Re: Re: Malware Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 4/29/2010 1:35 PM, Gary . wrote:
On 4/29/10, Al wrote:
Ross had a good suggest about planted links to external malicious sites. One
of
the sites I worked on a couple of years ago had this happen. They ask me to
look
into it.

There were about 90 htaccess files that redirected the user to a malicious
site
whenever there was an error, 404 etc.

About 400 html files had a javascript appended on the end that sent the
visitor's IP and the file's complete URL to a website in Russia.

About 300 php files had some php code that generated html code had likewise
sent
the visitor's IP and the file's complete URL to a website in Russia.
[snip remainder of horror story]

How do people get their sites into this state? Is it just me, or
wouldn't a regular comparison of MD5s of the site contents with SCM
contents stop most of that kind of thing (after the event, but still,
better that than continue in that state).


You are correct in theory; but, in practice maybe somewhat limited for CMS which have DB contents and raw text files changed almost hourly.

When I departed the site I was working on a couple of years ago, I left a strong recommendation that someone run my FileSniffer program weekly and check out any suspect changes. They didn't and now have the above situation.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux