Full Disclosure mailing list archives

Re: Any idea about that?

From: James Woodcock <spamtrap2 () austarnet com au>
Date: Fri, 10 Sep 2004 14:31:39 +1000

I sent a mesage to abuse@pcpages as soon as I found out. Kudos towww.PCPages.com for removing it so quickly!



> document write

> ("<AHREF='http://banner2.inet-traffic.com/oasisc.php?s=3&w=300&h=60&cb="; +spreeaddatestr + "'>")> document write ("<IMGSRC='http://banner2.inet-traffic.com/oasisi.php?s=3&w=300&h=60&cb="; +spreeaddatestr + "?' WIDTH=468 HEIGHT=60 BORDER=0 ALT='Click Here'></A>")

Actually, on further investigation, I think it's just advertising stuffadded by pcpages. The webpage that www.pcpages.com/imbonga displays isvery basic and extremely sparse. no links to it on google or alltheweb,so maybe imbonga doesn't know that his page has been compromised.


[later]

I didn't know if imbonga knew if his page had been compromised or not,but there was an interesting thing happening when you attempt to go to anon-existant page in his directory.


http://www.pcpages.com/imbonga/nonesuch.html

got

> Warning: stat failed for /usr/local/www/pcpages/imbonga/noschpg.html
> (errno=13 - Permission denied) in /drive2/pcpages/redo-html.php on
> line 19

> Warning: Cannot add header information - headers already sent by
> (output started at /drive2/pcpages/redo-html.php:19) in
> /drive2/pcpages/redo-html.php on line 21

Well, it doesn't anymore, as the whole page is gone now. As are theother pages they were hosting that google said had the same reference to/drive2/pcpages/redo-html.php.

It definitely wasn't the regular 404 for pcpages, so does it look likesomething was up with that?

According to google again, there are another 58 websites that are havingsomething done to them by redo-html.php, all giving errors thatreference an absolute path on the server.


http://www.google.com/search?hl=en&ie=UTF-8&q=%22redo-html.php%22&btnG=Search&meta=

Errr?

http://www.phphub.com/gtk_manual/index.php?p=scn.gtkscintilla.method.redo.html

James

--
And I'll tell you something else - I didn't spend two million years
climbing up the food chain just to become a vegetarian!

Attachment: DangerLiveTrojan.zip
Description:

Current thread:

Any idea about that? Syed Imran Ali (Sep 09)
- Re: Any idea about that? James Woodcock (Sep 09)
- Re: Any idea about that? Harlan Carvey (Sep 10)
- Re: Any idea about that? James Woodcock (Sep 10)
- <Possible follow-ups>
- Re: Any idea about that? Feher Tamas (Sep 10)