| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | User manuals | Login |
Warning: Iframe based attacks using stolen FTP access info | ||||
|
|
Thread Tools |
#31
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Guys,
One hour agao I updated our passwords and then had to post them in the X-Cart support desk as well because they are helping me with a support issue. Just right now I started getting a warning for the following when I go to our Admin: INTRUSION: HTTP Malicious Toolkit Variant Activity INTRUDER: localhost(2596) RISK LEVEL: HIGH ATTACKED IP: live-counter.net(86.121.116.243) ATTACKED PORT: http(80) What a coincidence huh? If they are getting access through passwords, how did they have access to the site just now? |
|||||||
#32
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Yup, I just visited your site and my anti-virus is picking it up. You are infected.
Do you have access to the logs on the server? can you look at the time stamp on the files to see when it was last changed?
__________________
Emerson █ Total Server Solutions LLC- Quality X-Cart Hosting █ Recommended X-Cart Hosting Provider - US and UK servers █ Does your host backup your site? We do EVERY HOUR!!! █ Shared Hosting | Managed Cloud | Dedicated Servers |
|||||||
#33
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Wow, that is scary.
__________________
Padraic Ryan Ryan Design Studio Professional E-Commerce Development |
|||||||
#34
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
I don't know, I mean I'm checking the logs now to see what's going on.
Lowlife punks... |
|||||||
#35
|
|||||||||
|
|||||||||
Re: Warning: Iframe based attacks using stolen FTP access info
We have one client so far having this same problem. Does anyone know what virus they are trying to spread so we can help make sure our client's personal computers are clean? We've already cleaned the server from what we can tell but she's worried about her computer as Norton never gave her a warning about a virus.
I'll post any more information if I have it. So far I don't really have much to add to the thread. But I agree with this client it looks like they got in via FTP and not via an X-cart security vulnerability even though they had the last 2 patches left to do which was in the schedule to do when they found this hack. But I found no evidence so far of them utilizing the security issues to get in. They just came directly in via FTP from what we're seeing so far. Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002! We support X-cart versions 3.x through 5.x! Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more! Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com Please E-Mail us for questions/support! |
|||||||||
#36
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
This is what was blocked by Norton for me:
http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2005-042316-2917-99
__________________
Padraic Ryan Ryan Design Studio Professional E-Commerce Development |
|||||||
#37
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Carrie,
most likely is a keylogger that will then send the hackers further access to anything you type on your computer.
__________________
Emerson █ Total Server Solutions LLC- Quality X-Cart Hosting █ Recommended X-Cart Hosting Provider - US and UK servers █ Does your host backup your site? We do EVERY HOUR!!! █ Shared Hosting | Managed Cloud | Dedicated Servers |
|||||||
#38
|
|||||||||
|
|||||||||
Re: Warning: Iframe based attacks using stolen FTP access info
All servers completed the tests here at Hands-on - no servers affected except for the one as listed by the client earlier in this thread.
I have pasted the contents of the file on a testing server and had ScanAlert and SecurityMatrix both run a test on the server - neither were picking up the iFrame insert. I am still waiting on HackerProof and ControlScan to finish their scans on the server.
__________________
Conor Treacy - Big Red SEO - @bigredseo Search Engine Optimization & Internet Marketing - We Bring Your Website Out Of Hiding! If you can't be found on Google, Bing or Yahoo, you pretty much don't exist on the Internet. Omaha SEO Office with National & Local SEO Services Hourly Consulting - great for SEO Disaster Recovery, Audits and DIY Guidance |
|||||||||
#39
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
The wonderful people at my hosting company Finestshops.com were able to locate all the infected files and they also confirmed as Emerson said that it was through FTP access.
Carrie, you may want your client to run Ad-Aware too, that's what we're doing right now on all of our computers... |
|||||||
#40
|
|||||||||
|
|||||||||
Re: Warning: Iframe based attacks using stolen FTP access info
This is really scary.
Has X-cart been notified of this potential breach? Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002! We support X-cart versions 3.x through 5.x! Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more! Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com Please E-Mail us for questions/support! |
|||||||||
|
|||
X-Cart forums © 2001-2020
|