Full Disclosure mailing list archives

Re: Files keep appearing

From: "Ademar Gonzalez" <ademar.gonzalez () gmail com>
Date: Fri, 2 Jun 2006 12:09:57 -0400

Hi Stephen .

On 6/2/06, Stephen Johnson <maillists () thelonecoder com> wrote:


 I keep having a phishing website appear on my web server.

 They keep showing up in a Resources folder of one of the sites that I host.
 I have gone through the logs and I am not seeing any connections.  I
deleted the files this morning and this evening they re-appeared — no
connections were made on my server during that period of time.

 Also, there are no cron jobs that I noticed that looked out of the
ordinary.

 I am running MySQL, PHP, Apache2 on a debian linux server.

 Any thoughts?

 --
 Stephen Johnson


Look for an insecure upload form on that website you are hosting, most
probably they are uploading their stuff thought there unless you've
been rooted :-)


Regards.

ademar

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Files keep appearing Stephen Johnson (Jun 01)
- Re: Files keep appearing Adriel T. Desautels (Jun 02)
- Re: Files keep appearing Ademar Gonzalez (Jun 02)
- Re: Files keep appearing Colin Copley (Jun 02)
- <Possible follow-ups>
- Re: Files keep appearing 0x80 (Jun 02)