[Dshield] Another web server attack
ed.truitt at etee2k.net
Thu Nov 17 11:37:42 GMT 2005
Yesterday, the web server that hosts my site got hit - an attack which used the find command to locate directories which were group or world-writable, then added code to any scripts found which, among other things, snagged userid/password pairs and emailed them to Mother Russia. Main targets were blogging or CMS software (I run both) because they often have weak file permissions. As/if I find out more I'll post to the list.
-E D Truitt
Sent via my BlackBerry from Cingular Wireless
More information about the list