Malicious code just found on web server

• Previous message (by thread): Malicious code just found on web server
• Next message (by thread): downloading speed
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Date: Mon, 20 Apr 2009 10:52:57 -0700
> From: Paul Ferguson <fergdawgster at gmail.com>
> 
> On Mon, Apr 20, 2009 at 10:40 AM, Nick Chapman <nicknetworks at gmail.com>
> wrote:
> 
> > On Mon, Apr 20, 2009 at 12:47 PM, Neil <kngspook at gmail.com> wrote:
> 
> >>
> >> But if you figure out how they got write access to a static website, I'd
> >> love to hear it.
> >
> >
> > Compromised FTP credentials would be my guess.  They can be obtained
> > by brute force attacks or credential stealing trojans.
> >
> 
> Yeah, it could have been any number of ways -- there has also been a huge
> increase of SSH brute-force attacks in the past few weeks:
> 
> https://isc.sans.org/diary.html?storyid=6214

And, from several reports (including my own), they (brute force ssh
attacks) seem to have stopped at about 22:30 UTC on the 19th. (Not that
this is really relevant to the thread.)
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net			Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751

• Previous message (by thread): Malicious code just found on web server
• Next message (by thread): downloading speed
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]