[BNM] Infected Site
Wayne Douglas
wayne at codingvista.com
Tue Jun 2 17:23:17 BST 2009
is this the same issue that came up a few weeks ago witht he base64 encoded
string being injected into the pages?
On Tue, Jun 2, 2009 at 5:11 PM, Oliver Marshall <
Oliver.Marshall at g2support.com> wrote:
>
> http://blog.unmaskparasites.com/2009/05/07/gumblar-cn-exploit-12-facts-about-this-injected-script/
>
> Does that match what you are seeing ? Just had cause to look in to the same
> for another client.
>
> --
> G2 Support
> Network Support : Online Backups : Server Management
>
> Web: www.g2support.com
> Twitter: g2support
> Newsletter: www.g2support.com/newsletter
>
>
>
> -----Original Message-----
> From: bnmlist-bounces at brightonnewmedia.org [mailto:
> bnmlist-bounces at brightonnewmedia.org] On Behalf Of Alan Braddish
> Sent: 01 June 2009 19:23
> To: 'Brighton New Media'
> Subject: [BNM] Infected Site
>
> I have a client whose web site has become infected with a virus (IFramer or
> something like that). So every time you try to visit a page, AVG pops up a
> warning.
>
> The site is written in ASP, with a MySQL back-end. There is very little
> database usage in the site, and I have checked all the data in the DB and
> nothing nasty seems to have been 'injected'.
>
> However, upon FTP'ing into the site, I can see that 2 days ago, the
> filestamp on all ASP files has been updated - so the file contents must
> have
> been re-written, with the nasty virus code. I have tried to download
> default.asp to open it in Notepad, but AVG won't let me anywhere near it.
>
>
> Any advice on why this might of happened? The site is hosted by...wait for
> it... Farcehosts.
>
> Could their security have been compromised somehow for this to happen? As
> far as I know, the FTP passwords are pretty secure (i.e. complex), unless
> someone has hacked Fasthosts again and robbed all their passwords!
>
> Anyone else on Fasthosts have any similar issues?
>
> Or am I overlooking another route into the site for someone to be able to
> modify all files in the site?
>
> Thanks for any help.
>
> Alan
>
>
>
> --
>
> BNM Subscribe/Unsubscribe:
> http://www.brightonnewmedia.org/options/bnmlist
>
> BNM powered by Wessex Networks:
> http://www.wessexnetworks.com
> --
>
> BNM Subscribe/Unsubscribe:
> http://www.brightonnewmedia.org/options/bnmlist
>
> BNM powered by Wessex Networks:
> http://www.wessexnetworks.com
>
>
--
Cheers,
w://
More information about the BNMlist
mailing list. Powered by Wessex Networks