« previous next »
Pages: [1]   Go Down

Author Topic: Looking for hacks and malware on dedicated host...  (Read 870 times)

0 Members and 1 Guest are viewing this topic.

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33903
  • malware fighter
Looking for hacks and malware on dedicated host...
« on: May 16, 2018, 10:21:03 PM »
IDS alert because su-domain.

Where: https://toolbar.netcraft.com/site_report?url=http://ps1.su
For what: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=ps1.su%2Findex.php&ref_sel=GSP2&ua_sel=ff&fs=1
Not safe connection - htxp://ps1.su.w3snoop.com/  On IP: https://www.malwareurl.com/ip_listing.php?ASN=AS12876
Also found here: http://www.the-haleys.com/chaley/ssh_dico_attack_hdeny_format.php/hostsdeny.txt
and also listed here: https://github.com/firehol/blocklist-ipsets/blob/master/haley_ssh.ipset
Webserver extensive server info proliferation: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
File reb.js  -> https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=ps1.su%2Freb.js&ref_sel=GSP2&ua_sel=ff&fs=1

Brute Force Word Press abuse, -ps1.su/code/js/labels.120js could not be found. Status: fail: https://retire.insecurity.today/#!/scan/df4d0ee43fe57c371fe9ccb1809c098d4ccae43acfdc2923e234981c80d75e82

See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fps1.su

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »