[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] what is this?
- To: crazy frog crazy frog <i.m.crazy.frog@xxxxxxxxx>
- Subject: Re: [Full-disclosure] what is this?
- From: Gadi Evron <ge@xxxxxxxxxxxx>
- Date: Tue, 15 Jan 2008 11:22:03 -0600 (CST)
On Tue, 15 Jan 2008, crazy frog crazy frog wrote:
> nick,
> ur not getting my point,the url is techicorner.com/{random string
> here},i have already mentioned it in previous posts.
> i have read the link sent by denis,and i would have to conclude that:
> 1)The problem does not occurs always,instead it occurs randomly based
> on IP or something like tht.
In recent kits, it is more likely it is user-agent based.
> 2)if u look at the pages on techicorner.com u will not find any
> malicious code,so its possible that the server is compromised and its
> an LKM
> please refer to these links:
> http://www.webhostingtalk.com/showthread.php?t=651748 [thanks denis]
> Thanks again everyone for your valuable suggestion,i posted here to
> share this stuff with everyone and may be u can learn from it.
> regards,
> _CF
> On Jan 15, 2008 12:15 PM, Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx> wrote:
>> crazy frog crazy frog wrote:
>>> well,
>>> i received many response but no one is perfact.i checked the files and
>>> didn't find anything embeded in my scripts or pages.still i have to
>>> figure out why my antivirus randomly popsup?i mean most of the times
>>> it doesnt detect any infection but then suddenly this thing happnes
>>> and then everything seems ok.
>>> i dont think its a problem with my script otherwise i could have find
>>> the code or it should be repeating consistly.has any one still facing
>>> this issue in the techicorner.com or on tubeley.com or on
>>> secgeeks.com?
>>> let me know i m trying hard to digg this issue.
>> If you would tell us the _actual_ URL where this behaviour is being
>> seen we would have a reasonable chance of actually diagnosing it. As
>> it is, we're having to guess based on matching your half-arsed
>> descriptions of what you think is happening with our knowledge of what
>> has been seen going on out there.
>> This may surprise you, but many thousands and thousands of sites are
>> compromised each day to display "similar" activity to what you've asked
>> to us to diagnose (aka "guess").
>> If we could look at the actual site and see what is really happening
>> should have a better (if not perfect) chance of success.
>> Regards,
>> Nick FitzGerald
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> --
> advertise on secgeeks?
> http://secgeeks.com/Advertising_on_Secgeeks.com
> http://newskicks.com
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/