20090430 found nothing
    Norman 6.01.05/20090430 found nothing
    nProtect 2009.1.8.0/20090429 found nothing
    Panda 10.0.0.14/20090430 found nothing
    PCTools 4.4.2.0/20090430 found nothing
    Prevx1 3.0/20090430 found nothing
    Rising 21.27.31.00/20090430 found nothing
    Sophos 4.41.0/20090430 found nothing
    Sunbelt 3.2.1858.2/20090429 found [Exploit.PDF-JS.Gen (v)]
    Symantec 1.4.4.12/20090430 found [Trojan.Pidief.D]
    TheHacker 6.3.4.1.317/20090429 found nothing
    TrendMicro 8.950.0.1092/20090430 found nothing
    VBA32 3.12.10.4/20090430 found nothing
    ViRobot 2009.4.30.1716/20090430 found nothing
    VirusBuster 4.6.5.0/20090429 found nothing

    .... Found nothing???

    Thanks.
    George
     
    GEO Me, Apr 30, 2009
    #35
  16. Kompu Kid

    GEO Me Guest

    Hi David,

    Uploaded succesfully. Hopefully I wrote a clear explanation to go
    with the files.

    The files did finally go through my ISP and I got a reply like the
    one I posted early, so the Telus anti-virus did not detect them. They
    weren't detected either by the a-virus from my other e-mail address,
    which has a very good a-virus.

    The IT manager of the web page that was being used as a re-director
    using a hidden Iframe did move quickly and has been moved the page to
    a different host, and the hidden Iframe has been removed.

    Thank you.
    George
     
    GEO Me, May 1, 2009
    #36
  17. Kompu Kid

    ©Ari® Guest

    It's like getting laid, you'll know it when you get some.
     
    ©Ari®, May 3, 2009
    #37
  18. Kompu Kid

    Spin Guest

    Wait...how did you know "Ari" was "Franklin J. Camper"!?? :)
     
    Spin, May 4, 2009
    #38
  19. Kompu Kid

    ©Ari® Guest

    Because I said so.

    lol
     
    ©Ari®, May 9, 2009
    #39
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.