Full Disclosure mailing list archives
Re: Files keep appearing
From: "Ademar Gonzalez" <ademar.gonzalez () gmail com>
Date: Fri, 2 Jun 2006 12:09:57 -0400
Hi Stephen . On 6/2/06, Stephen Johnson <maillists () thelonecoder com> wrote:
I keep having a phishing website appear on my web server. They keep showing up in a Resources folder of one of the sites that I host. I have gone through the logs and I am not seeing any connections. I deleted the files this morning and this evening they re-appeared — no connections were made on my server during that period of time. Also, there are no cron jobs that I noticed that looked out of the ordinary. I am running MySQL, PHP, Apache2 on a debian linux server. Any thoughts? -- Stephen Johnson
Look for an insecure upload form on that website you are hosting, most probably they are uploading their stuff thought there unless you've been rooted :-) Regards. ademar _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Files keep appearing Stephen Johnson (Jun 01)
- Re: Files keep appearing Adriel T. Desautels (Jun 02)
- Re: Files keep appearing Ademar Gonzalez (Jun 02)
- Re: Files keep appearing Colin Copley (Jun 02)
- <Possible follow-ups>
- Re: Files keep appearing 0x80 (Jun 02)