Malicious code just found on web server

Paul Ferguson fergdawgster at gmail.com
Mon Apr 20 17:52:57 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Apr 20, 2009 at 10:40 AM, Nick Chapman <nicknetworks at gmail.com>
wrote:

> On Mon, Apr 20, 2009 at 12:47 PM, Neil <kngspook at gmail.com> wrote:

>>
>> But if you figure out how they got write access to a static website, I'd
>> love to hear it.
>
>
> Compromised FTP credentials would be my guess.  They can be obtained
> by brute force attacks or credential stealing trojans.
>

Yeah, it could have been any number of ways -- there has also been a huge
increase of SSH brute-force attacks in the past few weeks:

https://isc.sans.org/diary.html?storyid=6214

- - ferg


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFJ7LZrq1pz9mNUZTMRAvjkAJ9FLDn/KsLDrW9uIveQEw23ojaFbQCg7T6C
LZo3kISAfgBAfdbRSgUd878=
=vQAP
-----END PGP SIGNATURE-----


-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/




More information about the NANOG mailing list