Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

> Exabytes server got compromise or?, webmaster or tech expert pls come in

views
     
wodenus
post Jul 19 2012, 07:37 PM

Tree Octopus
********
All Stars
14,990 posts

Joined: Jan 2003
QUOTE(gs20 @ Jul 19 2012, 07:23 PM)
No I don't get it from what you posted.

One of my client site previously was infected with malware as well (as reported by Google Chrome when you try to access the site).

I found out a code was padded at the end of the index file as well as all .js file. I replaced those files & the malware keep coming back after awhile.

I then change the ftp password & update those files again. The malware no longer come back.

So I conclude it's a FTP password leak.
*
I found out how too.. there are some trojaned FTP clients out there. FTP passwords are sent in cleartext, if your PC is compromised it's easy to pick out the password, especially since FTP is not a protocol used for anything else.

If you've ever sat in a wi-fi enabled cafe snooping on traffic, you can easily see how someone can get the FTP password that way smile.gif

This post has been edited by wodenus: Jul 19 2012, 07:37 PM
wodenus
post Jul 19 2012, 07:58 PM

Tree Octopus
********
All Stars
14,990 posts

Joined: Jan 2003
QUOTE(matiko95 @ Jul 19 2012, 07:47 PM)
browser hijacker, i think it hijack ur ftp password since it broadcast in plain text..

and that exploit are like sniffing hole to open backdoor communication to spyware monitoring program... trace the virus trace the programmer..
*
If you use a trojaned FTP client it will likely send the password directly to the hacker lol smile.gif

wodenus
post Jul 19 2012, 08:34 PM

Tree Octopus
********
All Stars
14,990 posts

Joined: Jan 2003
QUOTE(gs20 @ Jul 19 2012, 08:02 PM)
I don't think it's a trojaned FTP client but more like a trojan that read saved password from the popular FTP client.
*
That's possible too. The solution would be to never save your password smile.gif


Bump Topic Add ReplyOptions New Topic
 

Change to:
| Lo-Fi Version
0.0183sec    0.31    6 queries    GZIP Disabled
Time is now: 19th January 2021 - 06:57 AM