View Single Post
  #21  
Old 10-22-2008, 03:15 PM
  bigredseo's Avatar 
bigredseo bigredseo is offline
 

X-Man
  
Join Date: Oct 2002
Location: Omaha, NE, USA
Posts: 2,364
 

Default Re: Warning: Iframe based attacks using stolen FTP access info

Nothing has been found on our servers at this time. We currently have an iframe scan in process on 67 of our ecommerce servers - so far, no results other than this one incident.

The only thing I can comment on at the moment is that if this was a normal iFrame attack then it could have been caused by a keylogger or something of that nature. There's a mini article on the iframe incidents located here: http://forums.cpanel.net/showthread.php?t=78595

The only other information I can contribute is that in the case of this one user the iframe linked to "live-counter.net" - again something that Emerson had mentioned previously. A scan of our servers for that combination in ANY user files has not shown to be present.

EDIT: I was just informed that the URL I posted goes to a forum that requires you to log in to view the posts. I have a shortened version of the post at our KB posted here: http://billing.handsonwebhosting.com/knowledgebase.php?action=displayarticle&catid=11&i d=220
__________________
Conor Treacy - Big Red SEO - @bigredseo
Search Engine Optimization & Internet Marketing - We Bring Your Website Out Of Hiding!
If you can't be found on Google, Bing or Yahoo, you pretty much don't exist on the Internet.
Omaha SEO Office with National & Local SEO Services
Hourly Consulting - great for SEO Disaster Recovery, Audits and DIY Guidance
Reply With Quote