Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Outdated server software - website hacked and defaced.
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Outdated server software - website hacked and defaced. (Read 1586 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33939
malware fighter
Outdated server software - website hacked and defaced.
«
on:
September 09, 2015, 10:45:31 AM »
One of the more than 300 websites defaced by this hacker:
http://killmalware.com/plotzoom.com/#
Re:
http://toolbar.netcraft.com/site_report?url=http://plotzoom.com
Arbitrary code execution exploit on server software:
https://bugzilla.redhat.com/show_bug.cgi?id=717078
->
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fplotzoom.com
Consider:
http://toolbar.netcraft.com/site_report?url=http://185.42.12.15
polonus
«
Last Edit: September 09, 2015, 10:49:44 AM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33939
malware fighter
Re: Outdated server software - website hacked and defaced.
«
Reply #1 on:
September 09, 2015, 11:07:22 AM »
The following is hacked via injected javascript malware:
http://killmalware.com/indiepromoter.com/
Method, read:
http://stackoverflow.com/questions/3391623/decode-some-injected-javascript
As ever missed here:
https://www.virustotal.com/nl/url/6c6b60d74c61ee4b5ed77b71e36ff679c4b242470817d69b4e8c0a99aef64351/analysis/1441789207/
Detected at Sucuri's: ISSUE DETECTED DEFINITION INFECTED URL
Defacement MW:DEFACED:01 -http://www.indiepromoter.com
Defacement MW:DEFACED:01 -http://www.indiepromoter.com/404testpage4525d2fdc
Defacement MW:DEFACED:01 -http://www.indiepromoter.com/404javascript.js
Defacement MW:DEFACED:01 -http://www.indiepromoter.com/404javascript.js
Web site defaced. Details:
http://sucuri.net/malware/entry/MW:DEFACED:01
<title>Hacked By H3X KH4N</title>
*Known javascript malware. Details:
http://sucuri.net/malware/entry/MW:DEFACED:01?v03
document.write(unescape('%3C%68%74%6D%6C%3E%0A%3C%6 etc. DreamHost abuse.
http://toolbar.netcraft.com/site_report?url=http://208.113.128.53
Quttera detects:
index.html
Severity: Malicious
Reason: Detected malicious PHP content
Details: Website Potentially Defaced
index:
Code:
[Select]
[[<title>Hacked By H3X KH4N</title>]]
This looks better:
http://toolbar.netcraft.com/site_report?url=apache2-fritz.goldenstar.dreamhost.com
OpenSSH 5.9p1 Debian 5ubuntu1.6 (Ubuntu Linux; protocol 2.0)
Service Info: Host: goldenstar.dreamhost.com; OS: Linux; CPE: cpe:/o:linux:linux_kernel
Has fastly tracking: -https://www.fastly.com/ ->
http://toolbar.netcraft.com/site_report?url=http://goldenstar.dreamhost.com
polonus
«
Last Edit: September 09, 2015, 11:14:10 AM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Outdated server software - website hacked and defaced.