[Dshield] Another web server attack

Ed Truitt ed.truitt at etee2k.net
Thu Nov 17 11:37:42 GMT 2005

Yesterday, the web server that hosts my site got hit - an attack which used the find command to locate directories which were group or world-writable, then added code to any scripts found which, among other things, snagged userid/password pairs and emailed them to Mother Russia.  Main targets were blogging or CMS software (I run both) because they often have weak file permissions.  As/if I find out more I'll post to the list.


-E D Truitt

Sent via my BlackBerry from Cingular Wireless

More information about the list mailing list