[Dshield] Another web server attack

Ed Truitt ed.truitt at etee2k.net
Thu Nov 17 11:37:42 GMT 2005


Yesterday, the web server that hosts my site got hit - an attack which used the find command to locate directories which were group or world-writable, then added code to any scripts found which, among other things, snagged userid/password pairs and emailed them to Mother Russia.  Main targets were blogging or CMS software (I run both) because they often have weak file permissions.  As/if I find out more I'll post to the list.

-EdTr
http://www.etee2k.net

Cheers,
-E D Truitt

Sent via my BlackBerry from Cingular Wireless


More information about the list mailing list