Solved

adsttnmq1/sdioyslkjs2 attack

Posted on 2009-06-27
7
653 Views
Last Modified: 2013-11-16
Dear All,

Has anyone ever come across this: http://www.esuli.it/index.php/2009/03/24/adsttnmq1sdioyslkjs2-attack/

We use a third party hosting provider to host our clients Web Sites. They run h-Sphere. They're claiming that the code injected into our sites was done by a Virus on one of our machines which harvested FTP details. There's nothing in their logs that shows any of our IP Addresses uploading the malicious scripts. They have admitted it came from an IP Address in China.

It's a shared hosting server and I was able to check other Web Sites on this server, that aren't on our account and in no way associated with us, and they all had the same malicious code on their page HTML source too.

I'm very interested as to whether this is a vulnerable Web Server or an outbreak like Gumblar.

Many thanks,

EE
0
Comment
Question by:Enclave Technologies
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
7 Comments
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24727941
Hello,

This happened to my site a few years back, where my FTP credentials where stolen after my provider had been hacked, and my site had code injected that infected viewers

The hosting company, will not admit fault, no matter what

the site you mentioned  has been mentioned elsewhere

http://www.mikhaela.net/2009/04/google-says-ive-been-hacked-and-theyre.html

http://www.phpfreaks.com/forums/index.php?action=profile;area=showposts;u=81834

Weak FTP passwords have affected h-sphere users no doubt, but it remains a scripted attack, not necessarily directed against your site personally

Just improve passwords for your site, and management and continue business as usual, when this kind of attack occurs, you will receive little or no support from the hosting company

Jfer
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24741572
any advancements?
0
 

Author Comment

by:Enclave Technologies
ID: 24742627
I've had nothing concrete - Everything is pointing towards a flaw in Parellel's hSphere Control Panel, but of course, the hosting company won't accept that! Even the Incident Handler that reported the flaw to one of clients doesn't know any more about it.
0
Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

 
LVL 9

Expert Comment

by:jfer0x01
ID: 24755967
yes, it seems like when this kind of event occurs, the hosting company takes a hands off approach to taking responsibility for configuration mistakes.

Also, they wouldn't publicly admit mistakes, because it loses confidence with customers

Jfer  
0
 

Expert Comment

by:andreas_boehmer
ID: 24791220
This seems to be happening a lot these months. I just found the same stuff on my server. It doesn't use hSphere, but CPanel. Seems to be related to a variety of outdated software:

http://forums.whirlpool.net.au/forum-replies.cfm?t=1234330
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24806820
Indeed

Is there anything else I can help you with?

Jfer
0
 
LVL 9

Accepted Solution

by:
jfer0x01 earned 500 total points
ID: 24891039
Hi,

please award points or close question

Jfer
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question