Malicious code just found on web server
Paul Ferguson
fergdawgster at gmail.com
Mon Apr 20 17:05:34 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, Apr 20, 2009 at 9:47 AM, Neil <kngspook at gmail.com> wrote:
> I've run into this sort of attack before, where they change the page to
> load content from elsewhere; but I couldn't figure out how they managed
> to write to the sites' pages. They were hosted on a commercial webhost,
> and so if it was a compromised host (which seemed like the only
> possibility to me), that didn't speak well for the hosting company.
>
> We were having issues with the company anyways, though; so I took down
> the site, sanitized the pages (and removed a bunch of junk), and put the
> site back up with another company.
>
> But if you figure out how they got write access to a static website, I'd
> love to hear it.
>
Most likely SQL injection. At any given time, there are hundreds of
thousands of "legitimate" websites out there that are unwittingly harboring
malicious code.
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
wj8DBQFJ7KtQq1pz9mNUZTMRAssaAKDYN8gqpZFaYPBOofGTjdtIbCDcSQCglwP0
W1CxTsNRR8vhO28Tq1LDm7M=
=TJbX
-----END PGP SIGNATURE-----
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawgster(at)gmail.com
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the NANOG
mailing list