Security Basics mailing list archives
Re: There is a strange get request header in all web pages of my site? I'm worry about Trojan attack!
From: charlie () funkymunkey com
Date: Thu, 08 Sep 2011 09:51:42 +0100
Hi,That's isn't 'a' header, its a whole GET request and response. I'm assuming there is a bit of javascript that appears on every page of your site that makes the browser send this GET request. The best option would be to load up your website in a browser and look through the code or look through the code on the web server and find out where that request is coming from. At least you can be sure that nothing malicious is going on from your website as this request is met by a 404 meaning that the supposed malicious script does not exist.
Charlie Quoting Ali Asghar Toraby Parizy <aliasghar.toraby () gmail com>:
Hi. Today I found that Kasper Anti Virus has blocked my site and says to the clients that this site is affected by a Trojan. At the other hand I usually surf the Internet using Firefox. But today I used IE to open my own site. But IE tells me following warning: This page contains content that will not be delivered using a secure HTTPS connection... I traced my site with Fiddler debugging toll and I found that each time I send a request to the site a get request handler is established to the following URL: "http://carlos.c0m.li/iframe.php?id=v4pfa24nw91yhoszkdmoh413ywv6cp7"; I've searched about "carlos.c0m.li" in the internet and I saw in "Google safe Browsing" something about that host in the following URL: http://google.com/safebrowsing/diagnostic?site=carlos.c0m.li/ Google says that, that host has a maleware. please look at that report and suggest a way to remove this bad thing from my site. I've searched most of my public html directory. but I haven't found any file that makes following http header. I have no idea. How can I find that?----- this is header that fiddler detects for every file that I open in my site:GET /iframe.php?id=v4pfa24nw91yhoszkdmoh413ywv6cp7 HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Connection: Keep-Alive Host: carlos.c0m.li HTTP/1.1 404 Not Found Date: Wed, 07 Sep 2011 18:42:02 GMT Server: Apache/2 Accept-Ranges: bytes Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Content-Length: 233 Keep-Alive: timeout=1, max=100 Connection: Keep-Alive Content-Type: text/html ? ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital CertificateIn this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------This message was sent from the FunkyMunkey mail server (mail.funkymunkey.co.uk) If you have any queries/complaints regarding mail sent from this server please direct them to admin () funkymunkey com
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- There is a strange get request header in all web pages of my site? I'm worry about Trojan attack! Ali Asghar Toraby Parizy (Sep 07)
- Re: There is a strange get request header in all web pages of my site? I'm worry about Trojan attack! charlie (Sep 08)
- Re: There is a strange get request header in all web pages of my site? I'm worry about Trojan attack! Henri Salo (Sep 08)
- RE: There is a strange get request header in all web pages of my site? I'm worry about Trojan attack! Kropotov, Vladimir B. (Sep 09)
- Re: There is a strange get request header in all web pages of my site? I'm worry about Trojan attack! Ali Asghar Toraby Parizy (Sep 09)
- Re: There is a strange get request header in all web pages of my site? I'm worry about Trojan attack! Henri Salo (Sep 09)
- Re: There is a strange get request header in all web pages of my site? I'm worry about Trojan attack! Remo Cornali (Sep 12)
- Re: There is a strange get request header in all web pages of my site? I'm worry about Trojan attack! Henri Salo (Sep 08)
- Re: There is a strange get request header in all web pages of my site? I'm worry about Trojan attack! charlie (Sep 08)
- Re: There is a strange get request header in all web pages of my site? I'm worry about Trojan attack! Henri Salo (Sep 08)
- Re: There is a strange get request header in all web pages of my site? I'm worry about Trojan attack! dishix (Sep 08)
- Re: There is a strange get request header in all web pages of my site? I'm worry about Trojan attack! BugBear (Sep 09)