Solved

adsttnmq1/sdioyslkjs2 attack

Posted on 2009-06-27
7
645 Views
Last Modified: 2013-11-16
Dear All,

Has anyone ever come across this: http://www.esuli.it/index.php/2009/03/24/adsttnmq1sdioyslkjs2-attack/

We use a third party hosting provider to host our clients Web Sites. They run h-Sphere. They're claiming that the code injected into our sites was done by a Virus on one of our machines which harvested FTP details. There's nothing in their logs that shows any of our IP Addresses uploading the malicious scripts. They have admitted it came from an IP Address in China.

It's a shared hosting server and I was able to check other Web Sites on this server, that aren't on our account and in no way associated with us, and they all had the same malicious code on their page HTML source too.

I'm very interested as to whether this is a vulnerable Web Server or an outbreak like Gumblar.

Many thanks,

EE
0
Comment
Question by:Enclave Technologies
  • 5
7 Comments
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24727941
Hello,

This happened to my site a few years back, where my FTP credentials where stolen after my provider had been hacked, and my site had code injected that infected viewers

The hosting company, will not admit fault, no matter what

the site you mentioned  has been mentioned elsewhere

http://www.mikhaela.net/2009/04/google-says-ive-been-hacked-and-theyre.html

http://www.phpfreaks.com/forums/index.php?action=profile;area=showposts;u=81834

Weak FTP passwords have affected h-sphere users no doubt, but it remains a scripted attack, not necessarily directed against your site personally

Just improve passwords for your site, and management and continue business as usual, when this kind of attack occurs, you will receive little or no support from the hosting company

Jfer
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24741572
any advancements?
0
 

Author Comment

by:Enclave Technologies
ID: 24742627
I've had nothing concrete - Everything is pointing towards a flaw in Parellel's hSphere Control Panel, but of course, the hosting company won't accept that! Even the Incident Handler that reported the flaw to one of clients doesn't know any more about it.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 9

Expert Comment

by:jfer0x01
ID: 24755967
yes, it seems like when this kind of event occurs, the hosting company takes a hands off approach to taking responsibility for configuration mistakes.

Also, they wouldn't publicly admit mistakes, because it loses confidence with customers

Jfer  
0
 

Expert Comment

by:andreas_boehmer
ID: 24791220
This seems to be happening a lot these months. I just found the same stuff on my server. It doesn't use hSphere, but CPanel. Seems to be related to a variety of outdated software:

http://forums.whirlpool.net.au/forum-replies.cfm?t=1234330
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24806820
Indeed

Is there anything else I can help you with?

Jfer
0
 
LVL 9

Accepted Solution

by:
jfer0x01 earned 500 total points
ID: 24891039
Hi,

please award points or close question

Jfer
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now