|
Re: Warning: Iframe based attacks using stolen FTP access info
Guys,
One hour agao I updated our passwords and then had to post them in the X-Cart support desk as well because they are helping me with a support issue. Just right now I started getting a warning for the following when I go to our Admin: INTRUSION: HTTP Malicious Toolkit Variant Activity INTRUDER: localhost(2596) RISK LEVEL: HIGH ATTACKED IP: live-counter.net(86.121.116.243) ATTACKED PORT: http(80) What a coincidence huh? If they are getting access through passwords, how did they have access to the site just now? |
Re: Warning: Iframe based attacks using stolen FTP access info
Yup, I just visited your site and my anti-virus is picking it up. You are infected.
Do you have access to the logs on the server? can you look at the time stamp on the files to see when it was last changed? |
Re: Warning: Iframe based attacks using stolen FTP access info
Wow, that is scary.
|
Re: Warning: Iframe based attacks using stolen FTP access info
I don't know, I mean I'm checking the logs now to see what's going on.
Lowlife punks... |
Re: Warning: Iframe based attacks using stolen FTP access info
We have one client so far having this same problem. Does anyone know what virus they are trying to spread so we can help make sure our client's personal computers are clean? We've already cleaned the server from what we can tell but she's worried about her computer as Norton never gave her a warning about a virus.
I'll post any more information if I have it. So far I don't really have much to add to the thread. But I agree with this client it looks like they got in via FTP and not via an X-cart security vulnerability even though they had the last 2 patches left to do which was in the schedule to do when they found this hack. But I found no evidence so far of them utilizing the security issues to get in. They just came directly in via FTP from what we're seeing so far. Carrie |
Re: Warning: Iframe based attacks using stolen FTP access info
This is what was blocked by Norton for me:
http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2005-042316-2917-99 |
Re: Warning: Iframe based attacks using stolen FTP access info
Carrie,
most likely is a keylogger that will then send the hackers further access to anything you type on your computer. |
Re: Warning: Iframe based attacks using stolen FTP access info
All servers completed the tests here at Hands-on - no servers affected except for the one as listed by the client earlier in this thread.
I have pasted the contents of the file on a testing server and had ScanAlert and SecurityMatrix both run a test on the server - neither were picking up the iFrame insert. I am still waiting on HackerProof and ControlScan to finish their scans on the server. |
Re: Warning: Iframe based attacks using stolen FTP access info
The wonderful people at my hosting company Finestshops.com were able to locate all the infected files and they also confirmed as Emerson said that it was through FTP access.
Carrie, you may want your client to run Ad-Aware too, that's what we're doing right now on all of our computers... |
Re: Warning: Iframe based attacks using stolen FTP access info
This is really scary.
Has X-cart been notified of this potential breach? Carrie |
| All times are GMT -8. The time now is 10:56 AM. |
Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.