| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | User manuals | Login |
Warning: Iframe based attacks using stolen FTP access info | ||||
|
|
Thread Tools |
#41
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Quote:
But did they do this right after you posted the login into to the qualiteam's helpdesk? This could be determined by looking at the ftp logs or the time stamp on the files.
__________________
Emerson █ Total Server Solutions LLC- Quality X-Cart Hosting █ Recommended X-Cart Hosting Provider - US and UK servers █ Does your host backup your site? We do EVERY HOUR!!! █ Shared Hosting | Managed Cloud | Dedicated Servers |
|||||||
#42
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
I'm checking into it right now Emerson, it might be that a keylogger was resident on my computer from before.
God help us if the X-cart support helpdesk is comprimised huh? For added security we've stopped all the PC's in the office and are only running the Macs. |
|||||||
#43
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
I dropped a line to Qualiteam to have them look into this as well...
__________________
Padraic Ryan Ryan Design Studio Professional E-Commerce Development |
|||||||
#44
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
No worries from Qualiteam's support help desk.
It seems that these files were modified on our files on October 8 2008. What a disaster this is, depending on the computer that was compromised, they could have done away with some serious information if it was a case of keylogging. |
|||||||
#45
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Hmmm interesting.
Oct 8th seems to be the magic date here as well Oct 1st, 8th and 20th now if this is a keylogger issue where is this common place where this keylogger has infected all these computers from users that frequent here.
__________________
Emerson █ Total Server Solutions LLC- Quality X-Cart Hosting █ Recommended X-Cart Hosting Provider - US and UK servers █ Does your host backup your site? We do EVERY HOUR!!! █ Shared Hosting | Managed Cloud | Dedicated Servers |
|||||||
#46
|
|||||||||
|
|||||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Yes! It started on Oct 8 for my client as well with subsequent logins on the 9th and 10th.
Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002! We support X-cart versions 3.x through 5.x! Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more! Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com Please E-Mail us for questions/support! |
|||||||||
#47
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Have them check up the browser records and let them review what sites were browsed on that date. That's what we're planning to do here on the PC's once the adware and anti spam software are finished from checking the units.
My guess is that if it's a keylogger, then it's from one of those funny video sites that people send around. Our office is an open space so I'm almost 99% sure that it's nothing to do with porn sites but the lads here send back and forth a lot of those "funny accidents" video links so if it's a keylogger, then I'm guessing it's got to be infected through one of those sites. |
|||||||
#48
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Mates,
We found a site that was visited by one of our computers www.tvshack.net which Google is advising that has malicious code in it. We're checking to see if the computer that was used to visit it is infected. Will let you know if it's confirmed. |
|||||||
#49
|
|||||||||
|
|||||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Kaspersky is picking up the virus as Packed.JS.Agent.r and it looks like it was only added to their virus listing today (October 22): http://www.kaspersky.co.uk/viruswatchlite?hour_offset=-11&search_virus=js
|
|||||||||
#50
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Their IP has now changed too.
The most recent one is 71.38.117.19
__________________
Emerson █ Total Server Solutions LLC- Quality X-Cart Hosting █ Recommended X-Cart Hosting Provider - US and UK servers █ Does your host backup your site? We do EVERY HOUR!!! █ Shared Hosting | Managed Cloud | Dedicated Servers |
|||||||
|
|||
X-Cart forums © 2001-2020
|