[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Malicious code just found on web server
- Subject: Malicious code just found on web server
- From: fergdawgster at gmail.com (Paul Ferguson)
- Date: Mon, 20 Apr 2009 10:05:34 -0700
- In-reply-to: <[email protected]>
- References: <B4C14CA371FEA842A548BAAB8E49CA6201758B5C16BD@badlands.win.internal> <[email protected]>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, Apr 20, 2009 at 9:47 AM, Neil <kngspook at gmail.com> wrote:
> I've run into this sort of attack before, where they change the page to
> load content from elsewhere; but I couldn't figure out how they managed
> to write to the sites' pages. They were hosted on a commercial webhost,
> and so if it was a compromised host (which seemed like the only
> possibility to me), that didn't speak well for the hosting company.
>
> We were having issues with the company anyways, though; so I took down
> the site, sanitized the pages (and removed a bunch of junk), and put the
> site back up with another company.
>
> But if you figure out how they got write access to a static website, I'd
> love to hear it.
>
Most likely SQL injection. At any given time, there are hundreds of
thousands of "legitimate" websites out there that are unwittingly harboring
malicious code.
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
wj8DBQFJ7KtQq1pz9mNUZTMRAssaAKDYN8gqpZFaYPBOofGTjdtIbCDcSQCglwP0
W1CxTsNRR8vhO28Tq1LDm7M=
=TJbX
-----END PGP SIGNATURE-----
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawgster(at)gmail.com
ferg's tech blog: http://fergdawg.blogspot.com/