Malicious code just found on web server
mike at rockynet.com
Mon Apr 20 12:23:25 CDT 2009
Paul Ferguson wrote:
> Most likely SQL injection. At any given time, there are hundreds of
> thousands of "legitimate" websites out there that are unwittingly harboring
> malicious code.
into the DB itself so all query results include it. However, I'm not
sure how easy it is to leverage to get system access - we've seen a
number of compromised customer machines and there didn't appear to be
any further compromise of them beyond the obvious. In the OP's case it
sounds like static HTML files were altered. My bet is that an ftp or ssh
account was brute forced.
More information about the NANOG