Malicious code just found on web server
Paul Ferguson
fergdawgster at gmail.com
Mon Apr 20 17:52:57 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, Apr 20, 2009 at 10:40 AM, Nick Chapman <nicknetworks at gmail.com>
wrote:
> On Mon, Apr 20, 2009 at 12:47 PM, Neil <kngspook at gmail.com> wrote:
>>
>> But if you figure out how they got write access to a static website, I'd
>> love to hear it.
>
>
> Compromised FTP credentials would be my guess. They can be obtained
> by brute force attacks or credential stealing trojans.
>
Yeah, it could have been any number of ways -- there has also been a huge
increase of SSH brute-force attacks in the past few weeks:
https://isc.sans.org/diary.html?storyid=6214
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
wj8DBQFJ7LZrq1pz9mNUZTMRAvjkAJ9FLDn/KsLDrW9uIveQEw23ojaFbQCg7T6C
LZo3kISAfgBAfdbRSgUd878=
=vQAP
-----END PGP SIGNATURE-----
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawgster(at)gmail.com
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the NANOG
mailing list