Re: Warning: Iframe based attacks using stolen FTP access info
Quote:
|
Originally Posted by Emerson
Navigate to the directory at C:\WINDOWS\system32\drivers\etc
In there you will see a file called "hosts".
Open it with notepad and make sure that no entries have been made there.
A stock, untouched file looks like the one below:
If you see any entry other then 127.0.0.1 localhost your computer has been compromissed.
By editing that file a hacker can make your browser point to an IP that is not actually the IP where that site is hosted.
For example. Lets say that yoursite.com is supposed to point to 11.11.11.11
A hacker can edit the hosts files and add the following entry:
22.22.22.22 yoursite.com
So when you type yoursite.com in your browser, you will actualkly be visiting the site at 22.22.22.22 and not 11.11.11.11
This can be used to to further collect any logins you try at that site, etc...
Scary, huh?
|
Emerson, I opened my "hosts" file with notepad and only found this:
127.0.0.1 localhost
I am OK then?
__________________
X-Cart Gold 4.1.9
Smart Search (from Altered Cart)
DSEFU Pro
Product Meta Tags Plus
Category Meta Title Control
Latest Additions (BCSE)
Remember Me login
FireTank's Feed Manager
Lightbox (BCSE)
EWD Hosting
|