Re: Malicious code just found on web server

[Paul Ferguson <fergdawgster () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Apr 20, 2009 at 9:47 AM, Neil <kngspook () gmail com> wrote:

> I've run into this sort of attack before, where they change the page to
> load content from elsewhere; but I couldn't figure out how they managed
> to write to the sites' pages.  They were hosted on a commercial webhost,
> and so if it was a compromised host (which seemed like the only
> possibility to me), that didn't speak well for the hosting company.
>
> We were having issues with the company anyways, though; so I took down
> the site, sanitized the pages (and removed a bunch of junk), and put the
> site back up with another company.
>
> But if you figure out how they got write access to a static website, I'd
> love to hear it.

Most likely SQL injection. At any given time, there are hundreds of
thousands of "legitimate" websites out there that are unwittingly harboring
malicious code.

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFJ7KtQq1pz9mNUZTMRAssaAKDYN8gqpZFaYPBOofGTjdtIbCDcSQCglwP0
W1CxTsNRR8vhO28Tq1LDm7M=
=TJbX
-----END PGP SIGNATURE-----



-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/