Full Disclosure mailing list archives
Re: Botnet using Plesk vulnerability and takedown
From: kai <kai () rhynn net>
Date: Mon, 10 Jun 2013 02:19:31 +0700
my action supposed to be a counter-measure agains bad guys who could register that domain and host some bad code there. you know that kind of social engineering, right?
- post some fake or real advisory on popular security forum/maillist - give a link to the "patch" - ???? - get a lot of rootsi think it will be better to have that link offline - some guys will blindly run your code, then they will find out that it doesn't work and they will get enlightened by reading the code and realizing that they must change the link themselves.
On Sat, 08 Jun 2013 23:50:15 +0700, <jtagtgc () tormail org> wrote:
We put that domain in as example, obviously we not disclose our real domain. On that domain is the clean.pl script, obvious enough. Also, thanks to person who register domain, you now have badass domain name. Perhaps host the clean.pl as final_solution.txt in webroot?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Botnet using Plesk vulnerability and takedown jtagtgc (Jun 06)
- Re: Botnet using Plesk vulnerability and takedown kai (Jun 08)
- Re: Botnet using Plesk vulnerability and takedown Gichuki John Chuksjonia (Jun 08)
- Re: Botnet using Plesk vulnerability and takedown jtagtgc (Jun 08)
- Re: Botnet using Plesk vulnerability and takedown kai (Jun 09)
- Re: Botnet using Plesk vulnerability and takedown Gichuki John Chuksjonia (Jun 08)
- Re: Botnet using Plesk vulnerability and takedown kai (Jun 08)
- <Possible follow-ups>
- Re: Botnet using Plesk vulnerability and takedown dumMY's (Jun 11)