| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | User manuals | Login |
Warning: Iframe based attacks using stolen FTP access info | ||||
|
|
Thread Tools |
#61
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Yep, that's the same guy. Really need to figure out how this is happening - there HAS to be a data leak somewhere....
__________________
Padraic Ryan Ryan Design Studio Professional E-Commerce Development |
|||||||
#62
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Hi,
I am just getting the ftp log in report so i can see hwat sort of date ect
__________________
X-Cart version 4.1.3 Blank DVD Blank Cd Blank Media Dvd Case http://www.discworlduk.co.uk |
|||||||
#63
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Looks like same ip address on the 8th october 41.232.71.112 eygpt
__________________
X-Cart version 4.1.3 Blank DVD Blank Cd Blank Media Dvd Case http://www.discworlduk.co.uk |
|||||||
#64
|
|||||||||
|
|||||||||
Re: Warning: Iframe based attacks using stolen FTP access info
I had given this command to Emerson yesterday and a couple of other people who have dedicated servers, but this is what we're using to find the "live-counter" information:
Code:
What this command is doing: Find = find /home/*/public_html = the directory. We search all USER directories (*) and the public_html inside of it. -exec = execute grep = find certain words -n = print the file and line number that you find the word on live-counter = the word we're searching for /dev/null {} \; = stuff to make it happen in the background, then output results to your screen. This command is run through SHELL. If you don't have shell, ask your host to run it for you (or a modified version searching your files). Here's another command that one of our users asked about: Code:
the "XXXXXXXX" is the username on the account. What this is doing is finding all "-type f" (FILES) that have been "-mtime" (MODIFIED) in the last "-16" days. Then it runs an "ls -ltra" - which is a listing of the files with the date and time stamp. And then "> output.txt" - output the results to a text file. You will likely get a lot of TEMPLATE files listed on there through the template cache, but beyond that, it may help those looking to locate files that have been modified since October 8th. EDIT: --- RUN an "updatedb" on the command line first. This will update the index on where files are located and prevent the listing of files that are no longer in existance etc.
__________________
Conor Treacy - Big Red SEO - @bigredseo Search Engine Optimization & Internet Marketing - We Bring Your Website Out Of Hiding! If you can't be found on Google, Bing or Yahoo, you pretty much don't exist on the Internet. Omaha SEO Office with National & Local SEO Services Hourly Consulting - great for SEO Disaster Recovery, Audits and DIY Guidance |
|||||||||
#65
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Everyone that this has happened to, have you guys checked your hosts file on your windows computer (Normally at C:\WINDOWS\system32\drivers\etc) to make sure there is no DNS exploit?
|
|||||||
#66
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Hi,
Thanks for that info i am working on it now alos i will check the windows files on my pc. cheers
__________________
X-Cart version 4.1.3 Blank DVD Blank Cd Blank Media Dvd Case http://www.discworlduk.co.uk |
|||||||
#67
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Quote:
Thanks.
__________________
X-Cart Gold 4.1.9 Smart Search (from Altered Cart) DSEFU Pro Product Meta Tags Plus Category Meta Title Control Latest Additions (BCSE) Remember Me login FireTank's Feed Manager Lightbox (BCSE) EWD Hosting |
|||||||
#68
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Yes please I beg of you to elaborate more on that local computer check.
I'll do your laundry mate. |
|||||||
#69
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
hi no sorry i think he meant check your server files on your host
__________________
X-Cart version 4.1.3 Blank DVD Blank Cd Blank Media Dvd Case http://www.discworlduk.co.uk |
|||||||
#70
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Quote:
Navigate to the directory at C:\WINDOWS\system32\drivers\etc In there you will see a file called "hosts". Open it with notepad and make sure that no entries have been made there. A stock, untouched file looks like the one below: Quote:
If you see any entry other then 127.0.0.1 localhost your computer has been compromissed. By editing that file a hacker can make your browser point to an IP that is not actually the IP where that site is hosted. For example. Lets say that yoursite.com is supposed to point to 11.11.11.11 A hacker can edit the hosts files and add the following entry: 22.22.22.22 yoursite.com So when you type yoursite.com in your browser, you will actualkly be visiting the site at 22.22.22.22 and not 11.11.11.11 This can be used to to further collect any logins you try at that site, etc... Scary, huh?
__________________
Emerson █ Total Server Solutions LLC- Quality X-Cart Hosting █ Recommended X-Cart Hosting Provider - US and UK servers █ Does your host backup your site? We do EVERY HOUR!!! █ Shared Hosting | Managed Cloud | Dedicated Servers |
|||||||
|
|||
X-Cart forums © 2001-2020
|