Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

> Exabytes server got compromise or?, webmaster or tech expert pls come in

views
     
Mech Warrior 6
post Jul 20 2012, 06:25 PM

Casual
***
Junior Member
343 posts

Joined: May 2012
no doubt..it is malaria...
xDragonZ
post Jul 20 2012, 06:29 PM

On my way
****
Senior Member
539 posts

Joined: Jul 2008
From: Just behide you !

QUOTE(edwardstevens @ Jul 20 2012, 06:13 PM)
is that a windows or linux server?

because i've experience this before on windows server

i'm running IIS with PHP addon and some line meant for ASP script appear on my php script
*
its linux.

Here's another company website (Not under my account but hosted on the same IP) : thundermatch.com.my

http://www.webpagetest.org/result/120720_3Q_C3Q/1/details/
The malware link is : http://kunsjiendevie...ien.eu/57254443.htm'

http://wepawet.iseclab.org/view.php?hash=d...2779747&type=js
The malware link is : http://epi3d.fr /53534443.html

http://urlquery.net/report.php?id=97533
The malware link is : http://epi3d.fr /48874443.html

I really can't figure out what's the problem/root cause.

I think I'll just switch to another host.

This post has been edited by xDragonZ: Jul 20 2012, 06:31 PM
ray871106
post Aug 15 2012, 03:11 PM

New Member
*
Newbie
3 posts

Joined: May 2012


Thank you for posting this! I found that many websites has been infected by this even my html homepage is infected too!
Do you know how RedKit Exploit kit works?
Is it from Server side or caused by the website developer itself?
xDragonZ
post Aug 16 2012, 12:02 AM

On my way
****
Senior Member
539 posts

Joined: Jul 2008
From: Just behide you !

QUOTE(ray871106 @ Aug 15 2012, 03:11 PM)
Thank you for posting this! I found that many websites has been infected by this even my html homepage is infected too!
Do you know how RedKit Exploit kit works?
Is it from Server side or caused by the website developer itself?
*
Its from server side where Exabytes apache module was infected by malware.

FYI : It seems they have fixed this (I not sure about others server is still infected or not) after 1 week of submitting support tickets with them and they keep telling me is from my script (even i put empty html page it also infected) . vmad.gif
and I give up on exabytes ready.

Some more info on that http://www.symantec.com/connect/blogs/exte...serve-malware-0

and http://www.stopthehacker.com/2011/05/23/ap...inject-malware/

This post has been edited by xDragonZ: Aug 16 2012, 12:11 AM
ray871106
post Aug 16 2012, 12:24 AM

New Member
*
Newbie
3 posts

Joined: May 2012


QUOTE(xDragonZ @ Aug 16 2012, 01:02 AM)
Its from server side where Exabytes apache module was infected by malware.

FYI : It seems they have fixed this (I not sure about others server is still infected or not) after 1 week of submitting support tickets with them and they keep telling me is from my script (even i put empty html page it also infected) .  vmad.gif
and I give up on exabytes ready.

Some more info on that http://www.symantec.com/connect/blogs/exte...serve-malware-0

and http://www.stopthehacker.com/2011/05/23/ap...inject-malware/
*
Thank you for your information!

No wonder, my website was infected too.
Submitted the ticket and they said it was caused my script. Then request me to Request a Review from Google Webmaster if I have clean.
I restored clean code three times and the website was still infected, and even just a temporary small HTML page.

I got a reply from an unmaskparasites' expert who wrote about the malware that infected my website.
http://blog.unmaskparasites.com/2012/08/13...ame-injections/
It seemed to work on a server level.

They should admit it that the server was infected!
Haiz, wasted my time to monitor the website whole day. rclxub.gif
Hopefully they can fix it quickly next time!

2 Pages < 1 2
Bump Topic Add ReplyOptions New Topic
 

Change to:
| Lo-Fi Version
0.0176sec    0.43    5 queries    GZIP Disabled
Time is now: 28th January 2021 - 04:18 PM