Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

adsttnmq1/sdioyslkjs2 attack

Posted on 2009-06-27
7
Medium Priority
?
662 Views
Last Modified: 2013-11-16
Dear All,

Has anyone ever come across this: http://www.esuli.it/index.php/2009/03/24/adsttnmq1sdioyslkjs2-attack/

We use a third party hosting provider to host our clients Web Sites. They run h-Sphere. They're claiming that the code injected into our sites was done by a Virus on one of our machines which harvested FTP details. There's nothing in their logs that shows any of our IP Addresses uploading the malicious scripts. They have admitted it came from an IP Address in China.

It's a shared hosting server and I was able to check other Web Sites on this server, that aren't on our account and in no way associated with us, and they all had the same malicious code on their page HTML source too.

I'm very interested as to whether this is a vulnerable Web Server or an outbreak like Gumblar.

Many thanks,

EE
0
Comment
Question by:Enclave Technologies
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
7 Comments
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24727941
Hello,

This happened to my site a few years back, where my FTP credentials where stolen after my provider had been hacked, and my site had code injected that infected viewers

The hosting company, will not admit fault, no matter what

the site you mentioned  has been mentioned elsewhere

http://www.mikhaela.net/2009/04/google-says-ive-been-hacked-and-theyre.html

http://www.phpfreaks.com/forums/index.php?action=profile;area=showposts;u=81834

Weak FTP passwords have affected h-sphere users no doubt, but it remains a scripted attack, not necessarily directed against your site personally

Just improve passwords for your site, and management and continue business as usual, when this kind of attack occurs, you will receive little or no support from the hosting company

Jfer
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24741572
any advancements?
0
 

Author Comment

by:Enclave Technologies
ID: 24742627
I've had nothing concrete - Everything is pointing towards a flaw in Parellel's hSphere Control Panel, but of course, the hosting company won't accept that! Even the Incident Handler that reported the flaw to one of clients doesn't know any more about it.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 9

Expert Comment

by:jfer0x01
ID: 24755967
yes, it seems like when this kind of event occurs, the hosting company takes a hands off approach to taking responsibility for configuration mistakes.

Also, they wouldn't publicly admit mistakes, because it loses confidence with customers

Jfer  
0
 

Expert Comment

by:andreas_boehmer
ID: 24791220
This seems to be happening a lot these months. I just found the same stuff on my server. It doesn't use hSphere, but CPanel. Seems to be related to a variety of outdated software:

http://forums.whirlpool.net.au/forum-replies.cfm?t=1234330
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24806820
Indeed

Is there anything else I can help you with?

Jfer
0
 
LVL 9

Accepted Solution

by:
jfer0x01 earned 1000 total points
ID: 24891039
Hi,

please award points or close question

Jfer
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question