Re: security compromised

From: PhilM (philm_at_nospam.com.am)
Date: 06/06/04

• Next message: Chris Hope: "Re: PHP Classes"
• Previous message: Gama Franco: "Documenting PHP extensions."
• In reply to: Ivo: "security compromised"
• Next in thread: Ivo: "Re: security compromised"
• Reply: Ivo: "Re: security compromised"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Sun, 6 Jun 2004 12:30:36 +0930

"Ivo" <no@thank.you> wrote in message
news:40c07b6d$0$842$a344fe98@news.wanadoo.nl...
> Hi newsgroup,
>
> it appears someone has broken into my site. This morning I found about 20
> files (each called index.htm) suddenly featured this line:
>
> <IFRAME SRC="url-of-bad-site" WIDTH=1 HEIGHT=1></IFRAME>
>
> and their last modified date was set to today between midnight and 1 GMT.
In
> some files, this line was placed directly after the body opening tag, in
> others it was just before </body>. In one file where the whole document is
> written in javascript, they had even escaped their quotes!
>
> The malicious url is www.b00gle.com/fa/?d=get
> I have no access to the raw server logs and my own log script shows no
> strange hits around that time.
> How have they done this? And what can I do about it? I ask here because
the
> site uses PHP a lot but I guess there are more appropriate places to ask.
> Thanks
> Ivo
>
>
did a quick google. you are not the only victim...
Here is tiny url link to google results
http://tinyurl.com/39st6

---

• Next message: Chris Hope: "Re: PHP Classes"
• Previous message: Gama Franco: "Documenting PHP extensions."
• In reply to: Ivo: "security compromised"
• Next in thread: Ivo: "Re: security compromised"
• Reply: Ivo: "Re: security compromised"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: Mirrored or linked sites? ... It appeared that your post was asking how he was using Google. ... Lavasoft is the maker of Ad-aware Ad-Watch, ... Ad-Watch seems to be interfering when you try to open a Reply to a newsgroup ... I still would like to know why, even though I have "microsoft cookies" ... (microsoft.public.windowsupdate) Re: Googles Newsreader Became Wierd Today ... Google cannot seem to read the newsgroup, only my older posts to the ... Andy, can you cite a news machine that is accessible for a yearly fee, ... I've used Google for the past several years, since TIAC died and I lost ... (rec.pyrotechnics) Re: Apple II Google Group ... Michael Black wrote: ... this space has available that the usenet group mirrored on Google does ... have to register to get access. ... Make an announcement in an existing newsgroup, ... (comp.sys.apple2) Re: Killfiling Google Groups (was: ???????? ?????????? ?????????????? ??????????????) ... On 06 May 2007, in the Usenet newsgroup comp.os.linux.misc, in article ... Google is making a lot of enemies, ... I don't yet know how many useful/helpful people are posting from there, ... (comp.os.linux.misc) Re: Googles Newsreader Became Wierd Today ... I just deleted rec.pyrotechnics from my favorites list on Windows XP, ... Google cannot seem to read the newsgroup, only my older posts to the ... I've used Google for the past several years, since TIAC died and I lost ... habbit of confusing Usenet Newsgroups with Google Groups. ... (rec.pyrotechnics)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)